skip navigation

More signal. Less noise.

Daily briefing.

The "stoner(s)" who went after US DCI Brennan's personal email account (and some others), and call themselves "Cracka[s] with Attitude," cloak themselves with more pro-Palestinian slacktivism. This move seems as much a mark of hubris (or dawning defensiveness) as commitment. In any case they say they've got more documents to release. Opinion about those released so far remains mixed: some data dumped strike observers as real, some as bogus, some as undetermined. But the FBI is investigating, and things seem unlikely to end well for the Cracka. In the meantime we receive a vivid object lesson in the risks associated with third-party social engineering.

The Neutrino exploit kit infests thousands of Magneto-created websites, threatening databases via Flash exploitation.

British online retailers sustain a distributed denial-of-service campaign. The attackers are seeking to extort ransom, payable in Bitcoin, from their victims.

Researchers find signs that the taken-down Dridex botnet may be reforming. Fox-IT draws a lesson about attribution: it's valuable because criminals behind botnets and exploit kits are often connected, and so rolling up the right gangs can solve multiple problems.

Oracle issues its critical patches for October.

Marsh LLC notes a surge in cyber insurance, and a study by Zurich and Advisen concludes that IT departments continue to dominate cyber risk management. These findings suggest that actuarial data gaps and problems in risk communication persist. A new company, PivotPoint, tells MarketWatch it addresses both issues.

In other industry news, Cytegic and illusive networks [sic] both announce new funding. Raytheon buys Foreground.

Notes.

Today's issue includes events affecting China, European Union, Palestine, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Hacker Threatens to Release More Info from CIA Director (Sputnik News) The person taking responsibility for the hack of CIA and Department of Homeland Security directors' accounts, who claims to be an American teenager, has asserted that there are six people in his hacking group and they may release more information, obtained from hacks

'Teen stoner' who says he hacked CIA head's email quite pleased with himself (Naked Security) On the one hand, CWA ("Crackas With Attitude"), may have been a duo of pot-smoking, pro-Palestine 13-year-olds who socially engineered Verizon and got it to reset CIA Director John Brennan's AOL address

'Stoner' hacker dumps personal data of CIA, DHS chiefs (Fedscoop) Hacker says he hijacked the CIA head's personal email and the DHS secretary's Internet account

Don't Be Shocked the CIA Head Was Hacked (DefenseOne) How can a random teenager break into the CIA director's private email? The problem isn't technical

Former intel chair: China will use hacked info to target Americans (Washington Examiner) China is eventually going to use the information it has stolen by hacking to target America's intelligence community, a former House Intelligence Committee chairman said on Monday

Malware campaign infects more than 8,000 Magento-created websites, threatens databases (FierceITSecurity) Attackers loading the Neutrino exploit kit that targets Adobe Flash vulnerability

UK e-tailers hit by suspected DDoS barrage (CRN) Aria Technology puts up £15,000 bounty to catch Bitcoin attackers

Just how many websites are vulnerable because of SHA–1? (ZDNet) Naughty certificate authorities are breaching agreed timelines for phasing out digital certificates signed with the insecure SHA-1 hashing algorithm

Multi-stage exploit installing trojan (We Live Security) ESET researchers receive and analyze thousands of new malware samples every day. Earlier this year, one of them caught our attention because it was not an ordinary executable file, but a preference file used by a specific program. Further analysis quickly revealed the file actually is malicious and exploited a vulnerability in the software in order to execute code while it is parsed

Unpacking Fraudulent "Fax": Dyreza Malware from Spam (Malwarebytes) This post describes the process of unpacking a malware delivered in a spam campaign. The described sample has been delivered on 1 October 2015 at 17:33 CEST

The Dridex botnet ain't done yet, say researchers (Graham Cluley) LadybugSecurity researchers are finding signs that a botnet responsible for infecting computers with the banking malware Dridex might still be functioning despite a recent international takedown

Fox-IT's Driehuis on Why Attribution Matters (BankInfoSecurity) Criminals behind Dridex, other malware are often connected

'No Excuses' As Western Digital Leaves Gaping Crypto Flaws In Hard Drives (Forbes) Some serious cryptographers have bloodied foreheads today

SAP Afaria Security: Stored XSS vulnerability — detailed review (ERPScan) Today we will talk about SAP Afaria Security. We will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways using Stored XSS vulnerability

Islander website back online after cyber attack (Mount Desert Islander) The websites of the Mount Desert Islander and its sister paper, The Ellsworth American, were offline overnight Thursday, Oct. 15, due to a cyber attack

20 of the worst passwords (CSO) Do you actually want people to break into your systems? Or do you just not care one way or the other? If so, here is a list of the most-used passwords of 2014, for your easy reference. This list is taken from SplashData's Annual "Worst Passwords" List

Security Patches, Mitigations, and Software Updates

Oracle Critical Patch Update Advisory — October 2015 (Oracle) A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities

Google, Yahoo tighten spam filtering (IDG via CSO) The DMARC system is used to block spoofed emails

1Password to improve its security, after online criticism (Hot for Security) First things first, if you were one of the many users of the popular 1Password password manager ? your passwords were never at risk of falling into the wrong hands

Cyber Trends

When it comes to announcing a breach, a spoonful of sugar helps (FierceITSecurity) An oft-heard phrase at security conferences is that there are two types of companies — those who have been breached and those who don't know they've been breached

Data breaches are out of control — act now or get fired! (SC Magazine) Norman Shaw looks at the latest data breaches, their causes, what the Safe Harbour ruling could mean for data protection and what you should be doing now to protect your company and yourself

Cyber Attacks On Physical Systems Call For A Blended Security Approach (SourceSecurity) Security experts of various disciplines agree that physical systems are increasingly being leveraged in attacks on organizational networks and supply chains

NSA chief: This is what keeps me up at night (Business Insider) Admiral Michael Rogers, director of the National Security Agency and US cyber commander, doesn't think that the United States will ever have a digital equivalent of Pearl Harbor

Cyber Is By Definition Inherently Destabilizing (Forbes) Military people talk about five domains of warfare

Cybersecurity's new approach to attacks is contain and adapt (Washington Examiner) With the news this week that a network of state-affiliated Chinese hackers continues to pursue a strategy of targeted cyberattacks on U.S. companies and the personal email of the CIA Director was recently compromised, there is a growing realization among some security professionals that it's become pointless to try to stop all breaches

Consumers increasingly adopting personal security measures (Help Net Security) With the increase of personal data being stored on mobile devices, a new survey showed that 61 percent of wireless consumers use PINs/passwords, up 20 percent from the survey conducted in 2012

Freedom or security? Most users have chosen (InfoWorld) Think about it: App stores are highly restrictive, and now both mobile and desktop OSes employ stores to bar bad apps

Cyber-Thieves Target College Campuses (CIO Insight) Educational institutions trail other industries when it comes to protecting their networks?and cyber-thieves are taking copious notes on their lax security

Marketplace

Interest in stand-alone cyber insurance surges (Business Insurance) The number of U.S.-based Marsh L.L.C. clients purchasing stand-alone cyber insurance increased 32% for the first half of 2015 compared with the first half of 2014, while renewal rates were in the double digits, the brokerage said in a report issued Tuesday

Cyber Security Insurance: Do You Need It? (Obrella) Data breaches are all over the news. From Target to Blue Cross Blue Shield, high profile companies and institutions have been hacked — putting millions of customers' personal information at risk

IT departments still dominate cyber risk management (Business Insurance) While a majority of firms are purchasing cyber insurance, risk management departments run a distant second behind information technology departments in being primarily responsible for spearheading companies? information security risk management efforts, says a survey of risk managers by Zurich Insurance Group Ltd. and Advisen Ltd. released Tuesday

Company forms to quantify cyber risk (Business Insurance) PivotPoint Risk Analytics on Tuesday announced its launch and the rollout of a tool that quantifies cyber risk

Infosec pros should start preparing for the future, say experts (ComputerWeekly) Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts

Raytheon acquires cyber firm Foreground Security (C4ISR & Networks) Raytheon has acquired cybersecurity firm Foreground Security, a provider of security operations centers and managed security service solutions

SolarWinds Gets Acquired By Silver Lake and Thoma (FBRFlash) This morning, Solarwinds announced it has been acquired by private equity firms Silver Lake Partners (been a busy few weeks with Dell, now SWI) and Thoma Bravo for $60.10 per share in a $4.5 billion deal

EMC Delivers Mixed September Results; Dell Deal and VMware Share Weakness the Sole Focus of the Street (FBRFlash) This morning, October 21, EMC reported mixed 3Q15 (September) results, delivering in-line revenue of $6.08B (up 1% YOY, 5% on a constant currency basis) but missing the Street?s EPS estimate by a penny, coming in at $0.43

The Bad News Keeps Coming; Softer Outlook Speaks to Dark Days Ahead (FBRFlash) We surmise the last week/10 days for VMware shareholders feels like A Nightmare on Elm Street scenario as the combination of the Dell/EMC deal structure, tracking stock overhang and supply issues, and lingering disruption in the field have put major pressure on VMW shares

illusive networks Raises $22Mn to Fund Cyber Deception Technology (Infosecurity Magazine) illusive networks has announced a $22 million Series B round of funding, led by new investor New Enterprise Associates (NEA)

Cytegic Secures $3 Million in Second Angel Financing Round (Cytegic) Cytegic, a provider of cybersecurity risk management solutions, today announced it has completed its second round of angel funding, securing an additional $3 million from a prominent set of angel investors, bringing total funding in the company to $6 million

Cytegic Opens U.S. Headquarters, Taps Josh Morris as VP, North American Sales (Cytegic) Cytegic, a provider of cybersecurity risk management solutions, today announced its expansion in North America with the opening of its U.S. headquarters in Hackensack, New Jersey

iSight banking off boom in cyber security market (Dallas Business Journal via Upstart Business Journal) Standing at just about 6 feet tall and sporting a bright blue Hawaiian shirt and cowboy boots, John Watters doesn't resemble the stone-faced image often associated with high-tech security

Products, Services, and Solutions

Companies can now estimate the cost of a data breach (Wall Street Journal) A new company is launching a product that puts a dollar value on cyber risk

Synack Pairs Dynamic Human Intelligence With Innovative Exploitation Intelligence Platform, Securing Perimeter Against Breaches (Marketwired) Synack launches Hydra — built to integrate directly with the Synack Red Team, industry-first platform provides actionable, continuous exploitation intelligence to the enterprise

Lastline Debuts New Product to Protect Enterprise from Advanced Malware (Dark Reading) Lastline Detonator leverages existing deployments, such as Tripwire and Bit9 + Carbon Black, to make advanced malware protection as easy as "flipping a switch"

Druva Mobile Forensics for Android Looks to Make Mobile Data Collection Easier (Legaltech News) The new offering comes in response to an increase in the number of mobile devices and the bring-your-own-device (BYOD) trend

Tanium Receives JPMorgan Chase Hall of Innovation Award for Revolutionary Approach to Security and IT Management (BusinessWire) Tanium, the company that has redefined security and systems management, today announced that JPMorgan Chase & Co. (NYSE: JPM) has inducted Tanium into its Hall of Innovation for Tanium's endpoint security and management platform

Farsight Security Unveils World's First Real–Time Passive DNS Database Security Analysts Can Now Get Real-Time Observations of the Changing Global DNS (Dark Reading) In a significant breakthrough in the fight against cybercrime, Farsight Security, Inc. announced today that its flagship product, DNSDB™, the world's largest database of Passive DNS information including domain, IP addresses and name server records, now provides real-time observations of the world's changing global DNS

Gemalto Delivers IoT Smart Data to Emergency Responders throughout the U.S. (CSO Australia) Gemalto, the world leader in digital security is delivering actionable, up-to-the minute data to first responders in the field

Accelerating its Move into HIPAA Hosting, Infinitely Virtual Unveils Full-Disk Encryption (IT News Online) In preparation for its Q1 2016 rollout of a series of HIPAA hosting plans, cloud hosting provider Infinitely Virtual today announced a Full Disk Encryption (FDE) option. The FDE feature will be available for $9.99 for each virtual machine, in all HIPAA hosting plans

Comodo's new silver lining: Acronis Backup Cloud MSP protection (ITWire) Cybersecurity solutions firm Comodo has improved data protection while helping MSPs accelerate transition to the cloud by making Acronis Backup Cloud available

AVAST Announces Security App for Windows 10 Mobile (Softpedia) Windows 10 Mobile is expected to debut in approximately a month and a half, and not only Microsoft and its users are very keen to see it on the market, but also software developers who this time seem to notice the opportunity to capitalize on the growing interest in the platform a lot sooner

Fortinet Elevates High-Performance Cybersecurity to the Access Layer (MarketWatch) Fortinet's new secure access architecture framework delivers advanced security to wireless and wired network infrastructures while segmenting devices and the network

Technologies, Techniques, and Standards

Attack aftermath (FierceGovernmentIT) What investigators do after a cyber incident, and the challenges in responding to an attack

Data Breaches, Media Relations, and the Bottom Line (JDSupra) Data breaches are crisis moments that business must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers

When Selfies Are a Tool of Intelligence (Foreign Policy) From commercial satellite photos to Facebook posts, tracking Russia?s military intervention in Syria has never been easier for the world's amateur and professional spies

Why everyone should care about two-factor authentication (Help Net Security) In the age of BYOD, corporate employees and consumers alike have access to incredible computing power in the palms of their hands

Introduction to Web fraud detection systems (TechTarget) Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce

Four Mistakes to Avoid When Hiring Your Next Security Chief (Wall Street Journal) Recruiting a top-notch chief information security officer is often a company?s most important hire. If that seems like hyperbole, just ask the boards of directors of The Home Depot, Sony Pictures, Target Corp., or any other organization whose corporate data was breached recently

Security Hygiene: Protecting Your Evolving Digital Life (Tripwire: the State of Security) This week marks Week 4 in National Cyber Security Awareness Month (NCSAM), a program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives, and it targets entities in both the public and private sectors with its message

Design and Innovation

New Android Marshmallow devices must have default encryption, Google says (Naked Security) If you've ever wondered how device manufacturers like Samsung or LG know how to build their Android smartphones to support new versions of the OS, here's your answer: an obscure document called the Android Compatibility Definition

Research and Development

MIT Sloan cybersecurity consortium (IC)3 receives $3.5 million from U.S. Dept. of Energy (PRNewswire) Today's enterprise cybersecurity defenses are like a bank vault with six-inch-thick steel doors and plywood walls — heavily fortified and terribly vulnerable at the same time

Defense Science Board recommends vigilance against insider threats (FierceGovernmentIT) The Defense Science Board recommends that the Defense Department continuously monitor cleared personnel to avoid "strategic surprise"

Legislation, Policy, and Regulation

EU net neutrality laws a threat to UK Open Internet Code, says BSG (ComputerWeekly) The Broadband Stakeholder Group?s Richard Hooper says that the EU?s Connected Continent Regulation could damage the UK's Open Internet Code

Despite accord, obstacles remain to stopping Chinese attacks against US firms (FierceITSecurity) With much fanfare, President Barack Obama and Chinese President Xi Jinping last month signed a cybersecurity cooperation agreement designed to stop Chinese hackers from executing cyberattacks intended to steal intellectual property and trade secrets from U.S. firms

Senate to consider controversial cyber security bill (Reuters via Business Insurance) The U.S. Senate is expected to begin considering as soon as Tuesday a long-delayed bill that would make it easier for corporations to share information about cyber attacks with each other or the government without concern about lawsuits

Army Cyber Command readies cyber units for the battlefield (SC Magazine) U.S. soldiers may not charge into battle as they type away on their laptops attempting to fend off enemy cyberattacks any time too soon, but the U.S. Army Cyber Command is actively working on the role these troops will someday play on the battlefield

Litigation, Investigation, and Law Enforcement

Facebook EU Privacy Suit May Move Forward Following Safe Harbor Ruling (Legaltech News) Contingent on a EUCJ decision that invalidated the Safe Harbor agreement, Max Schrems' class action lawsuit again Facebook may get its day in court

Irish court orders investigation of Facebook data transfers to U.S. (Reuters via Business Insurance) Ireland's High Court on Tuesday ordered an investigation into Facebook Inc.'s transfer of European Union users' data to the United States to make sure personal privacy was properly protected

The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik's Cube (Microsoft on the Issues) When people who care about technology look back at the year 2015, they will remember October as the month when the EU-U.S. Safe Harbor collapsed

Apple tells U.S. judge 'impossible' to unlock new iPhones (Reuters) Apple Inc (AAPL.O) told a U.S. judge that accessing data stored on a locked iPhone would be "impossible" with devices using its latest operating system, but the company has the "technical ability" to help law enforcement unlock older phones

Corrupt ex-DEA agent Carl Force gets 6 years for extorting Silk Road (Naked Security) A former federal agent who lined his pockets with bitcoins extorted from the black market site Silk Road has been sentenced to 78 months — more than 6 years — in prison

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

University of Phoenix® Technology Conference (Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...

Upcoming Events

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on...

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...

Cyber Liability Summit (New York, New York, USA, October 21, 2015) Attendees of the CLM Cyber Liability Summit will come away with a full understanding of the risks, exposures, development of claim activity and trends in the areas specific to Data and Network Security,...

Münchner Cyber Dialog (München, Bayern, Germany, October 21, 2015) Die Konferenz stellt eine Dialogplattform zwischen Politik, Wirtschaft, Wissenschaft und Verwaltung dar, um die gesamtgesellschaftlichen Chancen und Risiken des Digitalisierungsprozesses zu erörtern.

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The...

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic...

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The FedCyber.com Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.