skip navigation

More signal. Less noise.

Daily briefing.

Wikileaks gets sour reviews for doxxing DCI Brennan's family. "Crackas with Attitude" are still at large, for now, but might profit from the example of the Long Island teens who hacked their high school to goose their grades: they're looking at jail time.

Vulnerabilities are found in the Network Time Protocol and receive quick fixes.

Malvertising exhibits growing plausibility and sophistication. Of particular concern are signs that it's evolved clickless infection capabilities.

Magneto says that sites compromised with the Neutrino exploit kit were unpatched.

Wired and Scientific American dispute the seriousness of car hacking, and how any automotive cyber vulnerabilities ought to be reported.

SCADA vulnerabilities are for sale on the black market, and they go for a song, according to Forbes. You can buy them for about $8000, or the price (in Maryland) of a used 2007 Chevy Silverado.

More patches are out: Apple, Cisco, the NTP foundation, and Oracle.

Observers wonder who'll secure the IoT, why endpoint security is making a comeback, and why incident response and remediation still takes so long.

IT and legal departments squabble over who owns data management (and, really, this squabble's over ownership of risk management).

Cyber security stocks dipped yesterday in apparent profit-taking.

Microsoft eyes acquisition of Secure Islands.

The US House passes legislation that would grant foreigners a right of judicial redress should US law enforcement violate their data privacy. This is seen as a move toward restoration of Safe Harbor. CISA, now before the Senate, draws tepid to chilly reviews.


Today's issue includes events affecting Australia, Belgium, China, Egypt, European Union, Indonesia, Iraq, Israel, Republic of Korea, Malaysia, Oman, Palestine, Russia, Switzerland, Switzerland, Syria, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Wikileaks Doxxes CIA Chief's Wife and Daughters (Daily Beast) The anti-secrecy outfit once known for exposing potential war crimes is now publishing the personal information of civilians instead

Researchers reveal how attackers could turn back Internet time (Christian Science Monitor Passcode) Boston University researchers discovered vulnerabilities in the ubiquitous computing protocol that keeps time synched across networks, opening up critical operations such as air traffic control to attacks

Malicious Google Chrome clone eFast serves ads, collects info (Help Net Security) A Google Chrome lookalike browser dubbed eFast is being actively pushed onto users. The software is at best annoying and unwanted, and at worst can lead users to malware

Malvertising — the new silent killer? (CIO via CSO) Malicious ads on the websites you visit aren't a new phenomenon. The fact that they now avoid detection and don't need you to click on 'em to infect your computer is new, and increasingly troublesome

Magento says compromised sites haven't patched older vulnerabilities (CSO) Some Magento sites have been infected with the Neutrino exploit kit

Bump into someone and lose up to £30 from your contactless card (Graham Cluley) Anyone who has travelled on public transport in crowded cities like London will be only too aware of how you can end up pushed up tight against complete strangers in conditions which we would probably feel uncomfortable subjecting animals to

IBM Runs World's Worst Spam-Hosting ISP? (KrebsOnSecurity) This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online ne'er-do-wells off their networks

Aria PC Technology vows to fight DDoS attackers (MicroScope) E-tailer Aria PC Technology has not given those trying to hold it to ransom with a DDoS attack quite the response they were expecting

WordPress blogger patch foot-drag nag: You're tempting hackers (Register) Brute force allows attacker to bypass web server rate limits

Don't overdo biometrics, expert warns (CSO) Biometric data such as fingerprint scans is being collected too widely and too casually

Fitbit trackers can be hacked in '10 seconds' (updated) (Engadget) Fitbit trackers have a whopper of a vulnerability that can let somebody within Bluetooth range quickly hack them, according to security company Fortinet

Why Diffie–Hellman Encryption May Be Past Its Prime (IBM Security Intelligence) The Diffie–Hellman key exchange has been a standard and successful approach to cryptography for some time

Why Car Hacking Is Nearly Impossible (Scientific American) Despite recent claims, your car is not about to get crashed by hackers

David Pogue Gets Car Hacking Dangerously Wrong (Wired) Writing about security means focusing on insecurity

Want Some Nuclear Power Plant 'Zero-Day' Vulnerabilities? Yours For Just $8,000 (Forbes) How much would a government be willing to pay for hacking tools designed to exploit the systems that control oil, gas and water plants? In many cases, they needn't pay much at all

Security Patches, Mitigations, and Software Updates

Apple security updates (Apple Support) This document outlines security updates for Apple products. For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available

Apple Safari TTF Out-Of-Bounds Access Remote Code Execution Vulnerability (Zero Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

Cisco Releases Security Updates (US-CERT) Cisco has released updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) software. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition

Cisco Identifies Multiple Vulnerabilities in Network Time Protocol Daemon (NTPD) (Talos) Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) (US-CERT) The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial of service (DoS) condition

Oracle slams door on Russian cyber spies who hacked NATO PCs through Java (InfoWorld) The vulnerability is just one of 154 fixed by Oracle across a wide range of products

Imagine being reincarnated as the guy in charge of Oracle security… (Graham Cluley) …Yesterday, as he explains on the Oracle security assurance blog, Maurice announced that Oracle had released patches for a stonking 154 vulnerabilities

Cyber Trends

Who Will Step Up To Secure The Internet Of Things? (TechCrunch) The Internet of Things (IoT) presents a significant mix of opportunity and risk

The Rebirth Of Endpoint Security (Dark Reading) A slew of startups and veteran security firms are moving toward proactive and adaptive detection and mitigation for securing the endpoint. But few enterprises are ready to pull the antivirus plug

Cyber Attack Recovery Times Cause Big Concerns (Information Management) More than half (55%) of the 430 organizations surveyed by the SANS Institute are dissatisfied with the length of time it takes them to contain and recover from attacks, according to a new report from the provider of information security training and analysis

8 key online fraud behaviors and patterns (Help Net Security) Sift Science examined data from 1.3 million online transactions and profiles in various industries from August 2014 to August 2015

Companies still lack security controls for accessing enterprise applications (Help Net Security) Despite widespread and highly publicized security breaches, most companies still fail to require necessary security controls for accessing enterprise applications, including those applications behind the corporate firewall, according to a new study by Vidder and King Research

Could Healthcare BYOD Policies 'Bring Disaster' for Security? (mHealthIntelligence) As more providers find healthcare BYOD policies beneficial among physicians, nurses, and other medical staff, a common fear throughout the industry is the potential for a data breach. Patient data security risks continue to dominate the discussion for healthcare BYOD policies

IT and Legal Disagree on Who Owns Data Management (Legaltech News) Despite a vested interest by both parties, legal and IT need better processes to manage their data interactions

One in Six Americans Stores Passwords and PINs in Wallets, Mobiles and PCs (Hot for Security) Some 15 percent of US consumers keep written records of passwords and PINs in their wallets, mobile devices or computers, according to a study by ProtectMyID


Federal cybersecurity spending booming as military's need to 'cyber-harden' grows (Washington Business Journal) Federal cybersecurity spending isn't just increasing, it's exploding

Cyber Insurance Premiums Surge in Response to High-Profile Data Breaches (eSecurity Planet) Some companies are also finding their deductibles raised and their coverage limited, Reuters reports

Cybersecurity stocks down strongly (Seeking Alpha) Several security tech plays, including ones that were tech sector darlings earlier this year as a torrent of hacking incidents led corporate cybersecurity spend to jump, are selling off on a quiet day for equities

How Much Lower Can FireEye Inc. Shares Fall? (Motley Fool) Investors in FireEye have been burned over the past year and a half. The question is, will the cybersecurity company's strengths outweigh its weaknesses going forward?

Proofpoint, Inc. (PFPT — $55.41) Delivers a deGrom-Like Performance and Outlook (FBRFlash) Earlier tonight, October 21, Proofpoint delivered a rock-solid deGrom-like performance, coming in well above the Street's 3Q15 estimates across revenue, EPS, and billings while, importantly, also giving a December quarter and initial 2016 outlook nicely above expectations

Microsoft set to gobble up third Israeli cybersecurity startup in year, source says (Fortune) The deal may be worth between $100 million and $150 million

Sophos and Cyberoam come together to provide end-to-end solutions (Computer News Middle East) Cyberoam and Sophos are coming together for the first time to provide end-to-end solutions for both firm's many customers

HP Sells TippingPoint Line to Trend Micro for $300 Million (SecurityWeek) HP has agreed to sell its HP TippingPoint network security line of products to Trend Micro for roughly $300 million, the two companies announced on Wednesday

Dell May Sell Assets to Pay for EMC Deal (re/code) Assuming its proposed $67 billion takeover of the storage company EMC closes, computing company Dell Inc. will, by this time next year, become the largest company in the world selling information technology gear to large corporations

And boom there it is. EMC outlines new cloud unit under Virtustream brand (Fortune) New EMC cloud business puts Virtustream and VMware cloud assets under Virtustream brand and CEO Rodney Rogers

Mission Secure Raises Funding for Cyber Physical Systems; David Drescher Comments (ExecutiveBiz) Mission Secure Inc. has closed a second round of financing in preparation for the company's plan to deploy cyber physical systems security project

Wombat raises capital (Pittsburgh Business Times) On the heels of announcing the acquisition of Reston, Va.-based ThreatSim, Wombat Security Technologies Inc. has raised $3.3 million from investors

Microsoft flashes cash for security bugs in ASP.NET and .NET Core (Register) $500 to $15,000 for eligible submissions

Tenable Network Security Named One of Washingtonian's 50 Great Places to Work (TechCrunch) Employees report competitive pay and benefits, and opportunity for growth at leading DC-area cybersecurity software company

Coalfire Adds Luke McOmie and Ryan Jones to Bolster Labs Division (BusinessWire) Duo brings more than 40 years of experience in penetration testing and hacking

Products, Services, and Solutions

Akana First to Offer Translation Between API Description Languages (Virtual Strategy Magazine) Simplifies API Publishing and Consumption with Swagger, RAML, WADL and WSDL

Ex-NSA Hacker Launches Bug-Hunting Tool Inspired by Spy Agency (Motherboard) During his time as an NSA hacker, Jay Kaplan and his colleagues at the intelligence agency could count on the help of powerful computers automatically gathering data to complement their human skills

Red Hat Doubles Down on Container Security (eWeek) Red Hat partners with Black Duck to provide Deep Container Inspection in an effort to secure containers

Radware Powers SingleHop Shield Attack Mitigation Service Offering (CNN Money) SingleHop cloud hosting provider utilizes Radware's DDoS mitigation solution in their SingleHop Shield™ attack mitigation services offering

Egnyte Debuts Dashboard For Content Analytics, Talks Path To Profitability (TechCrunch) Egnyte, a company that provides hybrid-cloud data management services, today released a new method for companies to track and manage content in their control

Flashpoint and ThreatConnect to Enhance Access to Threat Intelligence from Deep and Dark Web (Sys-Con Media) ThreatConnect integrates Flashpoint's Deep and Dark Web Threat Intelligence into the ThreatConnect Platform

Dyadic Protects Organizational Secrets and Sensitive Data with Comprehensive New Crypto Suite (BusinessWire) Dyadic Security, a leader in advanced cryptography solutions, today unveiled its Encryption and Key Protection Suite featuring two complementary new solutions, Distributed Key Protection and Software-Defined Encryption

Technologies, Techniques, and Standards

The seven deadly sins of firewall admins (CSC Blogs) "If you can't explain it simply, you don't understand it well enough," said Einstein. With this in mind, here's a very simple analogy that explains the purpose of a firewall, followed by the seven deadly sins of firewall admins the world over

Employee activities that every security team should monitor (Help Net Security) Next time you are at a cocktail party with a group of IT security professionals, try this icebreaker — "Which of the following user activities could open the door to a data breach?"

5 Strategies for Handling Foreign Data Post-Safe Harbor (Legaltech News) The Recommind webcast soldiered through the new world of handling potentially private data in the EU

Wargame teaches senior leaders about strategic threats and risks (Help Net Security) On Oct. 13 Booz Allen and the FC2 held a cybersecurity wargame simulation for senior officials in the public and private sectors at the University of South Florida, the home of the Florida Center

Research and Development

Telos, George Washington University Enter Analytics R&D Partnership for Cybersecurity (ExecutiveBiz) Telos and George Washington University have agreed to jointly build data analytics tools and algorithmic methods in an effort to help U.S. organizations to secure cyber and physical infrastructure assets

New online tool reveals terrorist networks and behavior over time ( To enable a better understanding of how terrorist organizations network and function over time, the National Consortium for the Study of Terrorism and Responses to Terrorism (START) has launched the Big Allied and Dangerous (BAAD) online platform

NYU Receives DHS Automotive Cyber Research Grant (ExecutiveBiz) New York University has received a $1.4 million grant award from the Department of Homeland Security's science and technology directorate to develop cybersecurity tools for automobiles

Kaspersky Lab Patents New Technology to Enhance Virtual Desktop Infrastructure Security (Kaspersky Lab) Kaspersky Lab has patented a new technology designed to prioritize data-scanning tasks on virtual machines

Legislation, Policy, and Regulation

Police and industry to tackle cyber crime together, says TechUK (ComputerWeekly) A TechUK report calls for collaboration between police and industry to raise standards of reporting, recording and responding to cyber crime

Your face could be sucked off Facebook and on to a national biometric database (Naked Security) We already know that Facebook's facial recognition technology — called "DeepFace" — rivals humans' ability to recognize people, regardless of lighting changes and camera angles

Malaysia, Oman ink cyber security agreement (Star) Malaysia and Oman have signed a Memorandum of Understanding (MoU) in order to strengthen cyber security cooperation between the two nations

US, Malaysia to Set Up New Center to Counter Islamic State by End of 2015 (Diplomat) Regional counter-messaging center to be set up "within this year," top official confirms

Statement Before the House Committee on Homeland Security Washington, D.C. (FBI) Good afternoon Chairman McCaul, Ranking Member Thompson, and members of the committee. Thank you for the opportunity to appear before you today to discuss the current threats to the homeland and our efforts to address new challenges, including terrorists' use of technology to communicate — both to inspire and recruit

Judicial Redress Act heads for senate, making new Safe Harbor agreement more likely (IDG via CSO) The U.S. House of Representatives has approved a bill that will give foreigners the same rights to judicial redress as U.S. citizens if law enforcers violate their data privacy

Opinion: Why the 'cyber bill' falls short on protecting critical networks (Christian Science Monitor Passcode) The Cybersecurity Information Sharing Act is missing a key component needed to strengthen America's digital defenses — transparency into what the government itself is doing or not doing to protect its networks from hackers

Cybersecurity Information Sharing Act of 2015 (Ricochet) You may have heard of this bill

The Senate's cybersecurity bill could make it easier for the NSA to spy on you (Vox) With a string of high-profile hacks affecting everyone from Sony Pictures to the insurance company Anthem, there's broad agreement that more needs to be done to secure the internet

Even DHS Doesn't Want the Power It Would Get Under CISA (Defense One) The Senate bill to improve cyber information sharing would route data through an agency that doesn't want the job

Lancope's Gavin Reid on how federal agencies can improve their threat intelligence (FedScoop) Cybersecurity Insights & Perspectives host Kevin Greene speaks with Gavin Reid, vice president of threat Intelligence at Lancope, about information sharing in the public and private sectors

NSA, Apple Chiefs At Odds Over Cyber Security Access (UpdatedNews) The heads of the National Security Agency and Apple Inc. took the stage within minutes of each other at the WSJD Live technologyconference in southern California this week — but both delivered markedly different messages regarding security in the face of looming cyber threats

Experts: U.S. must do more to protect energy grid from cyberattacks (Charlotte Observer) The U.S. needs to be more aggressive in putting critical energy infrastructure out of reach of cyberattacks, a top official of the government's Idaho National Laboratory warned lawmakers

Auto industry debates legislation to outlaw car hacking at congressional hearing (SC Magazine) Automotive industry professionals debated proposed legislation to address privacy and security in connected automobiles before the U.S. House of Representatives Committee on Energy and Commerce hearing on Wednesday

Hacked Opinions: The legalities of hacking — Dr. Chenxi Wang (CSO) Dr. Chenxi Wang, from Twistlock, talks about hacking regulation and legislation

Hacked Opinions: The legalities of hacking — Justin Harvey (CSO) Justin Harvey, from Fidelis Cybersecurity, talks about hacking regulation and legislation

Homeland Security: Secret Service may identify nearby cellphones when protecting president (US News and World Report) A new policy allows the Secret Service to use intrusive cellphone-tracking technology without a warrant if there's believed to be a nonspecific threat to the president or another protected person

Litigation, Investigation, and Law Enforcement

Lawmaker alleges DCGS-A down during hospital airstrike (C4ISR & Networks) The Army's cloud-based intelligence and situational awareness platform, the Distributed Common Ground System-Army, allegedly was "not operational" when an Oct. 3 U.S. airstrike in Kunduz, Afghanistan, hit a Doctors Without Borders hospital, according to Rep. Duncan Hunter

FBN Exclusive: DOJ Officials Fear Foreign Telecoms Hacked Clinton Emails, Server (Fox Business) Officials close to the matter at the Department of Justice are concerned the emails Hillary Clinton sent from her personal devices while overseas on business as U.S. Secretary of State were breached by foreign telecoms in the countries she visited — a list which includes China

Sony to pay up to $8 million in 'Interview' hacking lawsuit (Reuters via Business Insurance) Sony Pictures Entertainment Inc. has agreed to pay up to $8 million to resolve a lawsuit by employees who claimed their personal data was stolen in a 2014 hacking tied to the studio's release of a comedy set in North Korea, "The Interview"

Online pharmacy fined for selling user data to lottery company and others (Naked Security) The Information Commissioner's Office (ICO) in the UK is a public service body set up with excellent aims

3 teens face prison time for high school hack to change grades (CBS News) Three 17-year-old students face serious time in prison after hacking into their school's computers and changing students' grades and schedules

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybersecurity, the SEC and Compliance (New York, New York, USA, November 18, 2015) The recent SEC CyberSecurity Examination Initiative focuses on information safeguards for financial services organizations. Are you prepared? Please join us for a panel discussion on what cybersecurity...

Upcoming Events

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic...

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

NICE 2015 Conference and Expo (San Diego, California, USA, November 3 - 4, 2015) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

Inside Data Science 2015 (Monterey, California, USA, November 3 - 4, 2015) At the Inside Data Science 2015 Conference (IDS2015) our focus is not on the storage or volume of data, but rather the importance of what you do with it. To synchronize the processing, exploitation and...

4th International Internet-of-Things Expo (Santa Clara, California, USA, November 3 - 5, 2015) With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Santa Clara. Learn what is going on, contribute to the discussions, and...

RSA Conference 2015 Abu Dhabi (Abu Dhabi, United Arab Emirates, November 4 - 5, 2015) Join your fellow information security professionals at RSA Conference 2015 Abu Dhabi, where we'll be discussing security issues from a global perspective

ICMC (the International Cryptographic Module Conference) (Washington, D.C., USA, November 4 - 6, 2015) ICMC core focus includes cryptographic modules, FIPS 140-2, ISO/IEC 19790 and cryptographic algorithms. Specialists from all over the world gather in Washington to discuss about commercial cryptography...

2nd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 5, 2015) The 2015 symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from experts on cybersecurity and cyber...

Start with Security (Austin, Texas, USA, November 5, 2015) This one-day conference will continue the FTC's work to provide companies with practical tips and strategies for implementing effective data security. Aimed at start-ups and developers, this event will...

University of Phoenix® Technology Conference (Arlington, Virginia, USA, November 7, 2015) At the University of Phoenix® Technology Conference 2015, a free event hosted by the University of Phoenix College of Information Systems and Technology, you will be introduced to cyber security,...

Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, November 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders,...

FedCyber 2015 (Tyson's Corner, Virginia, USA, November 10, 2015) This conference, orchestrated by cyber practitioners Matt Devost and Bob Gourley, is designed to advance the state of cyber defense. The Threat Expo will bring together thought leaders who...

First International Conference on Anti-Cybercrime (ICACC-2015) (Riyadh, Saudi Arabia, November 10 - 12, 2015) Al Imam Mohammad Ibn Saud Islamic University is organizing this international conference to establish a forum where discussions on vital issues related to anti-cybercrime can occur. This conference will...

Black Hat Europe (Amsterdam, the Netherlands, November 10 - 13, 2015) Black Hat prides itself with being "the most technical and relevant global information security event series in the world." For the past 16 years, the Black Hat events have given their attendees the opportunity...

2015 U.S. Cyber Crime Conference (National Harbor, Maryland, USA, November 14, 2015) The 2015 U.S. Cyber Crime Conference (Formerly the DoD Cyber Crime Conference) has brought world-class forensics and incident response training combined with outstanding community networking for over 15...

Pen Test Hackfest Summit & Training (Alexandria, Virgina, USA, November 16 - 23, 2015) SANS Pen Test Hackfest Training Event and Summit is coming back to Washington DC, bigger and better than ever! The Hackfest is an ideal way to learn offensive techniques so you can better defend your environment.

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Internet-of-Things World Forum 2015 (London, England, UK, November 18 - 19, 2015) This conference features speakers from leading IoT companies and their customers. Learn how the Internet-of-Things is creating new markets for products, services, and solutions

DefCamp6 (Bucharest, Romania, November 19 - 20, 2015) Why DefCamp? Because it's the most important conference on Hacking & Information Security in Central Eastern Europe, bringing hands-on talks about the latest research and practices from the INFOSEC field,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.