skip navigation

More signal. Less noise.

Daily briefing.

Reports on Iranian hacktivist (probably government sockpuppet) attacks against scholars and members of the Iranian diaspora continue to emerge. The threat actors have a name: "Rocket Kitten."

G DATA researchers warn of threats to the Android supply chain: they're finding pre-installed malware in some devices produced in or transiting China. Another Android issue is reported by Beyond Security's CTO: encryption and lock mechanism vulnerabilities in AppLock, a popular Play Store download.

Quick Heal says it's found a malware sample that evades sandbox-based gateways.

Carnegie Mellon's Software Engineering Institute details "Filet-of-Firewall" vulnerabilities in home routers (UpnP is the service typically at risk).

Japanese banks suffer an infestation of a new Trojan, "Shifu," which blends the functionality of at least seven known, proven Trojans.

Sensecy describes ORX-Locker, a new Darknet ransomware-as-a-service platform.

Intel Security thinks fears of stealthy GPU-based malware are overblown (especially the stealth).

OS X may suffer a new keychain vulnerability, according to MyKi. If exploited, it could compromise stored credentials.

Google updates Chrome. Microsoft is reconsidering its plans to withhold Windows 10 patch details from enterprise users. Google, Mozilla, and Microsoft will stop supporting RC4 encryption in 2016.

McAfee Labs offers an interesting retrospective on predictions, reviewing what 2015 looked like from 2010. (The zero-day price list is worth a look.)

A survey suggests corporate boards don't really care as much about cyber security as one might think.

In the US, the NTIA works to build a community of trust for vulnerability disclosures. Lawyers work through FTC cyber authority.

Notes.

Today's issue includes events affecting Austria, China, Germany, Iran, Israel, Japan, Kosovo, Russia, South Africa, Switzerland, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Rocket Kitten Spies Target Iranian Lecturer and InfoSec Researchers in New Modus (TrendLabs Security Intelligence Blog) Dr. Thamar E. Gindin didn't know exactly why she was being targeted. She only knew that her attackers were persistent. An expert lecturer on linguistics and pre-Islamic Iranian culture, she had apparently uttered political statements that had piqued the people behind Rocket Kitten — a known attack group notorious for snooping on select high-profile individuals in the Middle East

Cyberspies Impersonate Security Researcher (Dark Reading) 'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage

Pre-Installed Android Malware Raises Security Risks in Supply Chain (eWeek) Security experts are increasingly worried about the security of the supply chain with reports of more than 20 incidents where rogue retailers have managed to pre-install malware on new Android phones

G DATA entdeckt vorinstallierte Spionageprogramme auf Top-Smartphones (Pressportal) 45,6 Millionen Menschen in Deutschland nutzen im Jahr 2015 ein Smartphone (Quelle: comScore)

Encryption, Lock Mechanism Vulnerabilities Plague AppLock (Threatpost) Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts more than 100 million users

Quick Heal Technologies Uncovers New Malware Breach Impacting Sandbox-Based Gateway Appliances (Business Solutions) Quick Heal Technologies recently announced its research labs have come across a new malware sample that is able to breach the advanced threat protection offered by sandbox-based gateway appliances

UPnP Trouble Puts Devices Behind Firewall at Risk (Threatpost) Security vulnerabilities in UPnP continue to crop up and continue to put millions of home networking devices at risk for compromise

Shifu: 'Masterful' New Banking Trojan Is Attacking 14 Japanese Banks (IBM Security Intelligence) A brand-new advanced banking Trojan discovered in the wild has been named "Shifu" by IBM Security X-Force, after the Japanese word for thief

ORX Locker, the new Darknet Ransomware-as-a-service platform (Security Affairs) Security experts at Sensecy have uncovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become a cyber criminal

What's the situation this week for Neutrino and Angler EK? (Internet Storm Center) Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK. A few days later, we found that actor using Angler again. This week, we're back to seeing Neutrino EK from the same actor

SiS Windows VGA Display Manager 6.14.10.3930 — Write-What-Where PoC (Exploit Database) Vulnerabilities within the srvkp module allow an attacker to inject memory they control into an arbitrary location they define or cause memory corruption

Hidden password-stealing malware lurking in your GPU card? Intel Security thinks not (Register) Neat trick but not undetectable

Researchers discover new keychain vulnerability in OSX (CSO) Compromised passwords delivered via SMS, using code wrapped around harmless files that won't trigger security warnings

225,000 Reasons Not to Jailbreak Your iPhone — iOS Malware in the Wild (Intego Mac Security Blog) Over 225,000 iOS devices have been hit by a malware attack, stealing Apple ID account usernames and passwords, certificate keys, private keys, App Store purchasing information and more

Prepare to be Thunderstruck: What if 'deuszu' ISN'T the Ashley Madison hacker? (Register) Attribution is harder than a taste in music

Ashley Madison hack highlights cyber extortion risks (Business Insurance) A recent cyberattack by hackers into the Ashley Madison website brings a new threat to businesses that store client data: Ransom demands

WHSmith contact form spams out personal customer data (Naked Security) Users of UK newsagent chain WHSmith's online services have reported large amounts of email arriving in their inboxes, containing personal contact data on other users

HIPAA breach for hospital after worker swiped patient data (Healthcare IT News) A 12-hospital health system is notifying hundreds of its current and former patients that their protected health information has been compromised after discovering an employee was involved in identity theft

New APT Threats Target India, SE Asia (InfoRiskToday) Experts: situation exacerbated by legacy security mindset

Cyber-attack on council website leads to fresh security concerns (Digital by Default News) Falmouth Town Council's website was hacked on Saturday 29th August, leaving site visitors with a message by an Albanian hacker group naming itself NofawkX-Al

Security Patches, Mitigations, and Software Updates

Stable Channel Update (Chrome Releases) The Chrome team is delighted to announce the promotion of Chrome 45 to the stable channel for Windows, Mac and Linux

Google, Mozilla, Microsoft to Sever RC4 Support in Early 2016 (Threatpost) Google, Microsoft and Mozilla today announced they've settled on a timeframe to permanently deprecate the shaky RC4 encryption algorithm

Microsoft's Windows 10: Business users may get patch details after all (ZDNet) Microsoft looks to be rethinking its stance against providing detailed Windows 10 patch and update information, at least for business customers

Cyber Trends

Five years of hardware and software threat evolution (Help Net Security) McAfee Labs commemorates the five-year anniversary of the Intel-McAfee union by comparing what researchers thought would happen beginning in 2010 with what actually happened in the realm of hardware and software security threats

Mobile malware threat was overstated, Intel Security admits (CRN) Attacks on mobile devices have not been as prevalent as predicted at time of McAfee acquisition, Intel Security concedes

Mobile Malware Report — Threat Report: Q2/2015 (G DATA ) The G DATA security experts expect well over two million new malware sample for the Android operating system for 2015 as a whole — a new record

Enterprises set to use more deception to defend against cyber attacks, says Gartner (ComputerWeekly) Gartner has recognised deception as an emerging defence strategy against cyber attackers

Physical Security Remains Key Factor in Cyber Protection for Critical Infrastructure (Security Magazine) NERC compliance requirements in the utilities industry have made it essential to monitor and report on physical access to various facilities, control rooms, substations and critical assets

Wearable growth should spur security rethink (MicroScope) With fairly healthy sales Apple has proved that there was an appetite for its Watch and the wearables market is starting to expand

How data breaches are changing information security (Help Net Security) In this podcast recorded at Black Hat USA 2015, Gautam Aggarwal, Chief Marketing Officer at Bay Dynamics, takes a look at the past year in the security space and the important events that have shaped the industry

Marketplace

Do boards of directors actually care about cybersecurity? (CSO) Survey says business leaders probably don't care as much about cybersecurity as they say they do

Cyber Risks: What the Board Needs to Know (InfoRiskToday) Clifford Chance's Ng on why Singapore banks need new strategy

Should a data breach be the kiss of death for the CEO? (Help Net Security) The fact that CEOs have tendered their resignations in the aftermath of public breaches is a clear indication that the executive level is being held more accountable for the cyber security practices of their organizations

Privacy Does Not Sell — Neither Did Safety (Technology | Academics | Policy) Why do consumers choose privacy-invasive services? Why are more privacy-protective services not available? One explanation is that "privacy does not sell." In fact, the marketplace is littered with failed companies that tried to sell privacy-protective services to consumers

Why Israel dominates in cyber security (Fortune) Historical, political, and societal factors have turned Israel an epicenter of security innovation, attracting companies like Microsoft

Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals (KrebsOnSecurity) A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company's eponymous chief executive — Eugene Kaspersky — who called the story "complete BS" and noted that his firm was a victim of such activity. But according to interviews with the CEO of Dr.Web — Kaspersky's main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms

CensorNet acquires Sirrustec's e-mail management technology, global customer base (ITWeb) CensorNet, the complete cloud security company, today announces that, with immediate effect, it has acquired Florida-based cyber security company Sirrustec's e-mail security platform, archival and storage technology, which further enhances CensorNet's product portfolio

SageNet acquires Turnberry Solutions' cybersecurity division (Security InfoWatch) SageNet — a leading Managed Network Solutions provider — announces it has acquired the cybersecurity division of IT consulting and staffing firm Turnberry Solutions

The Value Of IBM Strategic Imperatives (Seeking Alpha) IBM strategic imperatives: Cloud, Security, Analytics, Social Business, and MobileFirst are high gross margin businesses with potential to create value to shareholders

Opportunities Abound for Symantec as a Pure-Play Security Software Vendor (Trefis) Security software vendor Symantec Corp. (NYSE:CRM) will complete the sale of its information management business, Veritas, to private equity firm Carlyle by the end of the current calendar year

ID Experts Wins $330M Federal Data Breach Recovery Services BPA (GovConWire) ID Experts, incorporated as Identity Theft Guard Solutions, has won a potential $329.8 million blanket purchase agreement to help protect the financial identities of 21.5 million people affected by an Office of Personnel Management cyber attack

Rick Wagner on ManTech's Cloud & Big Data Emphasis for Intell Agencies, ICITE's Outlook (ExecutiveBiz) Rick Wagner joined ManTech International in June to lead the Fairfax, Va.-based company's advanced technical solutions business unit as senior vice president and general manager

Cybersecurity concerns in health care, banking, insurance drive growth for local IT firm (Albany Business Journal) Concerns among clients in banking, insurance and health care about data security have benefited Annese & Associates' focus on the private sector, said CEO Ray Apy

Cybersecurity Expert Leo Taddeo Joins Easy Solutions' Board of Advisors (BusinessWire) Former FBI Special Agent in Charge joins board of leading fraud protection company

Exabeam Adds CMO Rick Caccia to Executive Team (BusinessWire) Exabeam continues to expand its strong team roster with the addition of industry veteran

Products, Services, and Solutions

Avast, Qualcomm tag team to protect devices at the kernel level (ZDNet) The companies are working at the hardware level to protect mobile devices from malware and zero-day threats

AVG Helps Secure Obi Worldphone Smartphones (IT Business Net) Delivers pre-installed protection on new mid-range device worldwide

NSA certifies ViaSat security-on-a-chip system (C4ISR & Networks) The National Security Agency has certified ViaSat's KOV-55 Security-System-on-a-Chip for secure tactical communications

I Predix a riot — of machine to machine activity (MicroScope) I hope the Internet of Things gets to the point a lot quicker than the bottom sniffing executives, yes men and cliché repeaters that form the human chain of command in many corporations

CylancePROTECT (SC Magazine) Verdict: So far we have seen no better anti-malware performance than this. It is well-conceived and effective. If you are not happy with your anti-malware product, you really should take a close look. For its truly advanced approach and impressive catch rate we make this our Best Buy

Dragos Security CyberLens (SC Magazine) This month's First Look was a bit of a surprise to us. We are used to seeing IP devices being discoverable in the enterprise

G DATA Secure Chat (trnd) Sichere und einfache digitale Kommunikation

CloudLock Delivers 'Transformative' Cybersecurity-As-A-Service Offering (CRN) Add cybersecurity to the list of products now offered as a service: Waltham, Mass.-based cloud security specialist CloudLock has introduced a Cybersecurity-as-a-Service offering

HP beefs up enterprise security suite with tools to root out malware, app vulnerabilites (CIO) The Fortify app testing service has gained machine learning analysis capabilities

Verizon DBIR App for Splunk Provides Actionable Security Intelligence for Enterprises (MarketWatch) To help enterprises navigate and make sense of the increasingly sophisticated cyberthreat landscape, Verizon Enterprise Solutions announced the launch of its Data Breach Investigations Report (DBIR) app for Splunk® software

Niara Integrates Security Analytics and Forensics With HP ArcSight (Virtual Strategy Magazine) Niara, provider of security analytics for advanced detection and incident response, today announced that its platform has been certified to interoperate with the HP ArcSight Enterprise Security Management (ESM) solution

FireEye Partnership Fuels US Cybersecurity Push (PYMNTS) The U.S. has taken a serious stance in the fight against cybercrime, and a new partnership between cybersecurity firms FireEye and Cybergy Partners is aimed at aiding that effort

Resilient Systems Partners with NTT Com Security, Bringing Leading Incident Response Platform to DACH Region (BusinessWire) Resilient Systems, the leading Incident Response Platform (IRP) provider, announced a new partnership with NTT Com Security in the DACH region

LogicNow Partners with Bitdefender, Unveils Managed Antivirus Service (MSPMentor) Managed Antivirus is included in LogicNow's MAXfocus product suite

AirGate Further Secures Next Generation Network with Value-Added DDoS Protection Services (BusinessWire) Leveraging the Corero SmartWall threat defense system, combined with existing service offerings, enables a new paradigm in secured solutions for AirGate customers

Intel Unveils New Chip Design It Says Will Bring More Than Speed (Bloomberg Business) Intel Corp. for decades has been rolling out a new chip design every 12 months or so, adding processing power that historically helped persuade consumers to trade in their personal computers for newer, faster machines

Technologies, Techniques, and Standards

Using the COSO Framework to Mitigate Cyber Risks (Wall Street Journal) Cyber risks cannot be avoided, but such risks can be managed better through careful design and implementation of appropriate controls

The Linux Foundation Publishes Its Internal Workstation Security Checklist (Softpedia) A couple of security tips from the Linux creators themselves

5 Ways to Make Public Cloud More Secure (eSecurity Planet) As their use of public cloud grows, organizations must ensure they are doing all they can to achieve a secure cloud environment

Taming today's cyberthreat landscape: A CIO checklist (TechTarget) The cyberthreat landscape grows more dangerous by the day. Harvey Koeppel offers a 12-point cybersecurity checklist for CIOs

Barclays Hacks Its Own Systems to Find Holes Before Criminals Do (BloombergBusiness) Barclays Plc is hacking its own computer systems to stay a step ahead of the criminals

Detecting file changes on Microsoft systems with FCIV (Internet Storm Center) Microsoft releases often interesting tools to help system administrators and incident handlers to investigate suspicious activities on Windows systems. In 2012, they released a free tool called FCIV ("File Checksum Integrity Verifier")

Design and Innovation

When Computers Know You By Your Keystrokes (SIGNAL) New security approaches based on behavioral biometrics keep constant watch to ensure that users are who they say they are

We Can Allow Cybersecurity Research Without Stifling Innovation (Dark Reading) The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age

Why Startups Should Leverage Compliance (TechCrunch) Business Insider recently reported that "The Clearing House, an advocacy group owned by the world's largest commercial banks, is gunning for payment startups"

The three engineers you meet in product management heaven (Quartz) Today is a good day to gloat that I am a product manager

Academia

Russian Military Launches Cybertraining Program for Youth (Moscow Times) The Russian military launched a new cybersecurity training program for young military cadets at a St. Petersburg military academy on Tuesday, the Defense Ministry was quoted as saying by the RIA Novosti news agency

From Elementary School to College — Northrop Grumman Devotes Summer to Help Build Tomorrow's Cyber Workforce (MarketWatch) Recognizing the critical need for experienced cyber professionals requires year-round attention, Northrop Grumman Corporation NOC, -2.67% supported numerous activities this summer aimed at exciting and motivating youth to pursue a career in cybersecurity

Legislation, Policy, and Regulation

We're at Cyberwar: A Global Guide to Nation-State Digital Attacks (Wired) Every month, it seems, a mammoth cyberattack sponsored by a nation-state comes to light

Cyberarmies rising? (SC Magazine) With government officials and executives in the U.S. reeling from sophisticated hacks traced to China and other state-backed entities, American spies and soldiers are sharpening the ongoing debate over if — and when — an online action, like the hack of the U.S. Office of Personnel Management (OPM), should trigger a "kinetic" response — a euphemism for military actions ranging from drone strikes and commando raids to all-out war

Cyber squad for SA (iOL News) The government has tabled a draft law to stock its armoury against cybercrime, that carries penalties of up to 10 years (and/or R10 million) for certain acts

U.S. agency to seek consensus on security-vulnerability disclosures (ComputerWorld) NTIA hopes to foster more trust and collaboration among security researchers and vendors

How the GSA Is Trying to Simplify Cybersecurity Purchases for Agencies (FedTech) A proposed category would make it easier for federal agencies to obtain the goods and services needed to protect themselves

Cybersecurity on the Campaign Trail: Five Predictions for 2016 (Council on Foreign Relations) There might be 435 days before Election Day, but the 2016 presidential campaign is well under way

California, Virginia Take Steps to Bolster Cybersecurity Stance (Government Technology) Governors announce new action to improve cybersecurity and risk management plans

Litigation, Investigation, and Law Enforcement

What CIOs Need to Know About the FTC Cybersecurity Ruling (Wall Street Journal) No matter how much a company spends in money and resources for cyber security, there is always the risk that the system will be hacked

3 ways healthcare CIOs can avoid an FTC lawsuit over security (FierceHealthIT) Recent ruling gives government agency more power to police cybersecurity

Wow, European Lawyers Really Have It Out for Google (Wired) It looks like Google's legal headaches in Europe are about to get worse, thanks to a new site that aims to become a hub for companies and organizations that believe they've been harmed by the search giant's allegedly anticompetitive practices

IRS data breach led to at least $50M in fraudulent returns (FierceITSecurity) I'm sure you are aware of the data breach at the IRS that resulted in the compromise of taxpayer data on 334,000 households, more than double the original estimate

Ashley Madison breach reveals flaws in data location rules (Data Center Dynamics) The law is cloudy on the data center's responsibility for personal data and where it is held

Who is ultimately responsible? (CRN) As I have been managing our US sister site Channelnomics.com for the past couple of weeks while the site editor is away, I've been sucked into the story that a Colorado-based reseller has been drawn into the continuing Hillary Clinton email saga

Clinton, using private server, wrote and sent e-mails now deemed classified (Washington Post) While she was secretary of state, Hillary Rodham Clinton wrote and sent at least six e-mails using her private server that contained what government officials now say is classified information, according to thousands of e-mails released by the State Department

Hillary Clinton is not an email crook: Column (USA Today) The server fracas isn't Watergate, yet, but the Democratic front-runner is starting to sound a little like Richard Nixon

Hamza Bendelladj, Co-Creator of SpyEye Trojan NOT Sentenced To Death (HackRead) Even though several social media platforms are claiming that Hamza Bendelladj has been sentenced to death, but in reality he cannot be sentenced to death because all his criminal activities were electronic and he had already been pleaded guilty for his crimes

'Gone Girl' Suspect Confesses to Reporter — As FBI Listens In (Wired) A word of advice to jail inmates who give press interviews: "Off the record" doesn't mean squat to the FBI agents listening in

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ICFP 2015 (Vancouver, British Columbia, Canada, August 31 - September 2, 2015) ICFP 2015 provides a forum for researchers and developers to hear about the latest work on the design, implementations, principles, and uses of functional programming. The conference covers the entire...

SCADA Nexus 2015 (Houston, Texas, USA, September 2 - 4, 2015) SCADA Nexus is an international annual event for ICS and SCADA security professionals and executives to focus on world-wide security concerns. The event is located in Houston, Texas each year at the Hilton...

SIN 2015 (Sochi, Russia, September 8 - 10, 2015) The 8th International Conference on Security of Information and Networks (SIN 2015) provides an international forum for presentation of research and applications of security in information and networks.

NSPW (New Security Paradigms Workshop) (Twente, Netherlands, September 8 - 11, 2015) Although NSPW is more of a workshop than a conference, it has earned its right to be included in this list. Since 1992, NSPW has been offering a unique forum for cyber security specialists involved in...

Global Cyberspace Cooperation Summit VI (New York, New York, USA, September 9 - 10, 2015) An invitation-only event, this meeting of international actors aims to coordinate and consolidate progress, showcase results and promote collective action. The annual cyber summits provide a crucial forum...

Intelligence and National Security Summit (Washington, DC, USA, September 9 - 10, 2015) AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) are pleased to host the second Intelligence and National Security Summit to provide the platform for this essential...

Cybersecurity Innovation Forum (Washington, DC, USA, September 9 - 11, 2015) The 2015 Cybersecurity Innovation Forum is a three-day event hosted by the National Institute of Standards and Technology, and planned with the National Security Agency, and the Department of Homeland...

2nd Annual Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, September 10, 2015) The one-day symposium will examine the potential advantages and pitfalls of an information-sharing strategy from the technological, business and regulatory perspectives

Cyber 6.0 (Laurel, Maryland, USA, June 17, 2015) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity...

BSides Augusta 2015 (Augusta, Georgia, USA, September 12, 2015) Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Gulf Cooperation Council Cyber Security Summit (Abu Dhabi, United Arab Emirates, September 13 - 15, 2015) The GCC Cyber Security Summit will bring together regional and international thought leaders and decision-makers to examine one of the most vital threats to the region's future well-being: cyber-attack.

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

EnergySec 11th Annual Security & Compliance Summit (Washington, DC, USA, September 14 - 16, 2015) For more than 10 years the EnergySec Security Summit has been the premier gathering for stakeholders in the energy sector focused on physical and cyber security. Our summits give each attendee a rare opportunity...

Fraud Summit San Francisco (San Francisco, California, USA, September 15, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Among the areas to be discussed are...

Borderless Cyber 2015 (Washington, DC, USA, September 15 - 16, 2015) OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber security best practices...

Detroit Secure World (Detroit, Michigan, USA, September 16 - 17, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

6th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 17, 2015) Join key leaders and decision makers from government, military and the private sector at this one-day intensive networking event as participants focus on the next generation of solutions to ensure this...

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.