skip navigation

More signal. Less noise.

Daily briefing.

Members of Russia's military forces have for several months been receiving "well crafted" phishing emails, and these are (apparently) the work of Chinese intelligence services. Discovered and disclosed by Proofpoint, the espionage campaign is directed at military capability and telecommunications systems. (Proofpoint says Russian-speaking financial analysts covering the telecom sectors have been collateral damage.) The phishing emails distribute the PlugX remote-access Trojan using malicious Microsoft Word documents as vectors.

Meanwhile, Western targets continue to worry about China's Iron Tiger campaign, cyber operations in support of South China Sea territorial claims, and a "pledge of compliance" being required of companies doing business in China.

The Russian services aren't idle either, as F-Secure publishes a useful rundown of their Duke family of exploits.

Some insight into the workings of the exploit industry may be gleaned from the details of a recently discovered point-of-sale Trojan: it's been assembled from pieces of earlier kits.

ESET finds a new bit of crimeware:"Odlanor." This one cheats at online poker.

Schneider Electric pushes out some new firmware for the StruxureWare Building Expert building automation system. The patch stops a bug (not yet believed exploited in the wild) that transmitted plaintext user credentials between servers and client machines.

The UK's MI5 wants, as a matter of policy, extensive access to communications. US crypto policy wars continue, with fresh arguments that universal encryption need not unduly burden law enforcement.

Cyber insurance large print giveth, but small print taketh away: risk from your business partners being phished isn't covered.

Notes.

Today's issue includes events affecting Brunei, Cambodia, China, European Union, Indonesia, Japan, Laos, Malaysia, Myanmar, Philippines, Russia, Singapore, Taiwan, Thailand, United Kingdom, United States, and Vietnam.

Dateline 6th Annual Billington Cybersecurity Summit

From the Billington Summit: the Economics of Cyber Conflict and a Security Role for Markets (The CyberWire) Several clear themes emerged at this sixth annual Billington summit. The adversaries' tradecraft is getting better, but "better" isn't necessarily synonymous with "novel" or "innovative." Rather, we see familiar exploits used successfully against known vulnerabilities

Cyber Attacks, Threats, and Vulnerabilities

Russian military attacked, possibly by Chinese cyber group (CSO) Members of the Russian military have been receiving well-crafted phishing emails since mid-summer

In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia (Proofpoint) Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing

The DUKES APT — 7 years of Russian state sponsored hacking (F-Secure) This whitepaper explores the tools — such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc. — of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making

Iron Tiger: How hackers have stolen terabytes of confidential data from US high-tech firms (Tripwire: the State of Security) A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors

New POS Trojan created by mixing code from older malware (Help Net Security) A newly discovered POS Trojan is a perfect example of how easy it is for malware makers to come up with new malware — they can simply recycle code used in older malicious software

TeslaCrypt 2.0: Cyber Crime Malware Behavior, Capabilities and Communications (iSight Partners) As part of our normal course of operations as a cyber threat intelligence provider, we monitor the cyber crime underground and provide analysis to our clients on new and emerging threats

Coinvault, are we reaching the end of the nightmare? (SecureList) The ransomware sequel: alternative ways of profit harvesting

The Trojan Games: Odlanor malware cheats at poker (We Live Security) Whenever ESET malware researchers discover a new interesting attack, a new piece of malware, or an old threat evolving in an interesting way, we share the news on this blog

Scan of IPv4 Space for 'Implanted' Cisco Routers Finds Fewer Than 100 (Threatpost) A day after researchers detailed a technique that attackers are using to upload malicious firmware images to Cisco routers, academic researchers say they have scanned the entire IPv4 address space and discovered a total of 79 likely compromised routers - See more at: https://threatpost.com/scan-of-ipv4-space-for-implanted-cisco-routers-finds-fewer-than-100/114687/#sthash.C56T2XZI.dpuf

DNS Hijacks: What to Look For (Malwarebytes) The definition: The domain name system (DNS) is the way that internet domain names are located and translated into Internet Protocol addresses

800,000 fans of the Kardashians left exposed after privacy blunder (Hot for Security) Kim, Kendall, Khloe and Kylie. Some of the most famous people in the world with first names beginning with "K" launched their subscription-based apps, promising exclusive content from the Kardashian/Jenner clan earlier this week

American Airlines forced to ground flights over IT issues (ComputerWeekly) US airline confirms "connectivity issue" that prompted it to halt flights from several airports yesterday has now been resolved

How Mixed Content Compromises Security (Digicert Blog) When users visit a website secured by an SSL Certificate, they expect their data to stay safe. But what happens if only part of the site is secured?

Stolen credentials are key to avoiding breach detection (TechTarget) A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity

FBI and DHS Warn of Security Risks from the Internet of Things (Nextgov) The FBI and Department of Homeland Security have issued alerts about, in essence, the modern Internet

Security Patches, Mitigations, and Software Updates

Schneider Patches Plaintext Credentials Bug in Building Automation System (Threatpost) Industrial control manufacturer Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability

Google fixes an Android Lollipop lockscreen bypass bug — how bad was it? (Naked Security) Google pushed out its first-ever monthly security update for Android in August, fixing the Stagefright vulnerability that an attacker could use to own your device with a malicious MMS message

iTunes 12.3 brings support for two-factor authentication (Naked Security) Ever since a the celebrity nude photo scandal of 2014, in which many stars had their personal photos stolen out of their iCloud accounts, Apple's been keen to beef up its security

iOS 9 partially fixes critical, easily exploitable AirDrop bug (Help Net Security) Apple has released iOS 9. Along with many new and improved security and privacy features, fixes for a bucketload of security vulnerabilities have been included in this latest version of the company's mobile OS

Could iOS 9 be Apple's greatest gift to enterprise IT? (Network World) Apple's latest announcements for its mobile ecosystem had plenty to do with the enterprise

Cyber Trends

Hackers Are the Problem, Workers the Weak Point (CFO) It only takes one employee clicking on the wrong link to give away the keys to the kingdom

Top cloud security issue? Lack of visibility (Help Net Security) Lack of visibility into cloud deployments and associated provider security practices and controls is a source of major dissatisfaction amongst IT professionals, according to the SANS Institute

Marketplace

Cyber threats create new customers for defense firms (Busienss Insurance) A broadening wave of cyber attacks is drumming up new clients for defense companies as anxiety about the loss of sensitive data spreads from military chiefs to company bosses

Cyber Liability Insurance's Data Problem: Mining for Destruction (Tripwire: the State of Security) Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses

CSOs could see 7% raise next year (CSO) Recruiting and staffing specialist Robert Half Technology released its annual guide to U.S. tech salaries, which finds wireless networking engineers are in line for the biggest pay hike

Products, Services, and Solutions

Apple watchOS 2 on hold (but iOS 9 on fire!) (Naked Security) Apple's week has been a bit of a curate's egg

Black Duck Hub is MassTLC’s Innovative Technology of the Year in Security (Black Duck) Company launches initiative to improve security of increasingly popular container technology

G DATA unveils secure messaging app based on elliptic curve cryptography (FierceITSecurity) German antivirus firm G DATA released on Thursday its security messaging application, Secure Chat, which uses elliptic curve cryptography to provide secure communications on Android phones

Trustwave rides the mobile security wave with new cloud-based platform (FierceITSecurity) Endpoint security firm Trustwave is expanding its presence in the mobile security space with the launch Wednesday of its new cloud-based Secure Mobility Platform

What the LastPass CLI tells us about LastPass Design (System Overlord) LastPass is a password manager that claims not to be able to access your data

Reusing Passwords on Different Sites Should be OK (Virtual Strategy Magazine) Concept Blossom, creator of Synctuary encrypted file sync and sharing, declares that it is ok to reuse passwords at different sites where passwords are never exposed to servers

Technologies, Techniques, and Standards

Why the security industry needs a standardized framework for CASBs (TechTarget) The growth of CASBs has prompted the CSA and CipherCloud to team up to form the Cloud Security Open API Working Group

Vodafone's data breach a lesson for tech companies to be open about mistakes (Guardian) All telecommunications companies that handle Australians' personal data should take heed: report security lapses because you will get caught out too

The do's and don'ts of maintaining information security transparency (FierceITSecurity) A data breach can be embarrassing and reputation-damaging for an organization

Delving into an enterprise IoT initiative? Read this first (TechTarget) From the business problem to the technology, here's what CIOs need to know to get started on an enterprise IoT initiative

Managing shadow IT risk to the business (TechTarget) With more users turning to external IT platforms to meet business needs, IT professionals must take steps to start managing shadow IT

Small businesses must address security and privacy (Dell Power More) I've been working with hundreds of businesses over the past fifteen years, and I've found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy

Cybersecurity's Human Factor: Lessons from the Pentagon (Harvard Business Review) The vast majority of companies are more exposed to cyberattacks than they have to be

Design and Innovation

New Crypto Tool Makes Anonymous Surveys Truly Anonymous (Wired) At the end of a semester teaching an undergraduate math course a few years ago, Cornell Tech researcher and crypto professor Rafael Pass asked his students to fill out the usual anonymous online course evaluation

Academia

Cultivate a Talent Pipeline While Bridging the Cybersecurity Resource Gap (SecurityWeek) This is the time of year when students around the world head back to school. Many entering their final year of high school and those in college or at universities are thinking about courses of study that hold promising career opportunities, excitement, and challenge

University of Virginia will spend millions on new security after Chinese hack (Cavalier Daily) Hackers were present in University server since Spring 2014

Legislation, Policy, and Regulation

China tells US tech companies to sign PRISM-like cyber-loyalty pact (Ars Technica) "Pledge of compliance" may require companies to turn over data, install backdoors

The Chinese Cyber Threat in the South China Sea (Diplomat) ASEAN needs to get serious about the role of cyberspace in conflicts over the South China Sea

In First Live Interview, Britain's MI5 Chief Seeks More Powers to Fight Terrorism (New York Times) The head of Britain's domestic intelligence agency, MI5, appealed on Thursday for broader legal powers to deal with advances in technologies and what he described as a more diffuse and serious terrorist threat

MI5 chief Andrew Parker: Social media companies must reveal details of terror threats (Telegraph) Andrew Parker urges firms to disclose intelligence as he reveals six terror attacks foiled in year and level of plotting against UK at three-decade high

MI5 boss warns of technology terror risk (BBC) Advances in technology are allowing terrorists to communicate "out of the reach of authorities", head of MI5 Andrew Parker has told the BBC

MI5 vs WhatsApp — The Case for Cyber Espionage (Check & Secure) "In our country, do we want to allow a means of communication between people which we cannot read?"

Opinion: Why we should not fear a world of 'universal encryption' (Christian Science Monitor Passcode) The FBI's newest argument for why it needs built-in access to your encrypted digital communications demonstrates exactly why that's unnecessary

DoD CIO: Make it expensive for hackers to play (C4ISR & Networks) As recent events have shown, cyberattacks are extraordinarily expensive for the victims

The need for speed: How America's next military advantage relies on nimbler cybersecurity (Christian Science Monitor Passcode) Cyber attackers have speed on their side. This is how defenders can level the playing field — and get ahead

DoD hopes better cybersecurity automation will weed out 'basic players' (FierceGovernmentIT) The Defense Department is working with Silicon Valley to bolster cybersecurity with a specific focus on automating the detection and reaction of "zero-day" attacks on defense networks

Classified Smartphones, Silicon Valley Worker Swap and 3 Other Takeways from the Pentagon CIO Briefing (Nextgov) The Defense Department made news this spring when Ash Carter became the first defense secretary in almost 20 years to visit Silicon Valley

House Panel Approves Legislation that Allows Privacy Suits From EU Citizens (Legaltech News) Passage of the Judicial Redress Act clears the way for implementation of the Umbrella Agreement

Half of Security Pros Expect Cybersecurity to Be a Key Issue in 2016 Presidential Race (Tripwire: the State of Security) More than half (55 percent) of information security professionals anticipate cybersecurity will factor as a key issue in the 2016 U.S. Presidential race

Nozzolio: Excellus needs to answer questions about cyber attack, impact on consumers (Auburn Citizen) State Sen. Michael Nozzolio is urging a major health insurance company to provide more information to customers after a cyber security firm found a data breach in August

Head of NCA's cyber crime unit leaves for private sector job (ComputerWeekly) Andy Archibald, The National Crime Agency's head of cyber crime leaves to take up a job in the private sector

Litigation, Investigation, and Law Enforcement

AT&T says malware secretly unlocked hundreds of thousands of phones (TechWorld) AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones

BitPay insurance claim rejected due to contract wording (CSO) Having business partners Phished doesn't count insurance company says

U.S. prosecutor to be stationed at Europol for cyber crimes (Reuters via Yahoo! News) The United States will post a prosecutor at Europol, Europe's police agency, to enable closer cooperation on international cyber crime investigations, U.S. Attorney General Loretta Lynch said on Wednesday

Web Hosting Sites Largely Shielded From Data Breach Claims (Law360) Amazon Web Services Inc. and GoDaddy.com LLC recently slipped out of a suit brought by three former Ashley Madison users by agreeing to comply with future court orders to remove hacked data posted on their sites, and other hosting sites are likely to easily skirt such claims as long as they remain passive conduits for the stolen data, attorneys say

Expect HIPAA noncompliance fines for BAs soon, attorney says (FierceHealthIT) We should expect to see a HIPAA noncompliance enforcement action soon against a business associate

Tor relay turned back on after unanimous library vote (Naked Security) Live free or die

How a small New Hampshire library stirred up a digital rights debate (Christian Science Monitor Passcode) A pilot project to use computers in the Lebanon, N.H., library as servers for the anonymous Tor browser was celebrated by online privacy advocates but raised concerns among law enforcement

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities...

CyberCon 2015 (Pentagon City, Virginia, USA, November 18, 2015) CyberCon 2015 is the forum for dialogue on strategy and innovation to secure federal and defense networks, as well as private sector networks that hold their sensitive data

Upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Hacker Halted 2015 (Atlanta, Georgia, USA, September 13 - 18, 2015) EC-Council Foundation's flagship information security conference, Hacker Halted, will unite some of the greatest minds in information security, as industry experts address the latest threats and vulnerabilities...

Cyber Security Summit: New York (New York, New York, USA, September 18, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates...

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the...

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market.

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of...

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges...

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and...

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading...

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although...

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies,...

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and...

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent...

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together...

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to...

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on...

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The...

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic...

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.