skip navigation

More signal. Less noise.

Daily briefing.

In separate actions Anonymous and associated hacktivists go after the governments of Vietnam and the Philippines, the former targeted in support of repressed dissidents, the latter because Anonymous is angry over slow Internet speeds.

Chinese intelligence services are said to have used data gleaned from the OPM breach to compromise US defense contractors and steal technical secrets. Observers wonder about the "lingering" and "ripple" effect of OPM's loss of 22 million people's records. (To achieve clarity about those ripples, note that an SF-86 questionnaire contains information not only about the applicant, but also about the applicant's family and associates, so 22 million is probably an order of magnitude low.)

Such cyber capers and tensions will be highlighted in the upcoming Sino-American summit. Both sides appear to be pulling in their horns, pre-talks, as security companies see Chinese operations slackening (the ministry for the governance of barbarians having apparently decided on a lighter hand, for now) and a pause in US progress toward sanctions (the sheriff not yet giving the posse the word to ride). Observers see an inflection point: either cyberwar or détente. The smart money's on détente, but it's been wrong before.

Apple purges the iStore, as compromised developers appear to have inadvertently introduced XCodeGhost malware into popular apps.

Private D-Link software keys appear to have been found in D-Link's open-source firmware.

Krebs has an interesting rundown of Verizon's post-mortem on the 2013 Target breach: once in, there seemed to be little to impede hackers' progress through point-of-sale systems.

Notes.

Today's issue includes events affecting China, Denmark, European Union, Finland, France, India, NATO, Netherlands, New Zealand, Norway, Philippines, Russia, Sweden, United Kingdom, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

Anonymous, AntiSec and HagashTeam Deface Vietnamese Websites in a Joint Operation (Softpedia) Three of the Internet's biggest hacktivism groups, Anonymous, AntiSec and HagashTeam, have carried out a joint operation in which they've defaced numerous pages on the Vietnamese government portal

Anonymous Philippines Hacks Telecom Commission Site Against Slow Internet Speed (HackRead) Anonymous Philippines, an affiliate of the online hacktivist group Anonymous, hacked and defaced the official website of the country's National Telecommunications Commission (NTC) Sunday afternoon

Report: Chinese Hackers Used OPM Data To Steal US Military Intel; 'Significant Risk To US Military' (Forbes) Chinese hackers used data stolen from April's OPM breach in recent thefts of terabytes of sensitive data from U.S. defense contractors, according to Trend Micro's Vice President of Cybersecurity Thomas Kellerman

After the OPM breach: ripple effects and lingering questions (GCN) This security breach of Office of Personnel Management systems that compromised the personal information of more than 22 million people continues reverberate throughout government

Apple's iOS App Store suffers first major cyberattack (Globe and Mail) Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet

XcodeGhost malware sneaks into the App Store, spooks millions of iOS users (Graham Cluley) If you're writing software for iOS or OS X, chances are that you will use Apple's Xcode library

Detecting XCodeGhost Activity (Internet Storm Center) End of last week, Palo Alto Networks published information about the "XCodeGhost" malware

China's awful internet speed has spread malware to millions of smartphones (Quartz) A security breach has affected Apple's App Store in China, potentially infecting millions of smartphones with malware and forcing the company to potentially remove hundreds of apps

Apple cleaning up iOS App Store after first major attack (Reuters) Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet

Windows Journal Vulnerability Disclosed Plus A Weekend Bonus (Fortinet) FortiGuard Labs disclosed a heap overflow vulnerability earlier this week in Windows Journal, a notetaking application developed by Microsoft that is included in Windows XP Tablet PC Edition, Windows Vista, Windows 7, Windows 8, and Windows 10

Active malware campaign uses thousands of WordPress sites to infect visitors (Ars Technica) 15-day-old campaign has spiked in past 48 hours, with >5,000 new infections daily

D-Link Accidentally Leaks Private Code-Signing Keys (Threatpost) A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage

Warning: Tax Credits Refund Phish (Malwarebytes Unpacked) Tax credit changes are something of a big deal in the UK at the moment, with an expected impact on finances for millions of people

Wire Fraud Phisher attempts to phish PhishMe, instead gets phished by PhishMe (PhishMe Blog) Every year PhishMe Simulator sends millions of phishing emails to its 500+ enterprise customers' employees worldwide. PhishMe is hands down the most robust and sophisticated phishing platform in existence

Inside Target Corp., Days After 2013 Breach (KrebsOnSecurity) In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses

Cyber-criminals increasingly targeting peer to peer and payday lenders, says new report (SC Magazine) A security technology company has highlighted how cyber-criminals are increasingly targeting online lenders

Five Bay Area news websites hacked, purpose unclear (KRON 4) Hackers took control of the five news websites of Embarcadero Media Group on Thursday night, according to the media outlet

Bulletin (SB15-264) Vulnerability Summary for the Week of September 14, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Security Patches, Mitigations, and Software Updates

Google Details Plans to Disable SSLv3 and RC4 (Threatpost) As expected, Google formally announced its intent to move away from the stream cipher RC4 and the SSLv3 protocol this week, citing a long history of weaknesses in both

After iOS 9 launches, Ad blockers top the App Store chart (Naked Security) Ads are larger and harder to dismiss on mobile, they slow down page loading with JavaScript, that in turn leads to burned battery power, they waste the cellular data that many of us have to pay for on a metered basis — and they can be used to deliver malware, exploits and fraud

iOS 9 breaks VPNs, prevents server access for many (InfoWorld via CSO) Cisco AnyConnect and other VPNs may or may not work for your servers, as Apple breaks split-tunnel compatibility

Zerodium Hosts Million-Dollar iOS 9 Bug Bounty (Threatpost) Exploit vendor Zerodium, a company started by VUPEN founder Chaouki Bekrar, today announced it will host a month-long million-dollar bug bounty focused on Apple iOS 9

Cyber Trends

The Biggest Problem with the Internet of Things? Hint: It's Not Security (Tech.co) Security is a major concern with those who are watching the development of the Internet of Things

Safeguarding the Internet of Things (Wall Street Journal) The Internet of Things delivers new ways to create and capture business value, but also creates some frightening new vulnerabilities that organizations must take specific actions to address

The real concerns about artificial intelligence (CSO) Speakers at the DARPA Wait What? Future Technology Forum discuss their concerns with artificial intelligence — software bugs and other security issues top the list, rather than AI robots becoming sentient and taking over the world

Corporate employees using unsecure apps for work: IBM (SC Magazine) When it comes to security many corporate employees are willing to take the risk of using unsecured, third-party apps if it means making their job easier, a new IBM Security study found

Cybersecurity Demands Culture Change, DoD Official Says (US Department of Defense) A change in culture is needed to protect against threats in the rapidly changing cyber domain, the Defense Department's chief information officer said here yesterday

Just How Costly, Fast-Growing Is Cyber Risk? (Insurance Journal) Cyber risk is costing the global economy $445 billion annually, $108 billion of which comes from the U.S., according to a new report

It Usually Takes Half a Million Dollars to Recover from a Data Breach (Softpedia) A survey carried out by Kaspersky and B2B International on 5,500 companies in 26 countries highlighted the importance of securing a company's IT infrastructure against accidental or intentional data breaches

UK Is The Champion Of Keeping Businesses Safe Online (TechWeek Europe) Trend Micro study finds that UK beats out European neighbours when it comes to dealing with cyber-attacks

Marketplace

Cyber-risk Knowledge Gap Widens Between C-Suite and IT (Infosecurity Magazine) When it comes to alerting C-suite executives about cyber-risk, IT and security professionals are still doing a terrible job, bogged down in technical jargon and a lack of business context

Global cyber-insurance market predicted to growth to £4.8bn by 2020 (SC Magazine) New research by PwC predicts that the global cyber-insurance market could expand to US$ 7.5bn (£4.8bn) in annual premiums by 2020

Insurers struggling to shield businesses from cyber attack risk (V3) The unpredictable nature of cyber attacks is making it hard for the insurance industry to create policies that offer adequate protection for businesses facing this threat

Cybersecurity Poses Challenge to Accountants (Accounting Today) Accountants need to be at the forefront of cybersecurity to safeguard the sensitive personal and corporate financial information they handle, according to a new report

Six things HR needs to know about cyber security (People Management) Information protection is no longer just IT's responsibility

Products, Services, and Solutions

New IBM Tool Wants To Bring Shadow IT Under Control (TechCrunch) This morning IBM introduced a new tool called IBM Cloud Security Enforcer, whose purpose as you might guess is helping IT to root out unauthorized cloud apps inside organizations

IBM's upcoming blockchain release could change the internet (ExtremeTech) IBM has announced that it will soon release its own, open source version of blockchain software

Webroot's Flagship BrightCloud® Threat Intelligence Platform Earns Top Cybersecurity Honors from Frost & Sullivan (PRNewswire) Based on its recent market analysis, Frost & Sullivan recognizes Webroot with the 2015 North American Cybersecurity for Robotics & Industrial Control Product Leadership Award

FinalCode secures docs with file encryption software (TechTarget) FinalCode's software allows IT to keep tabs on all their corporate docs

Technologies, Techniques, and Standards

IT metrics for security services (IT World Canada) Information Technology, especially the next generation of Social, Mobile, Analytic and Cloud (SMAC) technologies, is a complicated beast (the tale of the blind men describing the elephant seems to fit well)

What Do You Do When Employees Start Using a Free Cloud Service? (Harvard Business Review) What do you do as CIO when people in your company start using a free cloud service that's better than the similar service you deployed for them at great expense?

Tighten up your cyber security strategies now (CSO) While there are many security offerings to help an organization better protect itself from the onslaught of cyber threats knocking on its perimeter, no one solution is enough to reduce risk in this dynamic landscape

5 things that Facebook's security guru says every user should do to be safe online (Business Insider) Facebook has over 1.49 billion monthly active users, with people in the US spending a staggering 27 hours on the social networking site every month

Securing the retail experience: Tips to avoid the disastrous data breach (Retail Customer Experience) Data breaches, stolen credit card data and hacking into databases are becoming everyday scenarios for both small and large retailers

Dealing with a Data Breach and Maintaining Customer Trust (Point of Sale News) Retailers rely on the satisfaction and trust of their customers in order to successfully operate and grow; unfortunately, many businesses may be neglecting to prioritize protecting their customers' data

Malvertising: How can enterprises defend against malicious ads? (TechTarget) Malicious ads are becoming an increasing threat vector

Symantec Says Not to Pay When Data Gets Caught in Ransomware (Observer) Companies that pay a data ransom end up paying more data ransoms

Research and Development

The Tricky Encryption That Could Stump Quantum Computers (Wired) On August 11, the National Security Agency updated an obscure page on its website with an announcement that it plans to shift the encryption of government and military data away from current cryptographic schemes to new ones, yet to be determined, that can resist an attack by quantum computers

Pentagon is building massive database to stave off vulnerabilities (Daily Times Gazette) The Pentagon will build a massive database of all the vulnerabilities for the government to stay one-step ahead of the hackers

Encouraging information security research for the real world (Harvard John A. Paulson School of Engineering and Applied Sciences) PayPal co-founder Max Levchin announces cryptongraphy prize during visit to SEAS

Academia

NSA Codebreaker Challenge 3.0 (I Programmer) NSA, the United States National Security Agency, is challenging university students in the US to exercise their reverse engineering and low-level code analysis skills while working on a fictitious, yet realistic, security threat

Computer science program to put on Hackathon (Eastern Echo) Eastern Michigan University students have the opportunity to test their computer-programming and code-writing skills over a 24-hour period in a "Hackathon"

Legislation, Policy, and Regulation

U.S. and China Seek Arms Deal for Cyberspace (New York Times) The United States and China are negotiating what could become the first arms control accord for cyberspace, embracing a commitment by each country that it will not be the first to use cyberweapons to cripple the other's critical infrastructure during peacetime, according to officials involved in the talks

Is The U.S. And China's Cyberwar Reaching A Detente Or A Flashpoint? (TechCrunch) Chinese President Xi Jinping will be visiting the U.S. this week and his trip could not have come at a more critical time, as the cyber-conflict between Beijing and Washington is reaching a tipping point

Chinese computer hack attacks slow ahead of Obama summit: experts (Reuters) Major intrusions by Chinese hackers of U.S. companies' computer systems appear to have slowed in recent months, private-sector experts say, ahead of a meeting between China's president and President Barack Obama with cyber security on the agenda

US Reportedly Not Planning Cyber-Sanctions Before Xi Visit (Disptach Times) Among them, Guo Yushan was released on September 14 in a move believed created to appease the United States ahead of Xi's visit, rights groups said

Intelligence official: Not our job to warn OPM of cyber threat (CNN) A top national intelligence official says the intelligence community had no responsibility to warn the Office of Personnel Management about vulnerabilities that led to the massive hack of more than 21 million sensitive federal employee records — despite the incident now being a significant national security risk

Cyber: the opposite of the Cold War? (C4ISR & Networks) The cyber domain draws many comparisons to the domains and conflicts that came before it in military history

While the US Army Sharpens Its Cyber Defenses, the Navy Faces the 'Real' Deal Right Now (Defense One) U.S. Fleet Cyber Command conducts 'real world operations because they're there, and we don't have a choice' while the Army's Cyber Command is cautiously getting on its feet

Should Hacked Feds Lose Security Clearance? (Defense One) DHS security chief is considering a tough-love approach after some senior officials fail repeated tests

Five myths about classified information (Washington Post) The controversy over Hillary Clinton's use of a private e-mail account while she was secretary of state has centered on whether she used it to send or receive classified messages

Indian draft rules on encryption could compromise privacy, security (CSO) The government's focus is on ensuring access to information by law enforcement agencies

EU Data Protection Legislation: Is your employee data safe? (ITProPortal) The past year has seen a flurry of high-profile data security breaches in the news, with the exposure of customer details and credit card information frequently hitting the headlines

Litigation, Investigation, and Law Enforcement

Chaffetz demands mysteriously deleted OPM breach data (FCW) Oversight and Government Reform Chairman Jason Chaffetz wants OPM to explain its handling of a CyTech Services incident response tool

France tells Google to remove search results globally, or face big fines (Ars Technica) Google fears complying would lead to a race to the bottom for online freedom

Public-private co-operation in the Nordics tackles growing cyber crime threat (ComputerWeekly) Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase

SONY HACK WAS WAR says FBI, and 'we're still struggling to hire talent' (Register) Cybercrims may be safe at home, but Feds dare them to go on holiday

BYOD: Convenience or Data Security Disaster? (Legaltech News) Without proper oversight, personal devices in the workplace can be a nightmare for not only IT but also for legal

BitPay loses $1.8m in phishing attack (Finextra) BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses

To Catch Ransomware Suspects, Dutch Police Relied on a Russian Security Firm (Motherboard) In the latest example of the close-knit relationship between private cybersecurity companies and law enforcement, two men from the Netherlands have been arrested on suspicion of creating a piece of ransomware that infuriated victims for just over a year

Volkswagen shares plunge on emissions scandal, Germany plans own probe (Rueters) Volkswagen shares plunged more than 20 percent on Monday, their biggest ever one-day fall, after news that the German carmaker had rigged U.S. emissions tests

Three Symantec Employees Fired for Issuing Fake Google SSL Certificates (Softpedia) Symantec was forced to fire 3 employees after Google's engineers found rogue SSL certificates issued in its name used in the wild

Kim Dotcom US extradition hearing begins (BBC) The long-awaited extradition hearing for internet entrepreneur Kim Dotcom has begun in Auckland, New Zealand

Debate Continues Over Impact of Snowden Leaks (Legaltech News) Some consider Edward Snowden a hero. Others see him as a traitor. Many fall somewhere in between

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

Data Breach Investigation Summit (Dallas, Texas, USA, September 21 - 26, 2015) Data Breaches are occurring at an alarming rate and increasing in their scope, frequency and impact and they don't discriminate by industry, geography or organization size. When a breach occurs, organizations,...

St. Louis SecureWorld 2015 (St. Louis, Missouri, USA, September 22 - 23, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

OWASP APPSECUSA (San Francisco, California, USA, September 22 - 25, 2015) The premier gathering of developers, security experts and technologists to discuss cutting edge approaches to secure web applications

MeriTalk: Cyber Security Brainstorm (Washington, DC, USA, September 23, 2015) Co-locating with the NIST Cloud Security Working Group, this MeriTalk Brainstorm has an excellent program lined up, featuring keynote speakers Allison Tsiumis (Section Chief, Cyber Intelligence Section,...

SAT 2015: 18th International Conference on Theory and Applications of Satisfiability Testing (Austin, Texas, USA, September 24 - 27, 2015) The International Conference on Theory and Applications of Satisfiability Testing (SAT) is the premier annual meeting for researchers focusing on the theory and applications of the propositional satisfiability...

CSS (International Conference on Cryptography and Security Systems) (Warsaw, Poland, September 25 - 27, 2015) After three years' break, CSS is returning in 2017 with another great look at the evolution of cryptography and its role for the cyber security industry. This event is focused on presenting original and...

Business Insurance Cyber Risk Summit 2015 (San Francisco, California, USA, September 27 - 28, 2015) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

ASIS International (Anaheim, California, USA, September 28 - October 1, 2015) The ASIS Annual Seminar and Exhibits boasts of being one of the world's most influential events for security professionals. Its mission is to provide industry-leading education, countless business connections,...

CYBERSEC European Cybersecurity Forum (Kraków, Poland, September 28 - 29, 2015) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity. The goal of CYBERSEC...

(ISC)² Security Congress (Anaheim, California, USA, September 28 - October 1, 2015) Proudly colocated for the fifth year in a row, (ISC)² Security Congress 2015 and ASIS International 61st Annual Seminar and Exhibits (ASIS 2015) expect more than 19,000 professionals worldwide from...

Cloud Security Alliance Congress at P.S.R. (Las Vegas, Nevada, USA, September 28 - October 1, 2015) The industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. Offering best practices and practical...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Threat Intelligence Summit 2015 (ChampionsGate, Florida, USA, September 29 - 30, 2015) The threat landscape is getting bigger and more complex, the tools more plentiful, the amount of digital information increasingly massive, and the skills needed to navigate this terrain seem to multiply...

hardwear.io: Hardware Security Conference and Training (The Hague, Netherlands, September 29 - October 2, 2015) Do you trust your hardware? Learn from experts about backdoors, exploits, trust, assurance and attacks on hardware equipment, firmware and related protocols

VB2015 (Prague, Czech Republic, September 30 - October 2, 2015) The VB2015 programme includes 38 papers on a wide range of security topics. As in previous years, the presentations will run in two parallel streams and the programme includes both technical and less technical...

IT Security one2one Summit (Austin, Texas, USA, October 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates...

ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, October 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the...

Smart Industry (Chicago, Illinois, USA, October 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market.

Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, October 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of...

Buy-Side Technology North American Summit (New York, New York, USA, October 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges...

IP Expo Europe (London, England, UK, October 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and...

Cyber Security Europe (London, England, UK, October 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading...

Annual Privacy Forum 2015 (Luxemburg, October 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although...

Homeland Security Week (Arlington, Virginia, USA, October 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies,...

(ISC)² SecureTurkey (Istanbul, Turkey, October 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and...

AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, October 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent...

BSides Raleigh (Raleigh, North Carolina, USA, October 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

HITB GSEC Singapore (Singapore, October 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast

ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, October 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together...

New York Metro Joint Cyber Security Conference (New York, New York, USA, October 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters

Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, October 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities...

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to...

SecTor (Toronto, Ontario, Canada, October 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

CSX 2015 (Washington, DC, USA, October 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on...

Cyber Defense San Diego 2015 (San Diego, California, USA, October 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for...

2015 Cyber Risk Insights Conference (New York, New York, USA, October 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20,...

2015 Government Cybersecurity Forum (Washington, DC, USA, October 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate,...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, October 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at...

Swiss Cyber Storm (KKL Lucerne, Switzerland, October 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The...

Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, October 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic...

DevSecCon (London, England, UK, October 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the...

Ruxcon 2015 (Melbourne, Australia, October 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2015 North American International Cyber Summit (Detroit, Michigan, USA, October 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight...

ICS Cyber Security Week (Atlanta, Georgia, USA, October 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following...

Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, October 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at...

Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, October 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection...

Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, October 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme...

Data Breach Summit Asia 2015 (Mumbai, India, October 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent...

Technology & Cyber Awareness Day (Aurora, Colorado, USA, October 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and...

CyberMaryland 2015 (Baltimore, Maryland, USA, October 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"

Cyber Security World 2015 (Washington, DC, USA, October 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private...

Hackito Ergo Sum (Paris, France, October 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking,...

8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, October 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.