skip navigation

More signal. Less noise.

Daily briefing.

The Panama Papers claimed their first high-profile scalp yesterday, as Iceland's Prime Minister Sigmundur Davíð Gunnlaugsson resigned over allegations that his family sought to conceal large amounts of money in offshore accounts.

How the Panama Papers leaked remains unclear, and presumably under investigation. The law firm whose papers they were—Mossack Fonseca—has called the incident "an email server hack" and definitely not an inside job. But this brief statement leaves a great deal unexplained.

How journalists sifted through the enormous trove of documents is perhaps a bit clearer. At any rate, Nuix says that its big data analysis tool Investigator Workstation was used by the Süddeutsche Zeitung and the International Consortium of Investigative Journalists as they developed the story over the past several months.

Security industry observers see the incident as a clear instance of two trends: first, the enormous quantity of highly sensitive information law firms hold, and, second, the relatively porous defenses with which those firms surround that information.

Avast warns that a malicious search-engine-optimization (SEO) campaign is attacking vulnerable WordPress and Joomla installations.

Some one hundred problematic Android apps have been found in the Google Play Store. Google has also booted the popular Chrome extension Better History after it was found to be hijacking browser sessions and redirecting users to ad pages.

Customized ransomware—which now calls its intended victims by name—has, Proofpoint researchers warn, turned up in spearphishing campaigns.

US NSA Director Rogers has recommended that Congress designate U.S. Cyber Command a Combatant Command.

Notes.

Today's issue includes events affecting Argentina, Australia, Austria, British Virgin Islands, China, Egypt, European Union, France, Germany, Iceland, India, Iran, Israel, Morocco, Netherlands, Niue, Panama, Qatar, Russia, Saudi Arabia, Serbia, Spain, Sweden, Turkey, Ukraine, United Kingdom, United States.

Tomorrow we'll be covering the CAMI Cyber Risk Management 360 conference in Baltimore, Maryland, on Thursday. Watch for our usual live-Tweets and extra.

Catch the CyberWire's Podcast later this afternoon, in which we'll talk with the University of Maryland's Ben Yelin on ransomware and HIPPA.

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) The IT Security Entrepreneurs Forum (ITSEF) offers a venue for entrepreneurs to meet leaders of government, business and the investment community for open collaboration on the challenges of cybersecurity.

Dateline Billington CyberSecurity International Summit

Setting the Conditions for Self-Organized Cooperative Security: the Billington CyberSecurity International Summit (The CyberWire) Apart from two sessions conducted under Chatham House rules and closed to the media, here's an account of the day's discussions. After welcoming remarks from conference organizer Thomas K. Billington, Deputy Secretary Alejandro Mayorkas of the US Department of Homeland Security opened the proceedings with the first keynote address

U.S. officials: World needs to follow our lead on cyber norms - Fedscoop (Fedscoop) Even as the U.S. government shores up its own beleaguered cyber defenses, its officials are touting their progress setting cybersecurity standards — saying the rest of the world should follow the U.S. to protect itself online.  Two U.S. officials — Deputy Homeland Security Secretary Alejandro Mayorkas and State Department Coordinator for Cyber Issues Chris Painter — implored a …

Cyber-Attack Against Ukrainian Critical Infrastructure (ICS-CERT) On December 23, 2015, Ukrainian power companies experienced unscheduled power outages impacting a large number of customers in Ukraine. In addition, there have also been reports of malware found in Ukrainian companies in a variety of critical infrastructure sectors. Public reports indicate that the BlackEnergy (BE) malware was discovered on the companies’ computer networks, however it is important to note that the role of BE in this event remains unknown pending further technical analysis

Cyber Attacks, Threats, and Vulnerabilities

Iceland PM steps aside after protests over Panama Papers revelations (the Guardian) Sigmundur Davíð Gunnlaugsson steps aside amid widespread anger over allegations his family attempted to hide millions in offshore account

Panama Papers: “It was an email server attack” (Naked Security) The Panama Papers – big breach, big news…but how did it happen?

'Panama Papers' leak details ties to insurance fraud in boat tragedy (Business Insurance) A fatal boating accident in upstate New York is cited among the 11 million documents released this week.

How an Aussie security firm broke the Panama Papers (CRN Australia) Nuix technology crunched the data for journalists.

Industry reactions to the Mossack Fonseca data breach (Help Net Security) The Panama Papers, a collection of 11.5 million files leaked from Panama-based law firm Mossack Fonseca, are now online. The documents show in detail just

Hackers branching out to law firms (Business Insurance) Move to "soft targets" opens door to merger & acquisition and potentially stock information for a bigger payday for cyber criminals.

Three-year-old IBM patch for critical Java flaw is broken (CSO Online) Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.

Black hat SEO campaign targets WordPress and Joomla installations (Help Net Security) In this Black hat SEO campaign, the attackers injected a fake jQuery script into the head section of the websites. It went unnoticed by random visitors.

Trojan found in more than 100 Android apps on Google Play Store (Graham Cluley) Researchers have uncovered a new strain of advertising spyware in more than 100 Android apps downloadable from the official Google Play Store.

Chrome extension was secretly redirecting users to ad pages (Naked Security) Somebody bought it and stuck in malicious code to redirect a user’s traffic through a proxy, show them ads and snoop on their web browsing.

Crypto ransomware targets called by name in spear-phishing blast (Ars Technica) Once the domain of espionage, personalized scams embraced by profit-driven scammers.

PowerWare or PoshCoder? Comparison and Decryption (AlienVault Blogs) PowerWare was brought to my attention by Carbon Black via their blog post. PowerWare is downloaded by a malicious macro-enabled Microsoft Word document that is distributed via a phishing email campaign. The malicious document in question attempts to convince the user to enable macros by informing them that the file is protected by Microsoft Office. This, of course, is a farce. Once the macro is enabled, the PowerWare payload will be downloaded and executed. PowerWare, unfortunately, is hitting

New Locky Ransomware Variant Implementing Changes in Communication Patterns (Check Point Software Blog) Recently, Check Point published a detailed report describing Locky, an emerging new ransomware threat, which was first reported on February 16, 2016. New characteristics related to its communication have now been observed in the wild.

Incident response teams dealing with 3 to 4 Ransomware incidents weekly (CSO Online) Ransomware has gone from a niche attack to a booming criminal market since its introduction in 2013. Dozens of organizations have faced Ransomware attacks this year, and some of them have turned to Stroz Friedberg for help. In an interview with Salted Hash, the company says they were dealing with three to four Ransomware cases per week in the first quarter of 2016.

BillGates Malware used in DDoS Attacks (Akamai Blog) By Bill Brenner, Akamai SIRT Senior Tech Writer Akamai's Security Intelligence Research Team (SIRT) continues to see the BillGates trojan/bot family of malware being used to launch DDoS attacks. Attackers who control the malware -- first disclosed on a Russian...

New Variant of TinyPOS Discovered (SecurityWeek) TinyPOS malware gathers input card data before the system can encrypt it, but is written in "'hand rolled' assembly language and comes in at only 5120 bytes."

Trump Thinks the U.S. Is Obsolete on Cyber. Are His Hotels Also? (Foreign Policy) Hackers reportedly stole credit card data from the GOP frontrunner's hotels.

Europe’s ports vulnerable as ships sail without oversight (Financial Times) Data show ships making unexplained stops in terrorist havens before entering European ports

Oculus Rift sparks Ts and Cs storm over sharing data with Facebook (Naked Security) Oculus Rift users can expect to share their “physical movements and dimensions when [using] a virtual reality headset” with Facebook and pals.

Hacker-for-Hire Market is Booming, Says New Report (WSJ) Intelligence analysts found that business is booming in underground markets for Russian and other hackers, according to a new report released Tuesday by security firm Dell SecureWorks Inc.

Security Patches, Mitigations, and Software Updates

Apple fixes iOS lock screen bypass that gives access to photos, contacts (CSO Online) Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.

WhatsApp is now encrypting all your messages, by default, all the time, end-to-end (Graham Cluley) WhatsApp has made a big announcement, that will help protect the privacy of its one billion users. End-to-end encryption on all communications sent via WhatsApp, enabled by default.

WhatsApp encrypts messages end-to-end: why you should care (Naked Security) WhatsApp has a chequered history when it comes to security and cryptography, so its news about end-to-end encryption makes happy reading.

WhatsApp’s new encryption won’t protect you unless you’re also doing all these things (Quartz) Intercepting your messages in transit is just one—indeed, possibly the least likely—of the ways someone might try to snoop on you.

YAFP (Yet Another Flash Patch) - SANS Internet Storm Center (SANS Internet Storm Center) SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.

Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching « Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching (FireEye) FireEye has seen the development of various third-party solutions that allow developers to remotely hot patch an iOS app on a non-jailbroken device without going through Apple’s review process, leading to security risks. This blog examines Rollout.io, a commercial solution that addresses the remote patching problem while remaining focused on security.

Update your ManageEngine Password Manager Pro ASAP! (Help Net Security) A security researcher has revealed 8 security vulnerabilities in ManageEngine Password Manager Pro and has released details and PoC code for each of them.

Cyber Trends

We Must Stop The Race to Attribution After Each Cyberattack (Fabius Maximus website) Summary: Cybersecurity expert Emilio Iasiello discusses one of the key issues in cybersecurity — how do we determine who attacked us? Each attack brings forth rapid declarations by the govern…

Distrust of Vendors Raises Questions on Data Security, Regulatory Compliance (Legaltech News) A large number of companies are skeptical about how their vendors would behave in the event of a breach.

5 reasons you need to hire a Chief Privacy Officer (CSO Online) Businesses are increasingly relying on data, but they're overlooking another key aspect of data: privacy. In order to keep up with the growing regulations surrounding data privacy, it may be time to hire a Chief Privacy Officer.

Smart home convenience, efficiency come with a data security price (FierceITSecurity) While the Internet of Things promises great convenience for consumers and greater efficiency for enterprises, that convenience and efficiency could come at a price in terms of data security risk

Article 29 Working Party still not happy with Windows 10 privacy controls (SC Media) The EU privacy watchdog has told Microsoft despite changes to the install screen, there is still no clear message of how Microsoft plans to process users' data.

Former Scotland Yard detective discusses cybercrime and threat intelligence (CSO Online) Former Scotland Yard detective discusses cybercrime and threat intelligence. Steve Santorelli, passionate about Internet Security and committed to bringing folks together to attack the problem in many ways.

Marketplace

Baltimore, St. Louis, Philadelphia, Selected As Top Cities for Entrepreneur Support By Peer Group of 16 US Cities (CityBizList) Pioneer class of 16 “VilCap Communities” leaders has committed to invest over $1 million in local ventures through peer-selection

Envisioning the CISO of 2020 (InfoRiskToday) Ahmed Baig, founder of the CISO Council of UAE, says security leadership via fear, uncertainty and doubt is a thing of the past. In fact, future CISOs who use those

Cybersecurity Luminaries Join KoolSpans Boards as Escalating Surveillance and Privacy Risks Drive Unprecedented Demand for Mobile Encryption (News On 6) Renowned Experts including Dr. Edward Amoroso, Eran Feigenbaum, Daniel Garrie, Adam Meyers, and Amit Yoran Join KoolSpan’s Board of Directors and Advisory Board

Products, Services, and Solutions

ThreatTrack Launches VIPRE® Endpoint Security (Yahoo! Finance) Latest VIPRE for Business solution is powered by the new VIPRE anti-malware engine, which ranks among the top-performing antivirus products in the world, according to AV-Comparatives

Spikes Security and Osterman Research Publish First-Ever Report on Use of Isolation Technology to Prevent Web-Based Malware Attacks (Yahoo) Spikes Security™, the isolation security company, today announced the availability of the industry's first-ever research that documents the increasing role of isolation technology as a defense against ...

CYBERBIT, Elbit Systems' Subsidiary, Awarded Contract to Supply an Intelligence and Cyber System to a Customer in Africa (WDRB) Elbit Systems Ltd. (NASDAQ and TASE: ESLT) ("Elbit Systems"), announced today that its subsidiary, CYBERBIT Ltd. ("CYBERBIT"), was awarded contract to supply intelligence and cyber analysis and research systems for a country in Africa. The contract, that is in an amount that is not material to Elbit Systems, will be supplied over a two-year period

Telstra talent helps vendor target Australia's cryptolocker 'epidemic' (CRN Australia) Fast-growing Cylance seeks to add local resellers.

1Password 6.2 for Mac has a bigger brain, offers easier import from other password managers (FierceCIO) AgileBits has released version 6.2 of its 1Password for Mac, which offers a selection of new features and upgrades

Opera Software founder launches Vivaldi, a new browser (Help Net Security) The Vivaldi UI uses React and JavaScript, as well as Node.js. The core of the browser uses Chromium, ensuring pages render quickly and accurately.

Subgraph OS: A hardened OS that prioritizes security (Help Net Security) Subgraph, an open source security company based in Montreal, release the alpha version of Subgraph OS, designed to with security AND usability in mind.

Swipebuster lets you spy on Tinder users – privacy lesson or invasion? (Naked Security) If you’ve ever wanted to know if your friends or lovers are using the Tinder dating app, now there’s a tool for you to find out.

Technologies, Techniques, and Standards

NIST outlines process for creating strong encryption standards (Federal Times) Researchers acknowledge this might put them at odds with law enforcement but stood by the need to protect sensitive information.

SEBI: Commodity Exchanges Need CyberSec Policy (InfoRiskToday) SEBI urges commodity derivatives exchanges to put resilient cybersecurity defences in place to protect themselves from growing attacks. Security leaders say such

FTC debuts web tool for health app makers (Fedscoop) The Federal Trade Commission unveiled a new online tool to help mobile health app developers figure out what federal laws and regulations might apply to their products. The tool asks developers a series of yes-or-no questions, each related to one of four possibly applicable laws: the Health Insurance Portability and Accountability Act, the Federal Food, Drug

Avoiding Legal Landmines in Data Breach Response (Dark Reading) Building a legally defensible cybersecurity program means seeking out guidance from legal advisors before a serious incident forces you together.

A reality check for security leaders on insider risk (CSO Online) Mike Tierney shares his insights on successfully implementing processes to combat insider risk by engaging the right people at the right time in the program

A retailer’s guide to cyber security (Information Age) In recent times, mobile smart devices and cloud-based platforms have been the predominant sources of new security challenges and have received the majority of attention by businesses. Their proliferation has rapidly produced ‘perfect storm’ conditions, with the traditional security models and practices in place unable to keep pace with emerging threats.  Added to this, the importance and amount of data retailers transmit within an omnichannel operational landscape makes the security challenge greater.   >See also: How retailers can combat the growing tide of cyber attacks Last year, 38% more security incidents were reported than in 2014, but the increase in the retail sector was an enormous 154%.  Here are the main security threats that retailers should address. 1. Making BYOD policies smart The benefits and risks with bring your own device (BYOD) at work are largely known.  Data leakage and control of intellectual property is at the top of the risk list, as users can easily…

Take it to the boardroom: Elevating the cybersecurity discussion (Help Net Security) Appointing a chief information security officer (CISO) to take the lead in keeping corporate data safe is a step taken by many forward-thinking companies.

5 security bad habits (and easy ways to break them) (CSO Online) Your end-users are often the weakest link in your organization's security strategy. Here are five solutions to help users strengthen their security posture.

Design and Innovation

Brave will pay you to see ads with its ad-blocking browser (Naked Security) You’ll get micropayments in Bitcoin if you opt in to see ads that won’t bog down page loading, track you like a blood hound or mess with your privacy.

How you move your mouse could stop cybertheft (CNBC) Biometric technology has swiftly emerged as a go-to solution for improving digital security and how fast you type could soon stop hackers.

Research and Development

Phishing Attacks Prevented by SCAM (ISS Source) Educating employees on how to recognize phishing emails, those authentic-looking messages that encourage users to open a malicious hyperlink or attachment that

Academia

Wendy Hall Named Kluge Chair in Technology and Society (The Library of Congress) Dame Wendy Hall, professor of computer science at the University of Southampton, England, and an early pioneer in serious research on computing and the web, has arrived at the John W. Kluge Center at the Library of Congress as the Kluge Chair in Technology and Society.

Hands-On CyberSec Skills Needed (InfoRiskToday) Each year the skills gap estimate for cybersecurity goes up, with few concerted, industry-wide efforts to address the issue. What organizations in all sectors truly

Legislation, Policy, and Regulation

Cyber Command Gets 'First Wartime Assignment' in Fight against ISIS (Military.com) The DoD's relatively new Cyber Command has received its "first wartime assignment" in the fight against the Islamic State.

Russia, China Are Greatest Cyberthreats, but Iran Is Growing (ABC News) Russia and China present the greatest cyber security threat to the U.S., but Iran is trying to increase and spend more on its capabilities, the Navy admiral in charge of the military's Cyber Command told Congress Tuesday

Senators bash Obama over cyber war policy (TheHill) “The administration’s cyber policy as a whole remains detached from reality,” McCain said.

U.S. Cyber Command should be combatant command, DoD's top cyber warrior says (Military Times) The head of U.S. Cyber Command told Congress that his command should be elevated to become its own unified combatant command, a move that would make it one of the most powerful institutions in the Defense Department.

Rogers reignites CYBERCOM combatant command discussion (C4ISRNET) ADM Mike Rogers says operational concerns are his priority.

Senate Leaders Set to Expand Role of U.S. Cyber Command in New Defense Bill (USNI News) The Senate Armed Services Committee’s version of the defense authorization bill will call for making U.S. Cyber Command a functional combatant command and also recommend consolidating some geographic commands, the panel’s chairman and ranking member said Tuesday. When asked at a hearing whether Cyber Command was mature enough for such a step, Adm. Michael Rogers …

On cyber, the U.S. can't seem to balance security and privacy (Military Times) “Worst-case scenario is we don’t have dialogue and then we have a major event,” said Adm. Michael Rogers, head of U.S. Cyber Command. “We have got to figure out how we can do this.”

CIA drops plan to destroy most email records (FierceGovernmentIT) Facing widespread criticism, the Central Intelligence Agency has formally withdrawn its plan to destroy email records of most agency officials, the National Archives and Records Administration told the Federation of American Scientists

DNI Clapper Signs IC Transparency Council Charter (IC ON THE RECORD) On April 5, 2016, Director of National Intelligence James Clapper formalized the transition of the Intelligence Community Transparency Working Group into a permanent IC Transparency Council with his signature on the Council Charter. The IC’s Transparency Working Group, made up of senior officers from across the Intelligence Community, was established over two years ago to develop the Principles of Intelligence Transparency, which provide guidance to the Intelligence Community on being more transparent with the public, while protecting the sources and methods necessary for performing its national security mission. The Working Group then created an Implementation Plan to put these Principles into action across the community. Recognizing the importance of the transparency initiative, the DNI directed that the Working Group be elevated to a permanent entity in the form of a Council. With its Charter in place, the Council will be responsible for overseeing the Transparency Implementation Plan and ensuring that transparency becomes a comprehensive and sustainable practice within the Intelligence Community. Read IC Transparency Council Charter (photo by Brian Murphy, ODNI Public Affairs)

Poll: People Don't Mind Hacking to Fight Terrorism (Morning Consult) The Federal Bureau of Investigation’s solution to opening a locked iPhone used by a San Bernardino shooter reflects how public generally wants government policing to work, a new Morning Consult poll shows. Voters do, however, think law enforcement officials should tell manufacturers about any vulnerabilities they exploit during criminal investigations. (See poll toplines and crosstabs.) A healthy majority of registered voters (57 …

The impact of the new Trans-Atlantic privacy law (CSO Online) After 20 years of relative calm regarding the handling of personal data of EU citizens by U.S. companies, events over the past six months have instigated widespread reform. While the resolution is yet to be confirmed, the building blocks for a modern, cross-border data privacy agreement have begun to take shape.

Litigation, Investigation, and Law Enforcement

FBI Analyzing Data From San Bernardino iPhone for Leads (WSJ) The Federal Bureau of Investigation is still analyzing data on the iPhone used by a San Bernardino, Calif., terrorist and won’t decide whether to talk about what it has found until after that examination is complete, a senior FBI official said Tuesday.

How a federal spy case turned into a child pornography prosecution (Washington Post) An investigation in California illustrated the use of national security powers in a criminal matter.

Stolen federal equipment puts sensitive data of millions at risk - again (FierceGovernmentIT) U.S. Senate investigators expressed frustration with Obama administration officials following the theft of a laptop and portable hard drives from a federal building in Washington state

State Department: Don’t Ask Hillary Aides About Classified Info in Lawsuit (The Daily Beast) Lawyers object to any attempt to ask Huma Abedin, Cheryl Mills, and others about how information was handled—and are dead set against Clinton testifying.

FBI director: No rush to finish Clinton email probe before convention (POLITICO) Making sure the inquiry is done "well" is more important than speed, he said.

Man given jail time for sending gun emoji to ex (Naked Security) It’s a mere emoji, not a death threat, his lawyer argued. A judge disagreed, sending the gun-texting ex-boyfriend to prison for 3 months.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage...

Upcoming Events

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event...

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing...

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills...

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

Cloud Security Expo 2016 (London, England, UK, April 12 - 14, 2016) Cloud Security Expo is a cloud security event with over 80 dedicated cloud security exhibitors, seven streams of content, over 150 security speakers, and 40 real cloud security and compliance case studies.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.