skip navigation

More signal. Less noise.

Daily briefing.

A large malvertising campaign has hit nearly 300 popular sites in the Netherlands. Fox-IT saw the attack in its early stages Sunday; it's now affected some of the country's largest media sites.

The Panama Papers' unnamed but widely looked for dogs-in-the-night haven't barked, yet, although Russia Today helpfully (and no doubt disinterestedly) points to hints in the documents suggesting that Western "secret agents" (they're looking at you, CIA) were using Mossack Fonseca to hide various things they were up to. Speculation about how the leak happened continues, with social engineering of email server credentials, "buggy" WordPress plug-ins, and an outdated Drupal instance heading the list.

Carbon Black reiterates warnings about exploitation of PowerShell.

Ransomware continues to rise in criminal favor. G-Data describes a new strain, "Manamecrypt." Other researchers release more decryption tools (in justice, criminal developers seem at least as sloppy as legitimate coders).

Observers of the black market see increasing professionalization on the part cyber criminals, with credit card fraud serving, essentially, as their source of angel funding (especially for Russian gangs).

Yesterday was Patch Tuesday, and Microsoft released what Threatpost calls a "lucky thirteen" baker's dozen of fixes. Among them is a patch for the much-feared Badlock vulnerability, which turns out to be less catastrophic than its logo suggested. Samba also addressed Badlock.

Cyber security stocks are showing mixed results so far this week, with analysts divided over their prospects.

The FBI apparently paid some gray hats to unlock the San Bernardino iPhone, and not Cellebrite after all.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Costa Rica, European Union, Iraq, Panama, Peru, Philippines, Russia, Syria, Taiwan, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day.

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016) ITSEF introduces entrepreneurs to government, business and investment leaders for open collaboration on cybersecurity challenges. Register today.

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

The Panama Papers – could it happen to you? (Naked Security) Here’s a good guess: a month ago, you’d never heard of a company called Mossack Fonseca.

Panama Papers: Spy agencies widely used Mossack Fonseca to hide activities (Russia Today) Intelligence agencies from several countries, including CIA intermediaries, have abundantly used the services of Panamanian law firm Mossack Fonseca to "conceal" their activities, German newspaper Sueddeutsche Zeitung (SZ) says, citing leaked documents

Massive malvertising attack poisons 288 sites (Naked Security) A malvertising campaign has swamped most of the Netherlands’ most popular sites, affecting millions of users

Attackers are using Microsoft's PowerShell to cloak their activities, warns Carbon Black (FierceITSecurity) There has been a substantial increase of attackers exploiting Microsoft's PowerShell, a Windows task automation and configuration management framework, during cyberattacks, according to a study [.pdf] released Tuesday by security firm Carbon Black

‘PowerShell’ Deep Dive: A United Threat Research Report (Carbon Black) A data analysis of how PowerShell is being used for malicious intent, based on 1,100 investigations conducted by more than two dozen Carbon Black security partners

How Bad is Badlock (CVE-2016-0128/CVE-2016-2118)? (TrendLabs Security Intelligence Blog) News about Badlock vulnerability affecting Windows computers and Samba servers started showing up on Twitter and media around three weeks ago

Badlock revealed – probably not as bad as you thought (Naked Security) A few weeks ago, we wrote about an unusual sort of vulnerability called Badlock

Mac Users Attacked Again by Fake Adobe Flash Update (Intego Mac Security Blog) Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers

Apple Bug Exposed Chat History with a Single Click (Intercept) In the middle of intense public debate over whether Apple should be forced to help the government decrypt iPhones for criminal investigations, the company quietly closed a six-month-old security vulnerability in its Messages app

G DATA entdeckt neue Ransomware Manamecrypt (Pressebox) Verschlüsselungstrojaner nutzt ungewöhnlichen Verbreitungsweg

Ransomware Threat Levels: Elevated. Executives, are You Listening? (Health Leaders Media) Have executives run out of excuses to postpone increasing security awareness, employee training, and overall IT security budgets? Based on events of the past two months, one could make a pretty compelling case

With few options, companies increasingly yield to ransomware demands (IDG via CSO) Attackers view stolen or encrypted data as a powerful weapon

Ransomware: Extortionist hackers borrow customer-service tactics (Reuters) When hackers set out to extort the town of Tewksbury, Massachusetts with "ransomware," they followed up with an FAQ explaining the attack and easy instructions for online payment

The Professionalisation of Cyber Criminals (INSEAD Knowledge) Opportunistic hackers are taking advantage of the maturing dark web markets and Cybercrime-as-a-Service business model to professionalise their activities

How credit card fraud in the US supports Russia's underground economy (ZDNet) HPE's deep dive into the Internet's underbelly reveals how worldwide operators cash in on your data

Political statements largely behind DDoS attacks (CSO) US has highest number of DDoS attacks in Q1, surpassing Turkey as the top target for geopolitical events

Defining the threat in the energy sector (CSO) By analyzing their motivation and procedures we gain a better understanding of who might be a target and why

Airbus boarded by 12 nation-state, crimeware 'breaches' every year (Register) State-sponsored hackers will do 'everything' to get in, says CISO

Only a third of companies know how many vendors access their systems (CSO) The average company's network is accessed by 89 different vendors every week

True Story: What I Found Out About a Person After Having Accidentally Found Their Travel Card (Heimdal Security) I was strolling on the alley that leads to the street where my home in Brussels is, and I was looking at the trash bags on the sidewalk. It was the white trash bags day (household waste), and I tend to look at it attentively, ever since a couple of glass containers saved me from taking the metro the day the Brussels terrorist attacks happened last month (because I stopped to drop them off at a glass container closer to the bus)

Security Patches, Mitigations, and Software Updates

Microsoft Unleashes 13 Bulletins, Six Critical (Threatpost) Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock

Samba Security Updates Address Badlock Vulnerabilities (US-CERT) The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition

Adobe Releases Security Updates (US-CERT) Adobe has released security updates to address vulnerabilities in Flash Player, Creative Cloud Desktop Application, and RoboHelp Server. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

Adobe zero-day update gets top billing in April Patch Tuesday (TechTarget) An Adobe zero-day update received top billing as Microsoft released its April Patch Tuesday fixes

Verizon pushes security patch update to the Moto X 2014 (Android Central) Verizon is now rolling out an update to the Moto X (2014) that brings along the latest Android security patches

Cyber Trends

Survey: Two-thirds of security pros believe a US catastrophic cyberattack is coming within a year (FierceITSecurity) Close to two-thirds of 200 security industry execs who were surveyed at the RSA Conference by privileged account management provider Thycotic believe terrorists are capable of launching a catastrophic cyberattack on the U.S. within one year

Panama Papers Leak Signals a Shift in Mainstream Journalism (New York Times) Four years passed between The New York Times’s first article based on the Pentagon Papers and the end of the Vietnam War

Open source code is rarely patched when vulnerabilities are found (FierceCIO) Open source code is a convenient and cost-effective way for developers to build apps. However, as CIO noted in a recent article, once that code makes its way into an app, it's rarely ever updated to fix vulnerabilities that are found later. CIO offered up some tips on how to keep open source products secure

Malware is getting nastier, but that shouldn’t matter (Computerworld via CSO) Sure, cybercriminals are always improving their wares, but nothing has changed about how our machines actually get infected

Poor cybersecurity can derail corporate innovation, mission-critical initiatives (FierceITSecurity) A full 71 percent of 1,014 senior executives in 10 countries surveyed by Cisco said that concerns over cybersecurity are impeding innovation in their organizations, and close to 40 percent said that they have halted mission-critical initiatives due to cybersecurity issues

Top 10 business risks in the Americas (Property Casualty 360) For the fourth year in a row, business interruption risks (including supply chain disruption) rank as a top three global risk, according to the Allianz Risk Barometer

Risk management hinges on perspectives and observations (Business Insurance) Having the right perspective, collaborating with the right partners and being able to pick up on telltale signs of deception are critical tools for risk managers

Attacks are driving cloud security market growth (Help Net Security) The global cloud security market is expected to grow at a CAGR of over 20% until 2019, according to Technavio

PH twice likely to face cyberattacks than worldwide average (Rappler) FireEye representatives say at least 3 advanced persistent threat groups (APTs) and a number of other advanced threat actors are targeting the country

Marketplace

Cybersecurity firm Optiv (previously Accuvant and FishNet Security) has acquired IAM firm Advancive (Silicon Angle) Cybersecurity solutions provider Optiv Security, Inc. (previously Accuvant and FishNet Security) has acquired identity and access management (IAM) firm Advancive LLC for an undisclosed sum

This Is Why Shares of Juniper Networks Are Sliding (Fortune) It was a dark start to the earnings season when cybersecurity and hardware maker Juniper Networks JNPR -6.19% posted a preview to earnings Monday, cautioning investors to expect a weaker first quarter due to lower demand for its computer network for businesses

Cisco Systems, Inc (CSCO) Falls After Juniper Networks, Inc. Cuts Guidance (Bidness Etc.) Cisco stock slipped over 2% today, after peer Juniper Networks slashed its quarterly guidance based on soft demand in the enterprise space

Fortinet (FTNT) Weak On High Volume Today (TheStreet) Trade-Ideas LLC identified Fortinet ( FTNT) as a weak on high relative volume candidate. In addition to specific proprietary factors, Trade-Ideas identified Fortinet as such a stock due to the following factors

Analysts Keeping an Eye on Palo Alto Networks, Inc. (PANW) (CWRU Observer) Wall Street analysts have favorable assessment of Palo Alto Networks, Inc. (PANW), with a mean rating of 1.7. The stock is rated as buy by 19 analysts, with 21 outperform and 3 hold rating. The rating score is on a scale of 1 to 5 where 1 stands for strong buy and 5 stands for strong sell

Proofpoint’s (PFPT) Outperform Rating Reaffirmed at Wedbush (Washington News Wire) Proofpoint Inc (NASDAQ:PFPT)‘s stock had its “outperform” rating reiterated by analysts at Wedbush in a research note issued on Tuesday, AnalystRatings.NET reports

FireEye CEO Says that Obama-China Deal Hurt His Business (DCInno) With FireEye's braintrust in town for the company's annual D.C.-based government forum event, we got a chance to speak with CEO Dave DeWalt and President Kevin Mandia. Interestingly, FireEye (FEYE)—the cybersecurity giant and parent company of local brands Invotas and Mandiant—experienced a turbulent 2015

How Verizon finds IoT innovation outside its four walls (Network World) Verizon Ventures digs into enterprise Internet of Things to fill gaps, build for the future

CIOReview Honors LookingGlass Cyber Solutions Among The 20 Most Promising Enterprise Security Companies in 2016 (BusinessWire) LookingGlass Cyber Solutions, the leader in threat intelligence and dynamic threat defense, today announced that CIOReview has ranked LookingGlass Cyber Solutions among the 20 Most Promising Enterprise Security Companies in 2016

Cryptzone Wins Cyber Defense Magazine Awards Across Multiple Categories (Cryptzone) Cryptzone earns gold for The Cutting Edge Solution for Access Control and The Most Innovative Data Leakage Prevention Solution

Air Force awards $11.5M intranet contract (C4ISR & Networks) Cyber Defense Information Assurance has been awarded an $11.5 million Air Force contract modification for network support

How to prepare for your first infosec job hunt (Help Net Security) You’re new to the information security industry and you’re wondering what to expect during an interview. A quick online search will bring up horror stories involving large IT corporations asking absurd questions like “How much should you charge to wash all the windows in San Francisco?”

Fort Gordon Cyber Command continues growth (WRDW News 12) As Fort Gordon breaks ground on a new part of the Cyber Command Center, and add thousands of new jobs over the next few years, experts already in the cyber security field say there's even more coming

ThreatQuotient Appoints Faraz Siraj to Lead New Threat Alliance Program (Threat Quotient) Industry veteran brings over 20 years of experience and proven track record building successful sales and channel initiatives

CYBERBIT Names Cyber Security Veteran Stephen Thomas - CYBERBIT Commercial’s VP Sales, North America (CYBERBIT) CYBERBIT Ltd., a subsidiary of Elbit Systems Ltd., announced today that Stephen Thomas, formerly Vice President, Americas Channel Sales at Symantec, has joined CYBERBIT Commercial Solutions Inc. (CYBERBIT Commercial) as Vice President of Sales for North America

Don Jackson Joins Damballa as Senior Threat Researcher (BusinessWire) Damballa, the experts in network security monitoring for advanced threats, announced today that security veteran Don Jackson has joined the firm as a Senior Threat Researcher

Products, Services, and Solutions

BeyondTrust Strengthens Cybersecurity Capabilities for Customers, Joins the FireEye Cyber Security Coalition (BeyondTrust) BeyondInsight analytics for advanced cyber threat detection and response enhance FireEye’s security platform

GoPhish: Free phishing toolkit for training your employees (Help Net Security) Too many system and network breaches today start with a well-designed, persuasive phishing email, and organizations and businesses would do well to continually train their staff to spot bogus and potentially malicious emails

Netwrix Auditor 8.0: Visibility into hybrid cloud IT infrastructures (Help Net Security) Netwrix released Netwrix Auditor 8.0. The new version of the IT auditing platform simplifies detection of security threats and enables organizations to gain control over critical data across all levels of IT environment, including hybrid cloud and storage appliances

FireEye Leads the Security as a Service Transformation With Expansion of FireEye as a Service (MarketWired) The only intelligence-led platform delivered as a service expands threat coverage and adds new partner program to solve security resource challenges and prioritize response against threats

Proofpoint Stops Impostor Emails with Industry’s Only Dynamic Fraud Protection (EconoTimes) New dynamic classification ensures organizations worldwide are quickly protected from socially-engineered impostor emails, also known as business email compromise (BEC) or CEO fraud

Attivo Networks and Blue Coat Improve Incident Response Time With Automated Information Sharing (MarketWIred) Partnership enables customers to promptly block attacks and quarantine infected devices

Sumo Logic Announces Industry's First Machine Data Analytics Platform That Unifies Logs and Metrics Data (MarketWired) Powered by patented machine learning technology, structured and unstructured data is now transformed into real-time continuous intelligence for modern applications

Technologies, Techniques, and Standards

Security Think Tank: Using vulnerability management to support the patching process (ComputerWeekly) What strategies can companies adopt to deal with the huge volume of software updates they are facing?

Panama Papers: A data security disaster (Help Net Security) The Panama Papers security breach is a juicy, made-for-the-Internet scandal. It has all the elements – secret off-shore accounts; involvement by international politicians, criminals, celebrities and sports stars; 11.5 million files cyber-filched from a law firm’s files and then leaked to the media

5 Critical Considerations for DLP: a Q&A with Brian Reed (Digital Guardian) The Gartner DLP research director recently participated in a Q&A to answer some of your top questions about data loss prevention. Read the interview for more

CryptoHost locks files, but you can get them back (Help Net Security) If you’re a user whose files are held for ransom by the CryptoHost (aka Manamecrypt) ransomware, despair no more about getting them back without paying for it – the ransomware has been “decrypted”!

Identify the ransomware you’ve been hit with (Help Net Security) Michael Gillespie, a coder that has created a password generator for unlocking the files stashed in a password-protected archive by the CryptoHost ransomware, has also created ID Ransomware, a free online tool for victims to identify with which particular ransomware they’ve been hit

Health organizations team up to thwart cyberattacks (FierceHealthIT) Hospitals and medical schools across the U.S. are teaming up in their quest to thwart cyberattacks

The pros and cons of common access cards (C4ISR & Networks) Traditional authentication mechanisms, such as username/password combinations, offer only a single factor of authentication: something the user knows. Common access cards, on the other hand, provide two: something the user knows (the PIN) and something the user has (the card)

Protecting against advanced attacks: Planning for successful cyber security (BAE Systems) We all know that targeted attacks are on the rise. But contrary to what you may hear, there is no silver bullet. A good cyber security program requires a well-defined strategy, talented resources and a coordinated set of security tools

Design and Innovation

The Simpsons math secret is the key to better security (CSO) A Simon Singh keynote at InfoSec World 2016 revealed an opportunity for better security by following the advice giving to the writing team

Research and Development

$20M partnership with UI, Homeland Security (Illinois Homepage) The University of Illinois is partnering with the Department of Homeland Security on a $20 million program. It's called the Critical Infrastructure Resilience Institute (CIRI)

Academia

Air Force Academy to graduate first three cyber majors (Air Force Times) The Air Force Academy's fledgling cyberspace major will graduate its first three cadets this year, superintendent Lt. Gen. Michelle Johnson said Tuesday

Stanford Unveils New, Updated Online Courses in Computer Security (Campus Technology) Stanford University has enhanced its online certificate program in advanced computer security, adding a new course in network security and updating its course in emerging threats and defenses

Legislation, Policy, and Regulation

A Breakdown of the Current Version of Brazil's Cybercrimes Bill (Global Voices) After much pressure from Internet rights advocates, proponents of new cyber crime legislation in Brazil removed some of the most controversial elements of the bill on April 11

Collaboration vital to reduce economic impact of CNI cyber attack (ComputerWeekly) The interconnected nature of critical national infrastructure (CNI) means the impact of the risk and the cost of a cyber attack grows exponentially every day

China says tech firms pledge to counter online terror activities (Reuters) Twenty-five Chinese technology companies have signed a pledge to counter images and information online that promote terrorism, the internet regulator said on Tuesday, months after China passed a controversial new anti-terrorism law

‘It Sucks To Be ISIL:’ US Deploys ‘Cyber Bombs,’ Says DepSecDef (Breaking Defense) Deputy Defense Secretary Bob Work told reporters today that ISIL is under tremendous pressure from the United States — “from every single direction, the north, the east, the west and the south” — and the terrorist group has lost every engagement with allied forces over the last six months. That apparently includes in cyberspace

Microsoft wants US-EU Privacy Shield approved (FierceCIO) U.S. software giant Microsoft announced its support of the EU-U.S. Privacy Shield Monday in a blog post by John Frank, the company's vice president of EU government affairs

Improving and Modernizing Federal Cybersecurity (The White House) Summary: Today, the Administration proposed legislation to establish a $3.1 billion Information Technology Modernization Fund to further improve our nation’s cybersecurity

DHS warns on cyber risks of open source (FCW) The Department of Homeland Security has suggested striking significant passages from a draft White House policy on open software out of concern that baring too much source code will increase the government's vulnerability to hacking

SEC Would Use Boost in Funds for Cybersecurity, Advisor Exams (ThinkAdvisor) SEC Chief White tells Senate Appropriations panel that cyber and advisor exams are priorities

The Obama Administration Is Struggling to Reform the Security Clearance Process (Defense One) OPM, ODNI and other agencies are failing to meet their own deadlines on a wide array of measures aimed at sniffing out internal threats

DHS, EPA fill key cyber, IT executive roles (Federal News Radio) The Homeland Security Department has filled another key cybersecurity position that had been in an acting status for about a year

NSA appoints first transparency officer (Washington Times) The National Security Agency has appointed its first transparency officer — three years after leaks made by former contractor Edward Snowden exposed the agency’s surveillance programs and led to calls for increased public disclosures. Rebecca Richards, who already serves as director of the NSA’s Civil Liberties and Privacy, will take on the dual role as the agency’s transparency officer

Litigation, Investigation, and Law Enforcement

FBI paid professional hackers one-time fee to crack San Bernardino iPhone (Washington Post) The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter

Universal Credit at high risk of cyber-attack, fraud from the outset (Register) So was agile making it up as they went along?

Peru raids offices of Panama Papers firm (USA Today) Fallout from the explosive Panama Papers leaks spread to Peru in the midst of a bitter presidential election battle when authorities raided the Lima office of the Panamanian law firm Mossak Fonseca

Panama Papers: UK's Cameron fights back in parliament (Al Jazeera) David Cameron lashes out at 'deeply hurtful' allegations made against his father after the Panama Papers leak

Costa Rica to investigate whether hackers 'rigged' its 2014 election (FierceITSecurity) After scores of reports and complaints, Costa Rica has decided to investigate whether hackers rigged its 2014 election

Judicial Watch, feds negotiate fact-finding in Clinton email case (Politico) Lawyers for the State Department and a conservative group are in talks about the scope of a fact-finding process a federal judge has authorized in a lawsuit relating to former Secretary of State Hillary Clinton's private email server, according to a new court filing

Obama: The Word 'Classified' Means Whatever We Need It To Mean (TechDirt) How do we know whether information is classified? Well, because the government tells us it is. But what does that mean? It turns out it means whatever the government wants it to mean, subject to time, place, personnel involved, etc

Taiwan Denies Role in Spy Case Involving U.S. Navy Officer (New York Times) Taiwan’s military denied any involvement on Tuesday in the case of a United States naval officer under investigation on suspicion of providing secret information to Taiwan or China

Comelec to sue hackers 'in next few days' (Rappler) The Comelec says it is also open to sanctioning its own personnel who may have been responsible for the biggest leak of personal data in Philippine history

IRS security is failing taxpayers, senator says (IDG via CSO) The agency has suffered recent breaches, but Congress shares the blame, Wyden says

Australia an attractive target for cyber criminals, expert says (Australian Broadcasting Corporation) A senior analyst for the Australian Crime Commission says the country's relative wealth and high use of technology and online services makes it an attractive target for cyber crime

Uber says gave U.S. agencies data on more than 12 million users (Reuters) Uber Technologies Inc [UBER.UL] on Tuesday released its first ever transparency report detailing the information requested by not only U.S. law enforcement agencies, but also by regulators

Prosecutor suspended over fake Facebook profile used in murder prosecution (Naked Security) A US lawyer from Ohio has been suspended for a year for posing as the mistress of a murderer on Facebook to turn his girlfriend against him

6000 staff join data breach lawsuit against Morrisons (SC Magazine) Morrisons is still feeling the ramifications of a data breach two years ago as 6000 current and former staff signed up to a group lawsuit ahead of the 8 April deadline

Finjan patent lawsuit against Symantec back on track after patents escape IPR (IP Watchdog) Finjan Holdings, Inc. (NASDAQ: FNJN), the parent of wholly-owned subsidiary Finjan, Inc., announced several weeks ago that the Patent Trial and Appeal Board (PTAB) of the United States Patent & Trademark Office (USPTO) issued the final rulings on attempts by Symantec Corporation’s (NASDAQ: SYMC) to invalidate 8 different Finjan’s patents through inter partes review (“IPR”)

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Security through Innovation Summit (Pentagon City, Virginia, USA, April 14, 2016) The Security Through Innovation Summit will bring together top thought leaders and innovators from the Gov IT community to discuss the latest trends in public sector cybersecurity, including cloud deployments,...

Assured Communications 2016 (Crystal City, Virginia, USA, April 27, 2016) A basic tenet of building an expeditionary fighting force that can respond to hot spots around the world is the ability to surge. That applies to satellite bandwidth as much as it does to personnel and...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

Upcoming Events

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

Cloud Security Expo 2016 (London, England, UK, April 12 - 14, 2016) Cloud Security Expo is a cloud security event with over 80 dedicated cloud security exhibitors, seven streams of content, over 150 security speakers, and 40 real cloud security and compliance case studies.

ACSC Conference 2016 (Canberra, Australia, April 12 - 14, 2016) The ACSC Conference 2016 will bring together experts from Australia and abroad to discuss trends, mitigations and advances in cyber security. CEOs, CIOs, CISOs, CTOs, ICT Managers, ITSAs, ITSPs, IRAP Assessors,...

CISO Dallas (Dallas, Texas, USA, April 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Security through Innovation Summit (Pentagon City, Virginia, USA, April 14, 2016) The Security Through Innovation Summit will bring together top thought leaders and innovators from the Gov IT community to discuss the latest trends in public sector cybersecurity, including cloud deployments,...

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...

2016 Cybersecurity Symposium ( Coeur d’Alene, Idaho, USA, April 18 - 20, 2016) The Cybersecurity Symposium: Your Security, Your Future is an opportunity for academic researchers and software and system developers from industry and government to meet and discuss state of the art processes...

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB...

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB...

Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.