skip navigation

More signal. Less noise.

Daily briefing.

The “Quadrooter” firmware vulnerability Checkpoint’s discovered in Qualcomm chipsets powering Android devices is worrisome but not, apparently, being exploited in the wild. Qualcomm has been issuing updates since April that may have fixed the issue in many devices. A general patch is expected next month.

Symantec and Kaspersky independently warn of a new APT group they’re calling either “Strider” or “PojectSauron.” The group is thought to be state-sponsored, but hasn’t been attributed yet to any state. Kaspersky says the APT has operated against “government agencies, telecommunications firms, financial organizations, military and research centers in Russia, Iran, Rwanda, China, Sweden, Belgium and Italy” since 2011. Strider (or ProjectSauron) seems highly targeted, and particularly interested in encryption software. Symantec reports that the group (which reminds them of “Flamer) uses Remsec malware to establish backdoors.

A Russian organized crime mob, thought to be Carbanak, has compromised Oracle’s MICROS point-of-sale system. Oracle has advised affected customers to reset passwords. Other remediation is underway.

Skycure warns of rogue Wi-Fi hotspots around the Rio Olympics.

As the US considers enhancing the status of US Cyber Command, observers suggest that the world collectively (and its security and defense sectors especially) need to devote some thought to reaching clarity about conflict in cyberspace and how it relates to actual, lethal, kinetic warfare.

In law enforcement news, Ireland’s Garda upgrades its defenses after the cyberattack it recently sustained, Australia sets up a cyber unit to track terrorist funding, and the US prepares to auction off Bitcoin seized from SilkRoad.

Notes.

Today's issue includes events affecting Australia, Belgium, Brazil, China, European Union, Iran, Ireland, Italy, Poland, Russia, Rwanda, Sweden, Turkey, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Charles Clancy, from our partners at the Virginia Tech's Hume Center, will describe 5G cellular technology. (If you enjoy the podcast, please consider giving it an iTunes review.)

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, CenturyLink, and more.

Dateline Black Hat

The state of cyber security: we’re all screwed (Guardian) Sophisticated cybercrime, privacy fears and ongoing confusion about security have soured the internet for many, and doing something about it won’t be easy

Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons (eWeek) Amid the latest technology and research discussed at Black Hat USA, enterprises still aren't implementing common sense cyber-security practices

Black Hat: What Are the Tools of Car Hacking? (eSecurity Planet) Time, energy and money, not a lack of tools, are keeping researchers from investigating automobile security, say Charlie Miller and Chris Valasek

Bringing security into IT and application infrastructures (Help Net Security) In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security

Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges (Wired) As the head of Poland’s Computer Emergency Response Team, Przemek Jaroszewski flies 50 to 80 times a year, and so has become something of a connoisseur of airlines’ premium status lounges. (He’s a particular fan of the Turkish Airlines lounge in Istanbul, complete with a cinema, putting green, Turkish bakery and free massages.) So when his gold status was mistakenly rejected last year by an automated boarding pass reader at a lounge in his home airport in Warsaw, he applied his hacker skills to make sure he’d never be locked out of an airline lounge again

Tesla Model S’s autopilot can be blinded with off-the-shelf hardware (Naked Security) Researchers have used off-the-shelf tools to trick the autopilot sensors on a Tesla Model S, demonstrating that it’s simple to blind the car so it doesn’t see obstacles in its path

Hackers Make the First-Ever Ransomware for Smart Thermostats (Motherboard) One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollar

Carnegie Mellon sweeps DefCon as team wins third 'World Series of Hacking' title in four years (PRNewswire) Carnegie Mellon's competitive computer security team, The Plaid Parliament of Pwning, just won its third title in four years at the DefCon Capture the Flag competition. The win comes on the heels of CMU-spinoff ForAllSecure's win at the DARPA Cyber Grand Challenge just days earlier

Cyber Attacks, Threats, and Vulnerabilities

Quadrooter Flaw in Qualcomm Chips Puts 900M Android Devices At Risk (Threatpost) Four vulnerabilities found in Qualcomm chips used in 900 million Android devices leave affected phones and tablets open to attacks that could give hackers complete system control. Researchers at Check Point who found the flaw are calling the vulnerability Quadrooter and say that a patch isn’t expected to be available to most users until September

QuadRooter vulnerability: 5 things to know about this Android security scare (Android Central) New Qualcomm-targeted Android security bug is reported to put '900 million' devices at risk. Here's what you need to know

Researchers discover advanced cyber-espionage malware (Engadget) It eluded detection for at least five years

Strider hackers in highly-targeted 'espionage' malware campaign (SC Magazine) Previously unknown bad actor used Remsec to infect just 36 machines in what appears to be a quiet cyber-espionage operation

Symantec Spots State-Sponsored ‘Strider’ Attacks (Infosecurity Magazine) Security experts have discovered a highly targeted cyber espionage campaign aimed at just seven organizations over the past five years

ProjectSauron APT On Par With Equation, Flame, Duqu (Threatpost) A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries

Strider: Cyberespionage group turns eye of Sauron on targets (Symantec) Low-profile group uses Remsec malware to spy on targets in Russia, China, and Europe

The ProjectSauron APT (Kaspersky Labs) In September 2015, Kaspersky Lab’s Anti-Targeted Attack Platform discovered anomalous network traffic in a government organization network. Analysis of this incident led to the discovery of a strange executable program library loaded into the memory of the domain controller server. The library was registered as a Windows password filter and had access to sensitive data such as administrative passwords in cleartext. Additional research revealed signs of activity of a previously unknown threat actor, responsible for largescale attacks against key governmental entities

Adware turns a tidy profit for those who sneak it into downloads (CSO) Perpetrators are deliberately evading protections, say researchers from Google and NYU

Even Solar Panels Can Be Hacked (Hack Read) Believe it or not, your solar panel can be hacked as well — just like this man who hacked his own solar panel

Malware hidden in Vietnam’s computer system, Bkav warns (Vietnam Net) Vietnam’s technology group Bkav warned on August 8 that the malware that recently attacked the national flag carrier Vietnam Airlines is also hidden in the websites of government agencies, corporations, banks, research institutes and universities

Hackers take Rio Olympics through the back-door (TechEye) Mobile security outfit Skycure claims that visitors to the former capital of Brazil are being targeted by hackers who have set up fake Wi-Fi hotspots designed to steal information from connected devices

Data Breach At Oracle’s MICROS Point-of-Sale Division (KrebsOnSecurity) A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems

Breach Forces Password Change on Oracle MICROS PoS Customers (Threatpost) Oracle is alerting customers it found malicious code in some of its MICROS point-of-sale systems and is requiring they change account passwords. The security measures come on the heels of reports the world’s No. 3 PoS service succumbed to a security breach perpetrated by the Carbanak gang

Are Unsecure Medical Devices Opening the Backdoor for Hackers? (Infosecurity Magazine) The increased adoption of connected devices into medical services and processes is streamlining and improving the manner in which medicine can be tracked, developed, sourced and distributed

Malware Infected PokémonGo Apps Found on GooglePlay Store (Hack Read) Researchers have discovered more fake Pokémon GO apps on Google Play Store putting security and privacy of android users in danger

'Pokémon Go' Stats Tracker PokeAdvisor Is Blocked, Fans Are Mad As Hell (Again) (Motherboard) There’s a new casualty in the clampdown on third party Pokémon Go-tapping services: stats tracking site PokeAdvisor

Security Firm Hired To Rid Pokémon From The Map (PYMNTS) Not everyone is being swept up in the Pokémon GO craze. Cybersecurity firm LookingGlass has been hired by power utility companies in Florida to get Pokémon off the map

Cyber Trends

Security still the biggest challenge in cloud management (Help Net Security) CIOs are the C-suite executives most intensively advocating and driving migration of their organizations’ IT resources to the cloud. A new Unisys study indicates that reducing costs and gaining faster access to computing capacity are the CIOs’ primary motivations. In addition, securing the cloud is the respondents’ primary management concern

Passwords Protect Your Business, but Who’s Protecting Them? (AVG Now) When we asked AVG Business customers in the US and UK how they keep company passwords safe, we were surprised to learn just how many of them … simply don’t

Password Hacks Push Big Changes On Big Tech (PYMNTS) It has been a rough few months for high profile social media accounts – Mark Zuckerberg has been hacked, as has Google CEO Sundar Pichai and Twitter CEO Jack Dorsey. All through the magic of password hacking – and the fact that even tech CEOs don’t follow the advice we’ve all been given about varying our passwords

UK Users Getting Better at Patching … Microsoft (Infosecurity Magazine) UK PC users are getting better at patching their Microsoft systems but appear to be ignoring security warnings on other software, according to the latest stats from Secunia Research

1 in 3 Americans report financial losses due to being defrauded (Help Net Security) With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance

Defense CIO: Cybersecurity Improving But Innovation Lags (National Defense) Cyber attacks are workaday events at the Defense Department. “We get attacked millions of times a day,” says the Pentagon’s chief information officer Terry Halvorsen. How many of those attempted intrusions are actually successful? Very few, he says. Only about 0.001 percent

Marketplace

Imperva Stock Still Has 9% Upside (Barron's) The cyber-security company could see a steeper decline in product sales but likely will be bought by a larger vendor

FireEye to Lay Off Hundreds, Blames Ransomware (eWeek) The security firm sees growth continue to slow as clients fall prey to simpler, easier-to-clean-up attacks, but analysts point to competition

FEYE Stock: FireEye Inc Gets Unfairly Crushed After Second-Quarter Earnings (Profit Confidential) FireEye Inc (NASDAQ:FEYE) delivered quarterly earnings on Thursday and the market reception was…frosty, to say the least. Within hours, investors carved out 12.5% of FEYE stock

7 Signs You Should Sell FireEye Inc Stock (Madison) Cybersecurity firm FireEye (NASDAQ: FEYE) has lost almost 70% of its market value over the past 12 months and currently trades at a 25% discount to its IPO price of $20. Some contrarian investors might think that FireEye could rebound from these depressed levels, but I believe that the stock could crash and burn for seven simple reasons

Symantec purchase of Blue Coat grows federal market footprint (Bloomberg Government) Cybersecurity powerhouse Symantec Corp. announced Aug. 1 that it had completed its $4.65 billion acquisition of cyber-defense company Blue Coat Systems Inc. According to Bloomberg Government proprietary contract data, the acquisition will increase Symantec’s federal cybersecurity market footprint by an estimated 56 percent

Can Blue Coat save struggling Symantec? (ARN) Over the past three years, Symantec has endured many cost-cutting measures, including layoffs and infrastructure consolidation

SailPoint Delivers Strongest First Half in the Company’s History, Adding 100 New Enterprise Customers (BusinessWire) Company posts nearly 30% revenue growth and its 11th consecutive quarter of profitability

In Cybersecurity Hiring, Aptitude Trumps Experience and Skills (Infosecurity Magazine) As a hiring manager, you may be presented with a choice: hire the candidate with the most experience or a natural ability to get things done. While tenure is the indicator of expertise in many careers, the case can be made for hiring based on aptitude versus experience in cybersecurity

19-year-old wins one million airmiles after finding United Airlines bugs (Graham Cluley) Vulnerability researcher Olivier Beg from Amsterdam has been handsomely rewarded with one million airmiles by United Airlines, after finding some 20 security holes in the company's software

Okta brings on first CIO in effort to unify internal tech strategy (ZDNet) Like other relatively young cloud companies, Okta realizes it needs to optimize its own IT stack so it's in a better position for growth

Swivel Secure Strengthens Its Senior Leadership Team (Swivel Secure ) New Non-Executive Director to advise multi-factor authentication specialist on global strategy

Products, Services, and Solutions

Ayehu Extends Everbridge’s IT Alerting and Targeted Notification Solution with Remediation Workflow Automation and Orchestration Integration (WebWIre) Customers benefit from new level of automation functionality to improve incident resolution for maximum system uptime

Digital prediction software is featured in international market (Synaption) Synaption platform is able to analyze large data to anticipate important scenarios

Now Available: ThreatConnect Powered by SAP HANA™ (ThreatConnect) ThreatConnect + SAP HANA: intelligence-driven defense supercharged with in-memory computing

Threat Stack Cloud Security Platform Now Integrates with VictorOps for Real-Time Security Alerting (BusinessWire) Integration with real-time incident notification platform further extends Threat Stack’s capabilities for fast-moving development and operations teams

LogRhythm's 'Freemium' - a free network monitoring solution (Security Brief) Network Monitor Freemium is a free version of LogRhythm’s Network Monitor

Untangle delivers ScoutIQ threat intelligence platform (Financial News) Untangle Inc. has released its new threat intelligence platform, ScoutIQTM, aimed at bringing enterprise-grade, cloud-based malware detection to the small-to-medium business market, the company said

Technologies, Techniques, and Standards

New Internet Security Domains Debut (Dark Reading) Meet the new .security and .protection domains

Cyber checklist is dead, long-live the new A-130 (Federal News Radio) One of the last vestiges of the old way of thinking about cybersecurity is dead

Threat Modeling in the Enterprise, Part 1: Understanding the Basics (IBM Security Intelligence) Have you ever been in a position where you are expected to secure a complex system long after it has been designed and fully functional for a few good years? Or maybe you have been tasked to secure an organization that has never before taken cybersecurity seriously? If so, you are probably familiar with the initial frustration and the nagging question, “Where do we start?”

Not All Next-Generation Firewalls Are Created Equal (Palo Alto Networks) As cybersecurity threats increase in sophistication, the security solutions used to defend against these threats must also evolve. Developers no longer adhere to standard port/protocol/application mapping; applications are capable of operating on non-standard ports, as well as port hopping; and users are able to force applications to run over non-standard ports, rendering first-generation firewalls ineffective in today’s threat environment. Enter the “next-generation firewall” (NGFW), the next stage of firewall and intrusion prevention systems (IPS) technology

Building A Detection Strategy With The Right Metrics (Dark Reading) The tools used in detecting intrusions can lead to an overwhelming number of alerts, but they're a vital part of security

Using File Entropy to Identify "Ransomwared" Files (SANS Internet Storm Center) Any engineer or physisist will tell you that Entropy is like Gravity - there's no fighting it, it's the law! However, they can both be used to advantage in lots of situations

Design and Innovation

Blog: Have Developers Become Overly Dependent on Dependencies? (SIGNAL) One often-overlooked aspect of software development is how much programmers rely on open source libraries and packages for prewritten functions. Instead of writing code from scratch, or even copying and pasting code from one program into a new one, programmers often rely on what is called a dependency, the technical term for a shortcut to code maintained by a cloud service provider. Using the method makes a new program dependent on the existence and availability of that particular module. If that dependency is not available or the code functionality is broken, the entire program fails

Why privacy is the killer app (TechCrunch) Our world looks very different from when Steve Jobs held aloft the first iPhone in 2007. There were 1.2 billion people online globally. Gmail had fewer users than Yahoo’s mail service — the same Yahoo that was just acquired at a fraction of its highest valuation at the turn of the century. Marketers didn’t use technology beyond their website analytics, email marketing and display ads. The martech/adtech industry didn’t exist

Research and Development

'Faceless Recognition System' Can Identify You Even When You Hide Your Face (Motherboard) With widespread adoption among law enforcement, advertisers, and even churches, face recognition has undoubtedly become one of the biggest threats to privacy out there

DARPA awards contract to restore power grid after cyberattack (C4ISRNET) SRI International has been awarded a $7.3 million DARPA contract to restore the U.S. power grid after a cyberattack

Air Force awards cybersecurity contract (C4ISRNET) Charles River Analytics has been awarded a $500,000 Air Force contract to develop a cyber defense toolkit

Legislation, Policy, and Regulation

The political iconoclast at the center of Europe's tech policy debate (Christian Science Monitor Passcode) The sole member of the Pirate Party in the European Union Parliament, Julia Reda has emerged as influential voice as digital issues take center stage

What Does Expanding the Definition of War Mean for the U.S. Military? (Foreign Policy) Increasingly, America’s armed forces are tasked with protecting new battlefronts around the world — from cyberwarfare to post-conflict peacekeeping. And that could be very bad for the United States

Misuse of Language: ‘Cyber’; When War is Not a War, and a Weapon is Not a Weapon (Threatpost) The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber weapon” relate these terms to “attack,” framing the conversation in terms of acceptable responses to “attack” (namely, “strike-back,” “hack-back,” or an extreme interpretation of the vague term “active defense”)

Is US Cyber Command preparing to become the 6th branch of the military? (Tech Republic) The Obama administration is considering elevating the status of US Cyber Command and separating it from the NSA, as cyberattacks and defense become a more integral part of modern warfare

Spies-for-Hire Now at War in Syria (Daily Beast) It’s not just U.S. troops battling ISIS. Now the Army is sinking millions of dollars into private intelligence contractors for the fight

Homeland Security shares initiatives for securing government services from emerging cyber threats (CSO) Gregory J. Touhill is a retired Brigadier General from the US Air Force and is currently the Deputy Assistant Secretary in the Office of Cybersecurity and Communications for the U.S. Department of Homeland Security. He spoke at the recent Technology in Government conference held in Canberra, via video-link

Garda introducing heightened security after cyber attack (Belfast Telegraph) Irish police are implementing "heightened security measures" after a cyber attack on their computer systems

Litigation, Investigation, and Law Enforcement

Australia sets up specialist cyber unit to trace terrorism payments (Reuters via Yahoo! Tech) Australia has set up a cyber-intelligence unit to identify terrorism financing, money laundering and financial fraud online, the government said on Tuesday, because of "unprecedented" threats to national security

French Teenage Girl Charged Over Suspected Attack Plot (AP via ABC News) A judge has handed a 16-year-old French girl preliminary terrorism charges for allegedly supporting the Islamic State group and trying to perpetrate an attack, prosecutors said Monday. The girl was using a social media app to spread calls by IS to commit violent acts, the Paris prosecutor's office said

Turkey: US shouldn't 'sacrifice' alliance over Muslim cleric (AP via Quincy Herald-Whig) Turkey's justice minister said Tuesday the United States would be sacrificing its alliance with Turkey to "a terrorist" if it were to refuse to extradite a U.S.-based Muslim cleric who the government says is behind the July 15 failed coup

Elizabeth Warren criticizes
 DNC on emails (Boston Herald) Calls scandal an ‘embarrassment’

Benghazi victims’ families file suit against Clinton (San Diego Union-Tribune) Lawsuit blames former secretary of state for release of information

Court: Feds must get warrant to search e-mail, even if cops find child porn (Ars Technica) AOL flagged message with suspected child porn image, further search found 3 more

Tor can be cracked “like eggshells”, warns US judge (Naked Security) A US judge has put into the public record, during a hearing in Tacoma, Washington, an interesting pair of comments about Tor

Bitcoins Forfeited In Silk Road Cases To Be Auctioned (Dark Reading) US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

Upcoming Events

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with...

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create...

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.