skip navigation

More signal. Less noise.

Daily briefing.

Australia's Bureau of Statistics remains convinced its online census platform was taken down by distributed denial-of-service attacks. No attribution, and the motive is thought to be the obvious one: disrupting the census.

Vietnam continues to sustain a wave of spyware infestations originating, apparently, with China. Other Chinese actors (deniable patriotic hacktivists) defaced Vietnamese airport sites in July; there are similarities between their code and that used by the spyware actors.

In the US, the FBI is expanding its investigation into the hack of the Democratic Party. It's now believed more than a hundred groups and party officials were compromised. Investigators speaking on background to the media no longer bother to be coy about attribution—they call the actors "the Russians."

Microsoft has inadvertently leaked its Secure Boot "golden key," effectively a backdoor that bypasses protections and enables the possessor to unlock any device protected by Secure Boot. Observers see this as a cautionary tale for policymakers.

A Linux TCP flaw, apparently in place since 2012, exposes Internet users to off-path exploitation. Researchers from the University of California at Riverside and the US Army Research Laboratory demonstrated a proof-of-concept exploit yesterday at USENIX.

Another car hack demo shows how criminals can gain access to several Volkswagen models.

Samsung acknowledges there's a token skimming issue in Samsung Pay, but says exploitation is too far-fetched to worry about.

Tripwire reports on R980 ransomware—a lot of familiar functionality, but which abuses Mailinator the better to coerce its victims.

Twitter's cleared of supporting ISIS.

Notes.

Today's issue includes events affecting Australia, Brazil, Bulgaria, Canada, China, France, Germany, Iran, Iraq, Russia, Syria, Thailand, Turkey, Ukraine, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. In today's podcast Ben Yelin (from our partners at the University of Maryland's Center for Health and Homeland Security) will discuss the FBI’s efforts to expand the reach of National Security Letters. We'll also hear from our guest Rick Lipsey, Deputy Director of the ISAO Standards Organization, who'll talk about emerging cyber security standards. (And of course, if you like the podcast, please consider giving it an iTunes review.)

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, CenturyLink, and more.

Dateline Black Hat

Black Hat USA 2016 (The CyberWire) The retrospectives on Black Hat and its associated conferences agree on one thing—there’s reason for great concern about the security of the Internet and those who use it. Now, at a security industry conference, this is hardly what the lawyers would call “an admission against interest.” It’s in the nature of the sector to be unusually aware of and sensitive to threats, and a high level of fear-uncertainty-and-dread has long provided the community with its background noise as well as much of its signal. Bear this in mind as you consider reports from Las Vegas

Keynote: The Hidden Architecture of Our Time (The CyberWire) The opening keynote speaker was Dan Kaminsky, co-founder and Chief Scientist of White Ops, also famous as one of the seven “key shareholders” of the Internet’s Domain Name System, charged with responsibility for restoring it in the event of disruption. His keynote had the informative subtitle “Why this Internet Worked, How We Could Lose it, and the Role Hackers Play”

Observations on the evolution of the threat (nice supply chain you got; shame if it got broke…) (The CyberWire) On the threat side, we asked experts how the danger to businesses and other organizations has changed over the last few years. Steven Grossman, Bay Dynamics’ Vice President of Program Management, told us we’re seeing more credential-based threats

A role for threat intelligence (The CyberWire) How does a cyber intelligence company see the threat landscape changing? In keeping with Black Hat’s announced theme of “speed,” A.J. Shipley, vice president of product management at LookingGlass Cyber Solutions, told us that they’re seeing a striking increase in the rate at which the adversary changes tactics. They’ve also seen a marked increase in the sheer number and size of the breach packages they’re finding

Cyber security as an exercise in risk management (The CyberWIre) It’s worth beginning with some perspective we received from Ntrepid's Chief Scientist Lance Cottrell, especially given the attention paid at the conference to flashy demonstrations of vulnerabilities, like car hacking

Venture capital and early stage security start-ups (The CyberWIre) Jeff Moss, Black Hat’s founder, characterized this year's conference as being about speed (last year's was about complexity). Speed plays into the sector in many ways: speed to market, speed to produce products, and speed to counter threats. Speed, Moss noted, matters to boards and C-suites, and speed should matter to companies as they try to sell into the current market

What industry sees in industry trends (The CyberWIre) Ntrepid’s Lance Cottrell thought, “A lot of the problems are taking place in the basic blocking and tackling. Companies bring us in to help with the browser, but we also see them having a lot of problems with keeping track of other systems, where's the perimeter, having that perimeter dissolve on them"

Transitioning technology from the laboratory to the market (The CyberWIre) Start-ups often begin in an effort to transition a technology or a service into the market by way of a new business. We talked with Champion Technology, who’s had the experience of taking their Darklight product from its development inside a US Department of Energy National Laboratory and moving it to market

Building software for resilience (and why security teams need a good bedside manner) (The CyberWIre) The difficulty of building security into the application development process has become notorious in the industry. We spoke with the Denim Group’s John Dickson (Principal) and Dan Cornell (Chief Technology Officer) about how their company addresses this challenge

Want secure code? Give devs the right tools (CSO) With the appropriate tools and environments, developers can take the first step forward in safeguarding app security

Securing the architecture as the perimeter vanishes (The CyberWIre) It’s become a commonplace in the industry that the perimeter is vanishing (if indeed it hasn’t already done so, with the possible exception of a few tightly controlled and secured enclaves). Bring-your-own-device (BYOD), pervasive mobile computing on increasingly powerful devices, and the swift movement of data and services to the cloud have all contributed to this trend. How does an enterprise approach security in this new world?

Mobile security (where FUD may not be as fake as we’d like to believe) (The CyberWIre) With more enterprises buying fully into mobile computing, security for mobile devices bulks increasingly large in the concerns CISOs face. (And don’t even get them started on the Pokémon GO issues.) We spoke with OptioLabs’ Chief Technology Officer Brian Glancy and Hamilton Turner, Senior Director of Research and Engineering, about their approach to securing mobile devices

A role for testing (The CyberWIre) NSS Labs started in Europe, and then came to US as a security research and testing company. “Our mission is to provide transparency to the buyers so they know what they're getting,” Chief Executive Officer Vikram Phatak told us. “Think of it as Consumer Reports for enterprise cyber security"

Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable (Threatpost) Sławomir Jasek with research firm SecuRing is sounding an alarm over the growing number of Bluetooth devices used for keyless entry and mobile point-of-sales systems that are vulnerable to man-in-the-middle attacks

The Future Of ATM Hacking (Dark Reading) Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why

An ATM hack and a PIN-pad hack show chip cards aren’t impervious to fraud (Ars Technica) The good news? Hacks are limited for now. The bad news? Hackers will get better

Booz Allen Hamilton’s Kaizen (and their hacker’s Dojo) (The CyberWIre) This year's Kaizen, a capture-the-flag event sponsored by Booz Allen Hamilton, has a winner: congratulations to Aaron Lint, Vice President of Research, Arxan, who placed first. He told us he learns something new every time he plays

Security advice for security conferences (and for other events with a bullseye on them). (The CyberWIre) Finally, it’s worth considering some of the security advice peoples offered at Black Hat. It will serve as a good starting point for next year’s event, or indeed for any other event likely to attract the ministrations of hackers (Olympics, World Cups, other Black Hats, etc.)

Special Edition: Black Hat — Cyber Security Trends and Investment (The CyberWIre) The 2016 Black Hat conference is underway in Las Vegas this week, and in this special report from the show floor we'll hear from industry leaders about industry trends, and from venture capital funders about what they need to see before saying yes, and why it's harder to get startup funding than it used to be

Special Edition: Black Hat, Part 2 — Trends and Insights from Industry Leaders (The CyberWIre) The 2016 Black Hat conference is in the books, and we wrap up our coverage with more insights from industry leaders

Lessons from a digital mercenary: Beware the ‘October Surprise' (Christian Science Monitor Passcode) Cybersecurity expert Chris Rock researched ways to overthrow a government using only his computer for a talk at the DEF CON hacker conference in Las Vegas – and he says there are some lessons for the US elections

Cyber Attacks, Threats, and Vulnerabilities

Hack of Democrats’ Accounts Was Wider Than Believed, Officials Say (New York Times) A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday

Australia Stops Online Collection of Census Data After Cyberattacks (New York Times) Australia has halted online collection of national census data after a website where citizens could upload information was subjected to repeated cyberattacks

Spyware Deluge Hits Vietnam Sites Amid South China Sea Spat (Bloomberg Markets) The spyware used in cyber attacks on Vietnam’s major airports and national carrier last month is now suspected of having bombarded many more official sites, amid tensions with China over territory in the disputed South China Sea

China 1937CN Team hackers attack airports in Vietnam (Cyber Defense Magazine) The group of hackers known as China 1937CN Team compromised the announcement screen systems at many major airports in Vietnam

How Researchers Exposed Iranian Cyberattacks Against Hundreds of Activists (Motherboard) Late last year, a group of hackers likely linked to the Iranian government reorganized the infrastructure supporting their cyberattacks. The hackers built it so their malware, which was infecting Iranian human rights activists and dissidents at home and abroad, would contact different servers under their control

Senior former Taliban leader reconciles with jihadist group (Threat Matrix) The Taliban continues to attempt to mend the rifts with a faction that broke away after the controversy surrounding the death of Mullah Omar and the naming of his successor. On Aug. 8, the Taliban announced that Mullah Baz Mohammad, who served as a deputy to Mullah Mohammad Rasul, and his followers have rejoined the Taliban

Why So Many Foreign Fighters Flock to ISIS (Defense One) A look at the factors that motivate people to leave home and join faraway wars

Mental Illness and Terrorism (Small Wars Journal) The recent attack at an Orlando night club has provoked both intrigue and confusion. Given the lack of an obvious operational connection to the Islamic State and the shooter’s rather rudimentary religious knowledge and history of mental instability, some voices have rightfully questioned the appropriateness of the label ‘terrorism’ to something that rather resembles mass school shootings

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open (Ars Technica) Microsoft quiet as researchers spot debug mode flaw that bypasses OS checks

Microsoft Mistakenly Leaks Secure Boot Key (Threatpost) Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea

Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks (Ars Technica) "Off-path" attack means hackers can be anywhere with no man-in-the-middle needed

Use the internet? This Linux flaw could open you up to attack (CSO) A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly

A New Wireless Hack Can Unlock 100 Million Volkswagens (Wired) In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995

Samsung both denies and admits mobile payment vulnerability (CSO) Samsung said that reports of a vulnerability in Samsung Pay mobile payments were "simply not true" -- but also admitted that token skimming was, in fact, possible but difficult enough that the potential risk was acceptable

Road Warriors: Beware of ‘Video Jacking’ (KrebsOnSecurity) A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping

Instagram Accounts Hacked to Promote Adult Dating Spam (Infosecurity Magazine) Cybersecurity firm Symantec has unearthed a new scam campaign targeting Instagram users

Ransomware Copycats Predecessors, Adds Disposable Emails to the Mix (Tripwire) A new ransomware mimics many its predecessors but then shakes things up by incorporating disposable emails into its decryption process

Researchers Hide Malware Inside Digitally Signed Files Without Breaking Hashes (Softpedia) New technique makes malware detection almost impossible

Over 300 new cyber threats pop up on underground markets each week (Help Net Security) Approximately 305 new cyber threats are added each week on cybercrime markets and forums, mostly located on dark nets and the deep web

Government Data Woes: 2016 Compromised Records Surpass Total for Last Three Years Combined (IBM Security Intelligence) We are only a little over halfway through 2016, and yet according to the latest IBM X-Force data, 200 million government records worldwide were already compromised by July 31 of this year. That’s nearly 60 million more than all the records compromised from 2013 through 2015 — combined

Rio Games Escalating Cyber Risk To Mobile Users (Dark Reading) Intensified social media activities during sporting events increase threats from cybercriminals to 55%, new report from Allot finds

Facebook’s favorite hacker is back – with an ironic security hole (Naked Security) Laxman Muthiyah is a serial Facebook bounty hunter who has featured on Naked Security before

Are online travel sites providing biased information? (CBS News) A cyber war has erupted in recent weeks between major online travel agencies such as Expedia (EXPE) and Priceline.com (PCLN) and hotel chains over how some discounts are being offered to consumers

Dangers of 'Pokemon Go': Motorways, cliffs, snakes and land mines (CNN) If you're looking to catch Pokemon in Thailand, don't get your hopes up

No Pokémon for British Spies, as Pokéstops Vanish From MI5 and MI6 Buildings (Motherboard) British spies hoping to apply their skills to pokémon training may be out of luck: Players report that pokéstops and pokémon gyms have vanished from London’s MI5 and MI6 headquarters

Security Patches, Mitigations, and Software Updates

Juniper Hotfixes Shut Down IPv6 DDoS Vulnerability (Threatpost) Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service (DoS) attack. The hotfixes come more than two months after the vulnerabilities were publicly disclosed

vBulletin Patches Serious Flaw in Forum Software (Threatpost) A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code

Vulnerability Spotlight: MS Edge/Windows PDF Library Arbitrary Code Execution Vulnerability Identified and Patched (Talos) Vulnerability discovered by Aleksandar Nikolic of Cisco Talos

Microsoft rushes to fix issue that unlocks devices protected by Secure Boot (Graham Cluley) Two security advisories released but still no fix

Google To Roll Out New Security Alerts On Gmail (Dark Reading) Gmail users to get alerts for suspicious email senders as well as sketchy links in messages

Chrome starts retiring Flash in favor of HTML5 (Ars Technica) Non-visible Flash content blocked in September; Flash fully deprecated by December

Cyber Trends

6 shocking gaps in your data security strategy (CSO) Despite billions of dollars invested in cybersecurity, businesses lose critical data daily. We’ve secured our organizations like fortresses, building layers of walls around networks, applications, storage containers, identity, and devices. But when an unhappy employee moves high-value designs onto a USB drive or sends important email attachment outside the “secure” network, those walls crumble the moment we need them the most

Marketplace

Copperhead OS: The startup that wants to solve Android’s woeful security (Ars Technica) A multi-billion-dollar megacorp, Google, apparently needs help to secure its OS

Google isn’t safe from Yahoo’s fate (TechCrunch) Yahoo has been beaten up in the press for so long that it’s hard to remember how untouchable the company once appeared

Found an iOS zero-day? This firm will pay you $300,000 more than Apple (Tripwire: the State of Security) It’s just a week since Apple announced its first-ever bug bounty for researchers who find vulnerabilities in its widely-used software and hardware, in the hope that it can provide better security and privacy to its millions of customers

Security startup confessions: How to tackle outsourcing (Help Net Security) My name is Kai Roer and I am a co-founder of a European security startup, and these are my confessions. I hope you will learn from my struggles, and appreciate the choices startups make when security matters. I will share experiences from my own startups (my first was in 1994), and things I have learned by watching and advising numerous other startups around the world

Products, Services, and Solutions

Just What the Doctor Ordered: Trend Micro Takes the Hassle Out of Security for New CyberAid Program (Trend Micro: Simply Security) When it comes to healthcare security, media attention is usually focused on the mega breaches – think Anthem, Premera and, most recently, Banner Health. But there is a long tail of smaller organizations who also need help. That’s where the Health Information Trust Alliance (HITRUST) has expanded its focus. Its latest initiative, CyberAid, is designed specifically to help smaller healthcare organizations protect themselves from ransomware, data breaches and other major threats

No One Can Stop Ad Blocking. Not Even Facebook (Wired) Facebook has a new way of getting your eyes on its ads.

FlockFlock: File access enforcement for macOS (Help Net Security) The more serious you are about information security, the more you realize it’s difficult to be sure a system isn’t compromised. While malware authors don’t target the Mac platform as much as Windows, it doesn’t mean you should be complacent about its security

Technologies, Techniques, and Standards

Here's The Business Side Of Thwarting A Cyberattack (Dark Reading) Ponemon Group study data illustrates the balancing act of running a business while trying to stay secure

Got Ransomware? Negotiate (F-Secure) ICYMI: we recently published a customer service study of various crypto-ransomware families. Communication being a crucial element of ransomware schemes, we decided to put it to a comparative test

Design and Innovation

What The TSA Teaches Us About IP Protection (Dark Reading) Data loss prevention solutions are no longer effective. Today's security teams have to keep context and human data in mind, as the TSA does

How the EFF was pushed to rethink its Secure Messaging Scorecard (Help Net Security) As good as the idea behind Electronic Frontier Foundation’s Secure Messaging Scorecard is, its initial version left much to be desired

Facebook feed change that predicts what’s informative could reprioritize news (TechCrunch) News outlets may get back some of their mojo stolen by a June Facebook feed algorithm change that preferred friends over publishers. Today Facebook will start predicting stories that are informative and highlighting them to people if they’re “related to their interests, if they engage people in broader discussions, and if they contain news”

Academia

Blog: Giving Back, One Cyber Scholarship at a Time (SIGNAL) Cyber firm CEO creates award to honor his parents, aid students

Governor McAuliffe Announces $1 Million in Cybersecurity Scholarships (Virginia.gov) The Cybersecurity Public Service Scholarship Program is now accepting applications from students in Virginia

Legislation, Policy, and Regulation

Putin discusses Crimea security after alleged Ukrainian incursions (Reuters) Russian President Vladimir Putin has held a meeting with his Security Council to discuss additional security measures for Crimea after the clashes on the contested peninsula, the Kremlin said on Thursday

Is Ukraine Just About to Blow? (Daily Beast) Countless omens signal a new war on its way, from troop movements to Russia’s ‘August Curse.’ But this time they may be more smoke than fire

Pentagon Releases New Procedures for Intelligence Collection (Lawfare) Today, the Department of Defense released revised procedures—along with an accompanying fact sheet—governing the conduct of its intelligence activities. DoD Manual 5240.01, ensures that Defense Department policy complies with DoD Directive 5240.01 and Executive Order 12333, which authorize Defense components to collect, retain, and disseminate information concerning U.S. persons and conduct other activities “in accordance with the Constitution and laws of the United States”

How the Government Is Waging Crypto War 2.0 (Motherboard) On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik entered the Inland Regional Center in San Bernardino, California and opened fire on the attendees of a holiday party underway inside. After four minutes of shooting, the married couple fled the scene and left 19 dead in their wake. At the time, it was the deadliest act of terrorism in the United States since 9/11

U.S. Intelligence to Help Companies Avert Supply-Chain Hacking (Bloomberg Technology) U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy

Army wants more remote capabilities for defensive cyber (C4ISRNET) When it comes to the Army’s defensive cyber operations, getting to a more global remote capability is important. Russell Fenton, an Army training and doctrine command capability manager in the defensive cyberspace operations branch, said at the TechNet Augusta conference that “to provide the quick reaction security enhancement reinforcement at the time of need, global cyberspace defenders must have the ability to maneuver remotely or on site"

Is COIN driving atrophy in Army network operations? (C4ISRNET) A key theme at TechNet Augusta, held Aug. 2-4 in Georgia, was that the Department of Defense Information Networks are an integral warfighting platform for all DoD operations. With that, adversaries have taken notice and tried to exploit vulnerabilities within the DoDIN to disrupt operations. But after 15 years of a counterinsurgency fight against technologically inferior actors, network defense and operational security now faces atrophy

Litigation, Investigation, and Law Enforcement

Erdogan says informing on Gulen supporters 'patriotic duty' (Fox News) Turkey's president has called on a group of businessmen to inform authorities about anyone they suspect of being a follower of a U.S.-based Muslim cleric accused of orchestrating Turkey's failed July 15 coup

Did a U.S. think tank sponsor a military coup? Turkey thinks so. (Los Angeles Times) Bespectacled and slightly balding, Washington academic Henri J. Barkey hardly appears the type to mastermind political revolt and foreign intrigue

An ICS cyber incident results in criminal convictions (Control: Unfettered) August 8, 2016, a federal jury found Pacific Gas and Electric (PG&E) guilty on five felony counts of failing to adequately inspect its gas pipelines before the blast that incinerated a neighborhood in San Bruno, CA. in September 2010. The utility was also found guilty of one count of misleading federal investigators about the standard it used to identify high-risk pipelines

Judge dismisses suit accusing Twitter of supporting ISIS group (New York Daily News) A federal judge in San Francisco has dismissed a lawsuit accusing Twitter of supporting the Islamic State group

Canada Attack Suspect Dead After Police Operation in Ontario (ABC News) A Canadian man previously banned from associating with Islamic State extremists has been killed as Canada's national police force thwarted what they believed was a suicide bomb plot, a senior police official said

Germany: 2nd arrest in connection with attack plan suspect (AP) German authorities on Wednesday arrested a man suspected of involvement in violence in Syria, a move triggered by the detention last week of a Syrian asylum-seeker who was suspected of planning an attack

French terror suspect tells court he's a victim of injustice (AP via Fox News) A French citizen with ties to the Charlie Hebdo attack in Paris has told a court in Bulgaria he is a victim of injustice

New Hillary Clinton Emails Raise Questions About State Department, Foundation Overlap (Time) Emails show her interacting with lobbyists and donors

Did Hillary’s Top Aide Help Cover Up Her Private Server? (Daily Beast) Hillary Clinton’s State Department claimed they knew nothing about her personal email system. Newly released records show a very different picture

Press Releases Finally Get a Devoted Readership: Hackers (Wired) No one ever wants to read press releases, not even journalists, and especially not when the documents are dense corporate financial updates trying to make things sound rosy to investors no matter what. You can imagine, though, that these perfunctory releases might take on a whole other significance and value to someone interested in, say, insider trading

UK prisons can now get cellphones remotely blocked over suspected illicit use (TechCrunch) It shouldn’t come as a surprise, really, that mobile phones are becoming an increasing concern among those tasked with policing prison populations. Smuggled in cellulars are being linked to all sorts of decidedly less benign contraband, including drugs, guns and the like

ISPs and FCC Republicans celebrate FCC’s court loss on muni broadband (Ars Technica) FCC critics glad that commission can't preempt state laws

Bleeping Computer countersues maker of SpyHunter (Ars Technica) Upset over domain name registrations that "libel" Bleeping Computer

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create...

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.