skip navigation

More signal. Less noise.

Daily briefing.

Kaspersky Labs explains why they think the Shadow Brokers have dumped Equation Group code in their come-hither teaser: Kaspersky sees an unusual implementation of RC5/RC6 as sufficiently idiosyncratic to flag the leak as genuine. Note that Kaspersky hasn't explicitly said the Equation Group is NSA, but most observers believe it is. Note too that such evidence is, inevitably, circumstantial.

Comae found an email account it thinks is connected to the Shadow Brokers. Motherboard reached out to Tutanota, the account's service provider, but Tutanota really can't say very much about any customers. Their service promises a relatively high degree of anonymity, and Tutanota wouldn't be interested in helping anyone deanomymize a client. Besides, German privacy law has their back.

Speculation about the leakers inevitably turns to Russia. Tensions between that country and the US have been rising, and (as Edward Snowden tweets) it's more noteworthy that the intrusion has been made public than that it was made at all. It strikes him, and others, as of a piece with the DNC-related hacks. Thomas Rid calls it a big "middle-finger" hoisted in the Americans' direction. Others have much to say about a cyber Cold War.

Coincidentally or not, NSA's public website was out for a day, recovering yesterday evening. Fedscoop reports an anonymous source said the site was down temporarily in connection with an internal review.

Neustar has released a study on how Domain Name System Security Extensions (DNSSEC) can be exploited in DDoS attacks.

The ransomware black market shows continued vigor.

Notes.

Today's issue includes events affecting Afghanistan, Belgium, Bosnia, Cambodia, China, Colombia, European Union, France, Germany, India, Indonesia, Iraq, Republic of Korea, Laos, Malaysia, Pakistan, Russia, Syria, Turkey, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Our theme today is the physical security of connected devices. We'll hear from Joe Carrigan of our partners at the Johns Hopkins University, and our guest Rob Humphrey from Kensington will discuss the results of his company's recent survey about securing devices in the workplace. (Our customary reminder: if you enjoy the podcast, please consider giving it an iTunes review.)

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, Arbor Networks, and more.

​3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain​ (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Cyber Attacks, Threats, and Vulnerabilities

The Equation Giveaway (Securelist) Rare implementation of RC5/RC6 in ‘ShadowBrokers’ dump connects them to Equation malware

Powerful NSA hacking tools have been revealed online (Washington Post) Some of the most powerful espionage tools created by the National Security Agency’s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency’s operations and the security of government and corporate computers

Exotic Code in ‘Shadow Brokers’ Release Points to NSA (Foreign Policy) After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

Did “The Shadow Brokers” hack NSA cyberweapons worth $500M? (Naked Security) A self-styled hacking group going by The Shadow Brokers have started a tongue-in-cheek media campaign claiming that they’ve penetrated the NSA (or someone like that), and made off with “cyberweapons” that they imply are worth more than $500 million

Snowden speculates leak of NSA spying tools is tied to Russian DNC hack (Ars Technica) Former NSA security scientist concurs exposure by "Equation Group" connected to DNC leak

Email Provider Linked to Alleged NSA Dumps: We Can't Help (Motherboard) On Monday, Motherboard reported that a hacker or group of hackers called “The Shadow Brokers” had dumped what it claimed was a cache of NSA hacking tools. In the wake of that rather extraordinary claim, the security community has feverishly compared notes, largely on Twitter, to try to figure out whether the data is legitimate, and what exactly the collection of files contains

NSA website recovers from outage amid intrigue (Politico) The National Security Agency’s website was offline for almost a full day until Tuesday evening, in an unexplained outage that began shortly after hackers claimed to have stolen a collection of the agency's prized cyber weapons

NSA and the No Good, Very Bad Monday (Lawfare) Monday was a tough day for those in the business of computer espionage. Russia, still using the alias Guccifer2.0, dumped even more DNC documents. And on Twitter, Mikko Hypponen noted an announcement on Github that had gone overlooked for two days, a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point

Hack of NSA-Linked Group Signals a Cyber Cold War (Motherboard) Early Saturday morning, a group of hackers calling themselves The Shadow Brokers made a shocking claim: they had hacked an NSA-linked group, and were selling the spy agency’s “cyber weapons” to the highest bidder

Democrats' new warning: Leaks could include Russian lies (Politico) The move could help inoculate Hillary Clinton against an October cyber surprise

Putin hints at war in Ukraine but may be seeking diplomatic edge (Reuters) Ukraine says it thinks Vladimir Putin is planning a new invasion, and it's not hard to see why: the Russian leader has built up troops on its border and resumed the hostile rhetoric that preceded his annexation of Crimea two years ago

Here’s why terrorist suicide attacks are increasing: They attract rewards from ISIS and al-Qaeda (Washington Post) From October 1980 to September 2015, according to a new paper by Benjamin Acosta, an assistant professor at Louisiana State University, 123 militant groups carried out 5,305 suicide attacks, killing more than 40,000 people. Just this year, suicide attacks have hit Afghanistan, Belgium, France, Indonesia, Iraq, Pakistan, Syria, and Turkey, among others

French Media Stopped Publishing Terrorists' Photos. Research Says They're Right. (Motherboard) A few weeks ago some major French newspapers decided to stop publishing the photos and names of terrorists. It was days after dozens of people were killed in a brutal attack in the coastal town of Nice, and the global community was scrambling to find out more about the violent man behind the wheel

Subverting protection into DDoS attacks (Help Net Security) On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches, according to Neustar

Neustar Research: DNSSEC Reflection Severe DDoS Risk (Yahoo! Finance) Neustar, Inc. (NSR), a trusted, neutral provider of real-time information services, today published “DNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Us,” a research report that details how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks. Neustar determined that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches

Attackers can hijack unencrypted web traffic of 80% of Android users (Help Net Security) The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM position also affects some 1.4 billion Android devices, Lookout researchers have warned

Proxy authentication flaw can be exploited to crack HTTPS protection (Help Net Security) Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM attackers to effectively hijack HTTPS sessions, security researcher Jerry Decime has discovered

India-based hackers suspected behind corporate espionage malware dubbed Shakti Trojan (International Business Times) The malware appears to have been around for a while, operating below the radar to evade detection

High-end banking malware hits Brazil (CSO) In the past two weeks, IBM's X-Force security team has spotted the high-end banking trojans Zeus Sphinx and Zeus Panda targeting Brazilian financial institutions, according to a new report

Brazil Can’t Catch a Break: After Panda Comes the Sphinx (IBM Security Intelligence) Within two weeks of the discovery of Zeus Panda (Panda Banker) activity, IBM X-Force researchers have uncovered the first signs of Zeus Sphinx attacks in Brazil. A new version of Zeus Sphinx, which is, like Panda, also a commercially available Zeus v2 variation, now targets the online banking and Boleto payment services of three of the top Brazilian banks and one bank in Colombia, according to its configuration file

Now data-stealing Marcher Android malware is posing as security update (ZDNet) Cybercriminals are telling users their device is at risk from viruses unless they download a particular 'security update' -- which delivers the malware

Shark Ransomware-as-a-Service: A real threat, a scam, or both? (Help Net Security) A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. The ransomware is called Shark

The inner workings of the Cerber ransomware campaign (Help Net Security) Check Point’s research team has analysed the inner workings of Cerber, the world’s biggest ransomware-as-a-service scheme

Cerber ransomware operation exposed... and boy is it lucrative! (Graham Cluley) Affiliate system makes Cerber one of the most lucrative RaaS platforms in the world

“You dirty RAT” – Spy versus Spy in the cybercrime underworld (Naked Security) Not all malware is ransomware, even though ransomware hogs the spotlight these days

Bug in Rockwell’s PLCs allows attackers to modify firmware (Help Net Security) There is an undocumented SNMP community string in Rockwell Automation’s MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely change settings or modify the device firmware, and therefore compromise the PLCs

How Cyberattacks on Critical Infrastructure Could Cause Real-Life Disasters (Motherboard) In October 11, 2012, then Secretary of Defense Leon Panetta warned of the impending dangers of a digital Pearl Harbor, a cyberattack that targeted critical infrastructure and caused real, physical damage

Yet Another Inevitable Breach? The Sage Case And What We Can Learn From It (Information Security Buzz) The British software company Sage suffered a breach according to multiple reports that can be found here, as well as here (and probably more). The breach resulted in the exposure of sensitive employee data of 200-300 companies working with the Sage product

Healthcare's Latest Cyber Threat: Source Code For Sale On The Dark Web (Forbes) One of the repeating themes at this year’s annual Black Hat cybersecurity conference was the idea that cyber threats in general are now moving rapidly beyond the “prototype” phase into full-scale production. One way that becomes apparent is by looking for datasets that are for sale on what’s known as the “dark web” using tools that are specifically designed to buy (or sell) anything with industrial-strength anonymity

A hacker only needs 25 minutes to break into your organization's computer systems, report finds (Daily Dot) Let's say there's a hacker who wants to worm his or her way into your organization's computer systems. How long, on average, would it take for the hacker to compromise your email server? According to a report released on Tuesday by the cloud-based cybersecurity firm Duo Security, the answer is about 25 minutes

Security warning after Pokémon Go activity detected at Airbus (ITV) Airbus employees have been warned about searching for Pokémon Go characters at work

State Dept warns Pokémon Go players in SE Asia: Watch out for landmines (The Hill) The State Department has a message for fans of Pokémon Go in Southeast Asia: Watch where you step

Security Patches, Mitigations, and Software Updates

BlackBerry starts rolling out QuadRooter patch, others to follow suit (Digit) The patch is being rolled out for the BlackBerry Priv and DTEK50, while Sony and OnePlus have also promised to roll out patches for their devices soon

Microsoft to end decades-old pick-a-patch practice in Windows 7 (Computerworld) As of October, Microsoft's switching older editions to the update model pioneered by Windows 10, and slammed by some customers

Cyber Trends

American Economic Activity Is Rooted In Global Flow Of Information (Forbes) In July, citizens around the globe watched a coup attempt unfold in Turkey, by following it on their smartphones and computers through Facebook FB -0.07%, Twitter and other online media. Turkey’s president turned to his iPhone to help thwart the coup, appealing to his country’s citizens via Facetime on live television while calling for his supporters to take to the streets via the very social media platforms he once denounced and repressed

People like using passwords way more than biometrics (Naked Security) A new survey shows that we’ll give up our passwords only when they’re pried from our cold, dead hands

Marketplace

Why doesn’t my cybersecurity insurance cover that? (CSO) There is still no standard approach on which the insurance industry underwrites cyber liability coverage. Find out some answers from an industry expert

Why Safety is Hard to Find in Cybersecurity (Wall Street Journal) Less driven by fear, corporate spending on cybersecurity gets more selective

New-school security: the opportunities amid Australia's threat landscape (CRN) Things move fast in information security. A decade ago antivirus was cool; today it is derided, its value questioned. A decade ago the perimeter was cool; today some say the edge is dead. “This is an exciting space,” says Gartner’s Craig Lawson, a veteran of the Australian

Caveat Emptor: Security Issues Key in M&A Deals (Channel Insider) It's no secret that safeguarding business and customer data is a big concern for companies. In mergers and acquisitions (M&As) world, cyber-security is a hot button

Q&A: New Symantec CEO On Blue Coat Acquisition, Partner Impact And What's Next In Security Vendor Turnaround (CRN) Symantec recently closed its blockbuster acquisition of Blue Coat Systems, ushering in a new era under incoming CEO Greg Clark and opening a new portfolio of solutions for partners

FireEye Inc in 5 Charts (Motley Fool) Tracking the cybersecurity company's changing revenue, expenses, and profitability

Leidos closes $4.6B deal for Lockheed's IT business (Washington Technology) Lockheed Martin and Leidos have completed their historic merger, undoing much of the IT acquisitions that Lockheed has built over the last two decades and making Leidos the largest IT provider in the federal market

CrowdStrike to work on DNC's cybersecurity (The Hill) The Democratic National Committee (DNC) on Monday announced that cybersecurity company CrowdStrike would be restructuring its management systems

BAE Systems Launches Cybersecurity Hub in Malaysia (GovConWire) BAE Systems has unveiled a cybersecurity and threat intelligence hub in Malaysia in support of cyber awareness and cyber technology adoption efforts in the country, ExecutiveBiz reported Monday

Fortinet and KISA to jointly strengthen cybersecurity in South Korea (MIS Asia) Fortinet has announced that it will be conducting a two-way information sharing on cyber threat intelligence with the Korea Internet & Security Agency (KISA)

ManTech Chosen for Potential $322M NGA Enterprise IT, Cyber Services Contract (GovConWire) The National Geospatial-Intelligence Agency has awarded ManTech International (Nasdaq: MANT) a potential five-year, $322 million contract for information technology services

Final draft of proactive cyber SIN delayed (Federal Times) The General Services Administration is pushing the final draft solicitation for its new special item number (SIN) for proactive cybersecurity services like threat hunting and penetration testing from the original Aug. 12 release date to sometime next week

Sophos Taps GoPro CIO (Wall Street Journal) Internet security firm Sophos Group PLC has tapped GoPro Inc.’s chief information officer as its first CIO, a year after a billion-dollar public market debut

Tim Crothers Joins Bricata's Board of Advisors (Benzinga) Veteran practitioner provides guidance and insight on advanced security strategies and techniques

CounterTack Appoints Matthew Addington as EVP of Federal Business (BusinessWire) Distinguished leader brings 25+ years of Federal sector experience

Products, Services, and Solutions

Security vendors ready ransomware decryption tools to help hospitals under cyberattack (Healthcare IT News) Kaspersky, Trend Micro, Symantec, Cisco and Emsisoft have tools that can decrypt health data after cybercriminals encrypt it. The hitch? The technology won’t work on all ransomware strains

RSA NetWitness Suite only solution to integrate threat intelligence across logs, packets, and endpoints (CSO Australia) Adds new Threat Intelligence Partners for faster detection and response

Google Duo: Simple, encrypted, video calling app (Help Net Security) Google Duo is a simple 1-to-1 video calling app available for Android and iOS. In order to use Google Duo all you need is your phone number, no separate account is necessary

Tenable Network Security Achieves AWS Foundations Benchmark Certification (BusinessWire) Tenable support for CIS benchmark allows organizations to audit their security configuration options in AWS cloud environments

LockPath Partners With ISACA to Help Organizations Align With COBIT Framework (MarketWired) LockPath®, a leader in governance, risk management and compliance (GRC) solutions, today announced its partnership with global IT association ISACA, the creator of the Control Objectives for Information and Related Technologies (COBIT) framework

FireEye Launches Cybersecurity Risk Assessment Service for Mergers & Acquisitions (Zawya) FireEye's intelligence-led security assessment to identify risks in M&A target's IT environment

Attivo Networks and Carbon Black Partner to Deliver Advanced, Continuous Threat Management and Response (Marketwired) Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that it has teamed up with Carbon Black, the leader in next-generation endpoint security, to provide an integrated solution for advanced continuous threat management and response

Airbus cryptography approved for Pentagon communications (C4ISRNET) The Defense Department has given a thumbs-up to the latest software upgrades to the Airbus Group's ECTOCRYP Black secure voice encryption device

LogMeIn & Kaspersky Lab Team Up to Provide Cybersecurity Solution to IT Managers & MSPs (Yhoo! Finance) LogMeIn, Inc. and Kaspersky Lab today announced a new partnership that will provide LogMeIn Central Premier customers with a complementary license of Kaspersky Endpoint Security for Windows

Ask us anything about your personal cyber security in a message. (Barburas) In our day to day life we are confronted with different situations where we doubt the legitimacy of an email, an attachment, a disgruntled colleague, a weirdly placed ATM and many more situations in which we would like to have an almost instantaneous second opinion

Technologies, Techniques, and Standards

China launches quantum satellite for 'hack-proof' communications (Guardian) Beijing hopes satellite will create communications system with significant military and commercial applications

Eliminate Weak Passwords With Regular Auditing (IBM Security Intelligence) Previously, we discussed the use of the feedback loop to help educate end users on how to improve secure computing practices. Here, we will discuss the feedback loop’s merits when applied to a regular part of an organization’s user auditing

Continuous security in the web application space (Help Net Security) What we’re seeing in the market right now is increased consolidation among vendors. They’re buying each other, more products covering another vendor’s territory are being introduced, and this is all creating confusion for anyone trying to put together a security program

Legislation, Policy, and Regulation

Obama Administration to Privatize Internet Governance on Oct. 1 (Wall Street Journal) Transfer of domain-name authority from U.S. likely to spark debate in Congress

EU considers imposing telecoms rules on web chat services (V3) Changes could have big impact on encryption and privacy

NSA21 brings new look, same mission for agency (Federal News Radio) The normally secretive National Security Agency is revealing more details about its NSA21 campaign and plans to address threats into the next decade

DHS talks with states about shoring up cyber in voting systems (FCW) In the wake of high-profile hacks of Democratic National Committee databases and associated concerns for the cybersecurity of the country's voting infrastructure, the Department of Homeland Security has kicked off a campaign to raise awareness its cyber resources for states

U.S. Senate Creates New Role Dedicated to Handling Cyberthreats (Government Technology) The new "Chief of Information Assurance” will be responsible for proactively identifying, protecting, detecting, reacting and recovering from advanced cyberthreats

Hacks targeting Democrats put a spotlight on cyber in Congress (FCW) In the wake of a cyber breaches against Democratic targets, Congress is trying to step up its own cybersecurity to gird against future threats. The Democratic National Committee and the Democratic Congressional Campaign Committee were targeted in high profile hacks that included leaks of sensitive information

Making Sense of Army Electronic Warfare-Cyber Convergence (C4ISRNET) One of the Army’s biggest goals in the near future concerns network convergence. As evidence, look no further than the decision to disband its electronic warfare division, which will fold into a newly established cyber directorate at the Pentagon within the Army

How STRATCOM's priorities line up in an interconnected world (C4ISRNET) The nature of today’s world is everything is connected. This is true in the commercial, social, political and warfare spaces

Litigation, Investigation, and Law Enforcement

FBI defends decision not to charge Clinton as it submits probe documents to Congress (Washington Post) The FBI on Tuesday forcefully defended its decision not to criminally charge Hillary Clinton in connection with her use of a private email server as secretary of state in a letter to lawmakers that laid out its rationale for refusing to do so

Bill Clinton’s misleading claim about ‘marked classified’ information in Hillary Clinton’s emails (Washington Post) At a voter forum co-hosted by the Asian American Journalists Association and nonpartisan civic engagement group APIAVote, Clinton was asked to explain to voters why they should trust Hillary Clinton after her email scandal. In his answer, Clinton summarized two common Democratic talking points about Hillary Clinton’s emails

Navy spy case moves forward after defense motions denied (Navy Times) After two days of motion hearings, a Navy officer accused of spying for Taiwan remains set for a late October court-martial

UK radical preacher Anjem Choudary convicted of IS support (AP) One of Britain's best-known radical Muslim preachers, Anjem Choudary, has been convicted of encouraging support for the Islamic State group

Bosnian Authorities Arrest Alleged IS Recruiter (ABC News) Bosnian authorities say they have arrested a man suspected of recruiting members for the Islamic State group

Civil liberties groups ask FCC to probe Baltimore police use of cellphone tracking devices (Washington Post) Several civil liberties organizations filed a complaint Tuesday asking the Federal Communications Commission to investigate the use of cellphone tracking devices by the Baltimore Police Department

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Upcoming Events

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.