skip navigation

More signal. Less noise.

Daily briefing.

Most observers who've looked into what the Shadow Brokers are offering think it likely that the dump contains actual NSA files. Much of the material relates to ways of subverting firewalls and other security products. Cisco and Fortinet confirm that zero-days referenced in the files are indeed genuine, and both companies have begun issuing patches. Analysts see this as displaying the unwisdom of hoarding zero-days, even in small numbers.

No one appears willing to pay the 1 million Bitcoin (roughly $576 million) for the Shadow Brokers complete trove, which isn't surprising, since money probably isn't the object here. The fact that someone has rickrolled the auction site doesn't help, but half a billion dollars is a lot to fork over, even for Wealthy Elite.

Most observers also think the operation can be credited to Russian intelligence services, although how those services might have got the files is still up for speculation. Most disturbing is the possibility the files were physically exfiltrated on some storage media, possibly by an insider.

The Clinton Foundation is said to have hired FireEye after noticing indicators of compromise.

Suspicion of North Korean involvement in recent SWIFT bank fraud re-emerges: the DPRK is thought to have used the theft to increase its hard currency reserves.

Kaspersky reports a large cyberespionage campaign in progress, affecting companies and universities in at least thirty countries. The goal appears to be theft of trade secrets; the actors appear to be a criminal gang (probably operating from Russia).

Cisco announces layoffs.

Notes.

Today's issue includes events affecting Australia, Bangladesh, China, Egypt, France, Germany, India, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Portugal, Pakistan, Qatar, Romania, Saudi Arabia, Spain, Sweden, Switzerland, Taiwan, Turkey, United Arab Emirates, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today, courtesy of our partners at the University of Maryland's Center for Health and Homeland Security, we'll hear from Ben Yelin about the apparent NSA compromise. Our guest is Adam Meyers from Crowdstrike, who'll talk about some recent security trends as well as Crowdstrike's work against the Boson Spider gang. (And of course, if you enjoy the podcast, please consider giving it an iTunes review.)

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, Arbor Networks, and more.

​3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain​ (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Cyber Attacks, Threats, and Vulnerabilities

US National Security Agency Hacking Tools Posted Online (Voice of America) A collection of powerful computer hacking tools developed by the U.S. National Security Agency has mysteriously appeared online, a development that could compromise operations at the spy agency and put government and corporate computers at risk

Security Experts Say NSA-Linked Hacking Effort Was Itself Compromised (Wall Street Journal) Files use unusual mathematical operation tied to a group that appears to support U.S. interests in cyberspace

Alleged NSA data dump contain hacking tools rarely seen (CSO) Cisco said that the sample files reveal an undetected software flaw in its products

Leaked hacking tools can be tied to NSA’s Equation Group (Help Net Security) The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group

'Shadow Brokers' Claim To Have Hacked The NSA's Hackers (NPR) The "Shadow Brokers" are in the spotlight

No One Wants to Buy Those Stolen NSA-Linked ‘Cyberweapons’ (Wired) When an anonymous group calling itself Shadow Brokers put up for auction a collection of data it said it stole from the NSA, the group wrote that it would make the information public if it received the truly absurd “Dr. Evil” sum of one million bitcoins—at current exchange rates, about $576 million. So far, however, it’s achieved a more modest payday: $937.15

Someone Rickrolled the Bitcoin Auction for NSA Exploits (Motherboard) All this week, the security community has been abuzz with the public dump of NSA-linked exploits. The hacker or hackers who released them, The Shadow Brokers, have indicated they will give more material to the winner of an ongoing bitcoin auction, and at least a few people are trying to get their hands on the promised goods

Analyzing the NSA code breach in the context of recent cybersecurity events (PBS Newshour) On Saturday, programming code for National Security Agency hacking tools was shared online. The content appears to be legitimate, but it is not clear if it was intentionally hacked or accidentally leaked. Hari Sreenivasan speaks with The Washington Post’s Ellen Nakashima and Paul Vixie of Farsight Security about where this development fits in the context of other recent cybersecurity breaches

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days (Wired) When the NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence. Now a case of data apparently stolen from an NSA hacking team seems to show the risks that result when the agency chooses offense over defense: Its secret hacking tools can fall into unknown hands

'Auction' of NSA tools sends security companies scrambling (AP via Yahoo! Tech) The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter — and sent major companies rushing to update their defenses

Cisco, Fortinet validate exploits leaked by the Shadow Brokers (Help Net Security) Cisco and Fortinet have released security advisories confirming that some of the exploits leaked by the Shadow Brokers work as intended

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers (Threatpost) Cisco has quickly provided a workaround for one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers

Cisco confirms NSA-linked zeroday targeted its firewalls for years (Ars Technica) Company advisories further corroborate authenticity of mysterious Shadow Brokers leak

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump (Motherboard) There are a lot of unanswered questions surrounding the shocking dump of a slew of hacking tools used by an NSA-linked group earlier this week. But perhaps the biggest one is: who’s behind the leak? Who is behind the mysterious moniker “The Shadow Brokers”?

Why EQGRP Leak is Russia (CyberSecPolitics) First off, it's not a "hack" of a command and control box that resulted in this leak. Assuming it's real (I cannot confirm or deny anything here - largely because I don't know), it's almost certainly human intelligence - someone walked out of a secure area with a USB key. So let's go down the list of factors that make it "Almost Certainly Russia"

Russia emerges as prime suspect in apparent NSA hack (Christian Science Monitor Passcode) A previously unknown group dumped a cache of hacking tools on the web that appear to be from the National Security Agency. Now, cybersecurity experts say Moscow is once again behind a cyberattack on the US

NSA ‘Shadow Brokers’ Hack Shows SpyWar With Kremlin Is Turning Hot (Observer) This won’t be the last time Putin and his spies have us over a barrel

Clinton Foundation hired cyber firm after suspected hacking: sources (Reuters) Bill and Hillary Clinton's charitable foundation hired the security firm FireEye to examine its data systems after seeing indications they might have been hacked, according to two sources familiar with the matter

North Korean malware linked to Bangladesh bank hack (Fedscoop) If North Korea turns out to be behind the $81 million Bangladesh cyber heist, it will be only the latest example of engaging in criminal activity to generate hard currency for its hereditary regime

New wave of targeted attacks focus on industrial organizations (Help Net Security) Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation Ghoul, these cybercriminals use spear-phishing emails and malware based on a commercial spyware kit to hunt for valuable business-related data stored in their victims’ networks

Kaspersky: U.S. Caught Up in Advanced Cyberattacks Largely Affecting Middle East (Morning Consult) A new wave of cyberattacks largely hitting the Middle East and Europe is also affecting pharmaceutical and engineering industrial organizations in the United States, according to a post from Mohamad Amin Hasbini, a senior security researcher at Kaspersky Labs

Browser Address Bar Spoofing Vulnerability Disclosed (Threatpost) Chrome, Firefox and likely other major browsers are afflicted by a vulnerability that allows attackers to spoof URLs in the address bar

Spammers modify sites’ core WordPress files for long-lasting compromise (Help Net Security) In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying core WordPress files

Critical Windows flaw allows hackers to attack without trace, but Microsoft not keen on a fix (International Business Times) A loophole in the Event Viewer feature enables attackers to hack into any Windows OS without a trace

1 compromised site - 2 campaigns (SANS Internet Storm Center) Earlier today, I ran across a compromised website with injected script from both the pseudo-Darkleech campaign and the EITest campaign. This is similar to another compromised site I reported back in June 2016, shortly after Angler exploit kit (EK) disappeared from the EK scene [1]. At that time, the pseudo-Darkleech and EITest campaigns had switched to Neutrino EK

Marcher steps up game: Malware poses as security update, imitates popular apps (SC Magazine) Looking to capitalize on mobile device owners' growing security fears, a new variant of the Android malware Marcher is infecting victims by fraudulently posing as a firmware security update

Nearly a Third of Users Fall for Phishing (eWeek) A month ago, Duo Security publicly released its free Duo Insight tool, enabling organizations to test responses to phishing attacks. The results of the first six weeks of user testing are now in, and the numbers are not inspiring

Using a Neural Network to Improve Social Spear Phishing (eSecurity Planet) Researchers from ZeroFox build a tool that employs neural networks to trick unsuspecting Twitter users

August Locky Blitz Hits Healthcare Organizations (Infosecurity Magazine) August has seen a major new wave of Locky ransomware attacks targeting healthcare organizations in the US, Japan and elsewhere, according to FireEye

Ransomware as a Service is Bringing In Some Serious Money (Bitcoinist) Ransomware is now becoming standardized to create a lucrative business model, ransomware as a service for amateur hackers

Cerber ransomware service lets cybercriminals reap over $2m per year, study finds (International Business Times) According to the report, Cerber is likely a Russia-based service

Bitcoin website suspects it will be targeted by state-sponsored hackers, warns users (Hot for Security) Hopefully we are all aware that we should exercise caution when downloading programs from the internet

VeraCrypt disk encryption team claims “emails intercepted” (Naked Security) Remember TrueCrypt?

Student Loans Company in Phishing Warning (Infosecurity Magazine) The UK’s Student Loans Company has been forced to issue a fraud alert after phishers launched a new campaign targeting students starting this autumn

Here’s a Hillary Clinton exposé that’s strictly for suckers (Sun Herald) If you encounter an email in the next few days that seems too good to be true, one that, oh, promises a video of Hillary Clinton accepting money from the the leader of ISIS, don’t click it

WikiLeaks Turkish AKP Email Dumps Contain Malware; Researcher (HackRead) Last month Wikileaks published emails stolen from Turkish ruling party AKP — now, a researcher has presented a report showing the AKP emails contain malware attachments

Turkish group hacks Killeen website for the second time (Killeen Daily Herald) For the second time this year, the Killeen official website was hacked by someone claiming to be part of a Turkish hacker group

A new low! SMS scammers prey on parents' fears to make a few bucks (Greham Cluley) These alarming text messages couldn’t be worse… or more fake

Security Patches, Mitigations, and Software Updates

Cisco, Fortinet issue patches against NSA malware (Network World) Versions of Cisco PIX, ASA and Fortinet’s Fortigate firmware are affected

Microsoft To Bring The Cumulative Security Updates To Windows 7 And 8.1 Versions (MustTech News) Microsoft is going to draw an end to its years old pick-a-patch practice in the most popular platform Windows 7 and will introduce the cumulative security and performance updates instead. Pick a patch option was more flexible that allowed users to choose the updates they want. But according to Nathan Mercer, a senior product marketing engineer at Microsoft, the individual patches were creating multiple potential problems and this is why they chose to shift to the cumulative patches

Verizon has a plan to make the Android bloatware problem worse (Ars Technica) Verizon sought $1 to $2 per device, would install apps on Android phones

Cyber Trends

List 10 leading causes of IT security gaps (Health Data Management) Organizations are failing at security, as data loss is increasingly common

Okta research says slow tech upgrades puts companies at risk (SC Magazine) Research from security company Okta is claiming that companies which aren't agile on technology upgrades are putting themselves at risk of cyber-attacks

Organizations still unprepared for malicious insiders (Help Net Security) Organizations globally believe they are their own worst enemy when it comes to cybersecurity, with 45 percent saying they are ill-equipped to cope with the threat of malicious insiders and twice as many, 90 percent, calling malicious insiders a major threat to the organizations’ security, according to Mimecast

8 Surprising Statistics About Insider Threats (Dark Reading) Insider theft and negligence is real--and so are the practices that amplify the risks

Cloud adopters still struggling to see what shadow-IT users are doing (CSO Australia) More than half of companies adopting cloud services have experienced security incidents related to those cloud services, according to new research that also identified poor enforcement of policies around shadow IT, user logins and audit controls

Security is not a product but a culture: Palo Alto Networks' Anil Bhasin (Economic Times) Anil Bhasin, MD – India & SAARC, Palo Alto Networks sheds light on various aspects of cloud security, the current threat landscape and their acquisitions from across the world

Lack of process, security culture leaving firms open to cyber-attack (SC Magazine) A new white paper from QinetiQ has claimed that a lack of understanding of how to mitigate employee negligence is leaving firms wide open to cyber-attacks

Hacking smart cities: Dangerous connections (Help Net Security) Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets

Impacts of cyberattacks can be more than meets the eye (The Nation (Thailand)) Thailand's cyber-landscape has been changing more rapidly than ever before. The government’s ambitious goal to become Asean’s digital-infrastructure hub by 2020, the plan for a national e-payment programme, global financial-technology trends, or newly invented Internet start-ups - these are the key accelerators for the need for more rigorous cybersecurity programme

Marketplace

4 Questions the Board Must Ask Its CISO (BankInfo Security) Drilling down on cybersecurity plans

Cyber attack recovery 300% dearer due to skills shortage (ComputerWeekly) The improvement of specialist security expertise is one of the top three drivers for an additional investment in IT security, but many struggle to find people with the skills they need, a report reveals

Lack of security talent is a threat to corporate safety (Help Net Security) Large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise, according to Kaspersky Lab

Cisco to cut 5,500 jobs in shift away from switches, routers (Reuters) Cisco Systems Inc said it would lay off up to 5,500 employees, or nearly 7 percent of its workforce, as the world's largest networking gear maker shifts focus to areas such as security, Internet of Things and cloud

Cisco will remain “highly acquisitive” in cyber security market, says UK cyber chief (Computer Business Review) C-level briefing: Cisco's Terry Greer-King talks cyber security and the need for unified architecture

Intel Seems to Have a Stronger Hand Than Cisco Systems (New York Times) Intel and Cisco Systems are facing divergent futures. Intel is swallowing its pride and licensing intellectual property from its chip-making rival ARM. Cisco is planning to cut 7 percent of its workers. Intel may have the strong hand

Palo Alto Networks Stole a Key Customer from FireEye Last Quarter (Motley Fool) FireEye's problems may be driven by increasing competition

Security Startup LookingGlass Turning To Partners For Next Phase Of Growth (CRN) Security startup LookingGlass is planning a channel expansion in a big way, new channel chief Laurie Potratz told CRN

Avecto 'didn't need' US investment - but it helped (Business Cloud) A cyber security CEO has revealed how funding from across the Atlantic saw him rip up his business plan

Time is tight to attend American cyber security conference (Worcester News) Time is running out for cyber security companies to apply for the Midlands Engine mission to Baltimore, America in October

AhnLab to provide security programs for PyeongChang Olympics (Korea Times) AhnLab will provide security programs for the 2018 PyeongChang Winter Olympic Games, the cybersecurity firm said Wednesday

Meet the inaugural cybersecurity ‘Hall of Honor’ inductees in SA (San Antonio Business Journal) A new Hall of Honor, a similar concept to Hall of Fame, meant to recognize leaders in the cybersecurity industry in San Antonio is set to induct its inaugural members

Salient CRGT Achieves CMMI Maturity Level 3 Appraisal (PRNewswire) Achievement highlights continuous commitment to quality, process improvement, and effective delivery of system and software engineering services

Products, Services, and Solutions

G DATA Passwortmanager bringt Ordnung in den Kennwörter-Dschungel (PresseBox) G DATA Total Protection mit neuem Passwortmanager sorgt für mehr Sicherheit im Internet

Sn1per: Automated pentest recon scanner (Help Net Security) Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities

HyTrust Unveils Enhanced Workload Security Solutions for the New Multi-Cloud World (BusinessWire) Updates to HyTrust DataControl and HyTrust CloudControl provide comprehensive end-to-end multi-cloud encryption and automated compliance for software-defined data centers and hyper converged infrastructures

Pillsbury, FireEye Start Cyber Risk Service For M&A (Law360) Pillsbury Winthrop Shaw Pittman LLP has launched a service to help deal makers assess merger targets’ cybersecurity risks, in partnership with cybersecurity company FireEye and unit Mandiant

Technologies, Techniques, and Standards

If not managed properly, BYOD could turn into ‘Bring Your Own Disaster’: Raimund Genes, CTO, Trend Micro (Economic Times) In an interview with ETCIO.COM, Raimund Genes, Chief Technology Officer, Trend Micro talks about the ways in which an enterprise can work with its employees to prop up the security posture

User Ed: Patching People Vs Vulns (Dark Reading) How infosec can combine and adapt security education and security defenses to the way users actually do their jobs

Five tips to help execute an employee training program (Help Net Security) One of the best ways to reduce the risk of data breaches is employee training. This is particularly important during the fall “back to business” season when many employees are returning to the office after a well-deserved summer break, according to Shred-it

Cybersecurity: This Is Not a Drill (IBM Security Intelligence) They say hindsight is 20/20, but often that’s not good enough — particularly when it comes to protecting your data. Cybersecurity can mean the difference between the success and failure of your organization. Whether it is a small family business or a large corporation, your focus needs to shift to security foresight to protect your business and customer interests

SSA: Ixnay on txt msg reqmnt 4 e-acct, sry (KrebsOnSecurity) AUG 16 The U.S. Social Security Administration says it is reversing a newly enacted policy that required a cell phone number from all Americans who wished to manage their retirement benefits at ssa.gov. The move comes after a policy rollout marred by technical difficulties and criticism that the new requirement did little to prevent identity thieves from siphoning benefits from Americans who hadn’t yet created accounts at ssa.gov for themselves

Opinion: Why political campaigns need chief information security officers (Christian Science Monitor Passcode) The Democratic and Republican parties – and their presidential candidates – should immediately put someone in charge of safeguarding their data. It's for the good of voter privacy and American democracy

Design and Innovation

Facebook’s unblockable-ads push is a “big bluff” (Naked Security) Facebook, the adblocker ball’s back in your court, but researchers seem to have punched some holes in your racket

Research and Development

U.S. Department of Homeland Security funds four blockchain companies developing new cyber security technology (Brave New Coin) The U.S. Department of Homeland Security, Science and Technology Directorate, recently unveiled a list of 13 small businesses working towards “the development of new cyber security technology.” The companies are part of the 2016 Small Business Innovation Research program. Each was awarded approximately $100,000 in funding, for a total of $1.3 million, and four are using blockchains in their product

Legislation, Policy, and Regulation

Vietnam to develop strategic plan on cyber security (Vietnam Net Bridge) The Ministry of Information and Communications (MIC) will develop and submit a strategic plan on cyber information security to the government, according to Minister Truong Minh Tuan

Blog: A Three-pronged Approach for Fighting Foreign Cyber Attacks (SIGNAL) When we think of cyber attacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Take a moment to scan the headlines and you’ll see that articles about cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia

The Situation Report: The Driving Forces Behind NSA’s Reorganization (Meritalk) The National Security Agency has operated for decades under a well-defined mission: conduct foreign signals intelligence, support military operations, and defend national security systems from attacks. But major changes in the cyber threat landscape during the last few years have forced the agency to embrace a new reorganization strategy that officials argue is urgently needed to defend the nation from an onslaught of state-sponsored hacking attacks

5 federal agencies with a role in ensuring enterprise cybersecurity (CIO Dive) As hackers hone their skills, businesses deal with cybersecurity concerns on a daily basis. Most major hacks to date have focused on a specific company or agency. But what if a large cyberattack were to occur on a national scale? Who would enforce cybersecurity measures and provide guidance to businesses on what to do and how to react?

Litigation, Investigation, and Law Enforcement

Sage Employee Arrested in Connection with Data Breach (Infosecurity Magazine) As the fallout from the recent Sage breach continues to rumble on, City of London police have arrested a Sage Group employee on suspicion of fraud

Google loses appeal against Russia’s Android antitrust ruling (Ars Technica) Strike three against Google as it's ordered to comply with Russia's antitrust rules

Google faces legal action over data-mining emails (Naked Security) For Google, the long-running dispute over its data-mining of email just won’t go away

Enigma Software Countersued For Waging A 'Smear Campaign' Against Site It Claimed Defamed It (TechDirt) Enigma Software -- creator of the SpyHunter suite of malware/adware removal tools -- recently sued BleepingComputer for forum posts by a third-party volunteer moderator that it claimed were defamatory. In addition, it brought Lanham Act trademark infringement claims against the site -- all in response to a couple of posts that portrayed it in a negative light

Stealing bitcoins with badges: How Silk Road’s dirty cops got caught (Ars Technica) Ross Ulbricht's screwup led to DEA agent's arrest, who revealed another rogue agent

“Hunted” schoolgirls’ nude images and personal info published online (Naked Security) More than 2,000 sexual images of underage girls and women have been shared by teen boys and young men, on an Australian website. The site allows users to barter the illegal images, announce the “wins” of their hunting sprees and identify the subjects by attaching full names, faces, schools, home addresses, and phone numbers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

Upcoming Events

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.