skip navigation

More signal. Less noise.

Daily briefing.

Consensus at week's end is that NSA was indeed compromised. Cisco and Fortinet are already patching zero-days included in the code released by the Shadow Brokers, and Juniper Networks is investigating apparently exploitable flaws in its own software. Fugitive leaker Edward Snowden is among many who believe Russian intelligence services are behind the compromise—Immunity's CTO David Aitel, for one, told Passcode he thinks the Shadow Brokers' release is a cyberdeterrent move aimed at dissuading US retaliation for Russian hacks of US political organizations.

What does not, however, point to Russian involvement is the bizarrely fractured English the Shadow Brokers use in their auction communiqués. No observers have found any plausible non-native English syntax that matches the Brokers' prose. Rather, it reads like something thrown together by a screenwriter.

Other speculation continues to center on the possibility that disgruntled or compromised insiders were responsible for the leak. Those adhering to this theory point to aspects of the leaked files they think would be inaccessible to anyone lacking physical access to NSA facilities.

Malicious insiders have been problematic elsewhere. Studies show companies uneasy about their ability to detect and manage insider threats, and the arrest of a Sage employee at Heathrow Airport on charges of stealing customer data gives point to such concerns.

Brian Krebs reports that unwanted emails are flooding the in-boxes of users with dot-gov addresses. The emails, mostly newsletters, amount, some are saying, to a denial-of-service operation. The problem is beginning to manifest itself outside the dot-gov domain.

Notes.

Today's issue includes events affecting Canada, China, Germany, Iran, Russia, Turkey, Ukraine, United Kingdom, United States.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from Jonathan Katz, representing our partners at the University of Maryland. He'll talk about reverse engineering encryption. Our guest is Delta Risk's Chris Fogle, who'll share perspective on board responsibility for cyber security. (As always, if you enjoy the podcast, please consider giving it an iTunes review.)

Cyber Security Summit in Chicago (Chicago, Illinois, USA, August 25, 2016) Senior-level executives are invited to learn about the latest threats & solutions in cyber security with experts from the FBI, Arbor Networks, and more.

​3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain​ (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Cyber Attacks, Threats, and Vulnerabilities

Security Experts Agree: The NSA Was Hacked (Technology Review) Analysis of the software tools made available by the Shadow Brokers suggests that they’re the real deal

The NSA Hack: Who Did It and Why? (Bloomberg via Yahoo! Finance) When Edward Snowden disclosed surveillance secrets from the U.S. National Security Agency in 2013, it was a clear case of whodunit, a mystery that was solved when the former NSA contractor gave an interview to The Guardian newspaper from his Hong Kong hotel room. This week’s leak of high-tech hacking tools, however, is less straight forward

Russia emerges as prime suspect in apparent NSA hack (Christian Science Monitor Passcode) A previously unknown group dumped a cache of hacking tools on the web that appear to be from the National Security Agency. Now, cybersecurity experts say Moscow is once again behind a cyberattack on the US

Snowden Claims Russia is Behind NSA Hack (Infosecurity Magazine) Former NSA contractor Edward Snowden has claimed that the Kremlin is most likely behind the recent cyber-attack on what is thought to be an NSA C&C server, and is using the data as leverage against a possible retaliation for the state-sponsored campaign against the Democrat party

Here's why the NSA won't release a 'smoking gun' implicating Russia in these major hacks (Business Insider) Was Russia behind the massive hack of the Democratic National Committee, or the latest breach of what appears to be the NSA's elite hacking unit?

The NSA Data Leakers Might Be Faking Their Awful English To Deceive Us (Motherboard) Nobody knows who’s hiding behind the moniker of The Shadow Brokers, the mysterious group who earlier this week dumped a slew of hacking tools belonging to the NSA. Is it the Russian government? Is it actually a disgruntled rogue NSA insider?

Those Hacked NSA Malware Names Are Funny, But Don't Laugh Too Hard (Fortune) This isn’t some new Bond film—this is actually happening

Cisco, Juniper and Fortinet Investigate Zero-Day Claims (Infosecurity Magazine) Cisco, Fortinet and Juniper Networks have confirmed that they are investigating reports of zero-days in their products

Opinion: NSA hack reveals flaws in White House zero-day process (Christian Science Monitor Passcode) A potentially damaging hacking tool revealed in the apparent National Security Agency breach includes a zero-day vulnerability – or previously unknown security hole – in Cisco software. The government should have already disclosed that flaw

The NSA Has a New Disclosure Policy: Getting Hacked (Foreign Policy) Software vulnerabilities are the NSA’s best weapons, Silicon Valley’s worst nightmare, and a new target for hackers

How intelligence agencies undermine our computer security (Crikey) Our intelligence agencies are supposed to keep us safe -- so why do they deliberately keep IT security flaws secret from users?

The Clinton Foundation fear donation data stolen after suspected hack (International Business Times) Officials spotted 'indications' it was compromised by 'spearphishing' tactics

Utah congressman sees possible Russian cyberattack on U.S. elections (Deseret News) A Utah congressman sees the possibility for Russian computer hackers to disrupt the U.S. presidential election in November

WikiLeaks postings of Turkish emails included active links to malware (SC Magazine) WikiLeaks' practice of delivering unfiltered information to its readers backfired after a researcher discovered that its collection of leaked Turkish government emails contained over 300 active links to malware files hosted on the controversial site

Massive Email Bombs Target .Gov Addresses (KrebsOnSecurity) Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists. According to experts, the attack — designed to render the targeted inboxes useless for a period of time — was successful largely thanks to the staggering number of email newsletters that don’t take the basic step of validating new signup request

Retooled Locky Ransomware Pummels Healthcare Sector (BankInfo Security) Attackers increasingly favor ransomware over banking Trojans, FireEye says

Locky Targets Hospitals In Massive Wave Of Ransomware Attacks (Threatpost) A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents

A Mysterious Message Is Warning Bitcoiners About a ‘State Sponsored’ Attack (Motherboard) The next version of Bitcoin Core, one of the most popular bitcoin wallets in existence, might be replaced with a malicious version courtesy of government-backed hackers, a warning on Bitcoin.org, the site that hosts downloads for Core, states

Compromising Linux virtual machines via FFS Rowhammer attack (Help Net Security) A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers

Malware Infected All Eddie Bauer Stores in U.S., Canada (KrebsOnSecurity) Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after KrebsOnSecurity first notified the clothier about a possible intrusion at stores nationwide

Former CEO Claims Swift Was Slow to Address Threats (Infosecurity Magazine) The under fire Swift banking messaging network took its eye off the ball in failing to prioritize cybersecurity over the past decade, especially when it came to its smaller members, according to a former CEO

SWIFT banking execs admit to ignoring security before hacks (Tech Target) The SWIFT banking system had a number of high profile hacks earlier this year and execs are now admitting that they ignored security issues until it was too late

3 Takeaways From The HEI Hotels And Oracle MICROS Breaches (Dark Reading) Attacks another reminder of the fragility of the US payment system

Microsoft is secretly stealing your data, says security expert (What Mobile) Top security expert for Plixer has discovered that Microsoft is secretly stealing data from its Windows 10 users

EFF Blasts Microsoft Over ‘Malicious’ Windows 10 Rollout Tactics (Threatpost) The Electronic Frontier Foundation is blasting Microsoft for its “malicious” and “annoying” tactics when it comes to prodding Windows users to update their operating system to Windows 10

Dating Sites Hit By Luring Attacks from TOR (Infosecurity Magazine) An increase in luring attacks targeting dating sites via the TOR network has been uncovered

IPhone hackers pick wrong target — a UW expert (Waterloo Region Record) On-screen taunt gives encryption specialist time to thwart attack

Beware; Hackers targeting Pokemon Go Users with Smishing Scam (HackRead) Pokemon GO game inspiring one scam after another — after malware and RAT infected apps here comes Pokemon GO smishing (SMS phishing) scam

Security Patches, Mitigations, and Software Updates

GPG Patches 18-Year-Old Libgcrypt RNG Bug (Threatpost) New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator

Cyber Trends

The state of security? No one cares about a breach (Help Net Security) In an election year, everyone asks the question about whether or not you are better off than you were four years ago. There are many ways to answer such a question, and various people make arguments from various angles and data points

Check Point Research Shows Drop in Traditional Malware, Rise in Mobile Malware (Yahoo! Finance) Check Point® Software Technologies Ltd. ( NASDAQ : CHKP ) today revealed the number of active malware families decreased by 5 percent, as the company disclosed the most prevalent malware families attacking organizations' networks in the month

Banking customers hesitant to use mobile features due to security concerns (Help Net Security) Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding

Report: Mid-market companies grow more comfortable with cloud security risks (ZDNet) A Deloitte survey shows that security risks are no longer the leading concern influencing cloud adoption

Legacy security hinders productivity, Okta says (IT Pro Portal) Most organisations genuinely believe offering the best technology results in better business productivity. However, the ‘traditional on-premise security mindsets’ are in the way

Is security enabling or compromising productivity? (Help Net Security) While most organizations fundamentally believe connecting people to the best technology is vital to business productivity, many struggle to achieve agility due to traditional on-premise security mindsets, according to an Okta survey of 300 IT and security professionals

Attacker's Playbook Top 5 Is High On Passwords, Low On Malware (Dark Reading) Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software

As Industry 4.0 Marches on, the Manufacturing Sector Must be Better Prepared for Cyber-Attacks (Infosecurity Magazine) The idea of factories full of driverless forklifts and collaborating robot workers was once the stuff of pure science fiction, but has now become the common reality for smart factories around the world. The futuristic new order of things was demonstrated at this years’ Hannover Messe, the leading international trade fair for industrial technology

Marketplace

Should Enterprise Security Software Be under Warranty? (eSecurity Planet) Should enterprise security software offer warranties, much as consumer products and services do?

Cloud security market in the retail sector expected to grow (Help Net Security) The global cloud security market in the retail sector is expected to grow at a CAGR of close to 21% until 2020, according to Technavio

NEC Acquires Brazil-Based IT Security Business Arcon (ACN Newswire) NEC Corporation (NEC; TSE: 6701) today announced that NEC Latin America concluded an acquisition agreement for Brazil-based IT Security business Arcon Informatica S.A. (Arcon) as part of reinforcing IT Services in the region

Wipro invests $1.5 mn in Israeli cybersecurity company (The Hindu) India’s third largest software services provider Wipro has invested $1.5 million to acquire minority stake in Tel Aviv based cyber security platform provider Insights Cyber Intelligence Limited

Rakuten buys struggling bitcoin startup Bitnet to create a ‘blockchain research lab’ (TechCrunch) Rakuten has confirmed that it has acquired the assets of Bitnet, a bitcoin wallet startup it invested in, which will be used to create a ‘bitcoin lab’ for the Japanese retail giant

U.S. Grants ZTE Another Extension of Trade-Sanctions Relief (Wall Street Journal) Company allegedly violated rules restricting exports of U.S. tech goods to Iran

Government of Canada Selects Fortinet to Secure Its Information Technology Infrastructure (Yahoo! Finance) Andy Travers, senior vice president, sales USA and Canada, Fortinet: "Fortinet has a long-standing history of working with the Canadian market"

US bike giant Trek selects Darktrace (Business Weekly) US company Trek Bicycle Corporation has opted to defend its critical information with innovative, self-learning technology from cyber security specialist Darktrace in Cambridge

Products, Services, and Solutions

Forcepoint to help Singapore companies prevent insider threats (MIS Asia) Forcepoint - a global cybersecurity provider - has launched SureView Insider Threat to help Singapore companies accelerate their efforts to prevent insider threats

Twitter’s Anti-Abuse Filter Is Finally Available to All (Motherboard) In my seven years on Twitter, about four of them active, I have been subjected to sexism, racism, threatening language, and cyberstalking. And I’m hardly an exception to what millions of users experience while trying to have an otherwise delightful and informative day. But for almost a decade, Twitter has refused to get involved in any sort of meaningful way

Technologies, Techniques, and Standards

Voting Machines Are a Mess—But the Feds Have a (Kinda) Plan (Wired) America's voting machines are a patchwork of systems spread across thousands of districts, with widely varying degrees of accountability. It’s a mess. One that the Department of Homeland Security has finally committed to helping clean up

Security Against Election Hacking - Part 1: Software Independence (CircleID) There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election?

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense! (CircleID) State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked

Researchers pinpoint best times for delivering security messages (Help Net Security) When is the best time to deliver a security message?

Deutsche Cyber-Sicherheitsorganisation unterstützt Unternehmen bei Abwehr von Gefahren aus dem Netz (Presseportal) Am Mittwoch haben sechzehn namhafte deutsche Unternehmen den wachsenden Bedrohungen für die Cybersicherheit der Wirtschaft den Kampf angesagt

The Case for Managed Security Monitoring (IBM Security Intelligence) Given all the challenges facing security professionals, as well as ever-present compliance mandates, security monitoring is a must. It certainly starts with log aggregation and security information and event management (SIEM), although many organizations are looking to leverage advanced security analytics, either built into their SIEM or using third-party technology, for better and faster detection

China's Quantum Satellite Might Be a Step Back for Communication Security (Caixin Online) Quantum communication makes it easier for hackers to prevent effective information sharing because they can destroy a message by simply eavesdropping on it

Access governance holds the security line (Help Net Security) We must continue to hold the line, and we are, in this war on information security. We must continue to find our stride and take steps forward in regard to technology advancement especially as related to identity and access governance solutions

Data Classification For the Masses (SANS Internet Storm Center) Data classification isn’t a brand new topic. For a long time, international organizations or military are doing "data classification". It can be defined as: "A set of processes and tools to help the organization to know what data are used, how they are protected and what access levels are implemented"

Design and Innovation

Using Cybernetics to Tell the Security Story (InfoRisk Today) CISO Sam Lodhi explains how new models can get board's attention

Research and Development

Netskope nabs another patent for CASB technology (TechTarget) Netskope recently obtained a second cloud security patent for its CASB platform, one that could prove extremely beneficial in an increasingly competitive cloud security market that puts a premium on intellectual property

Academia

Massachusetts Invests Millions in Cybersecurity (Infosecurity Magazine) Massachusetts has announced a $5 million grant for cybersecurity that will be used to bolster cyber-research and the computing technology used by the University of Massachusetts

Legislation, Policy, and Regulation

Turkey fury over Islamism claims in leaked German report (BBC) The Turkish government has reacted angrily to a leaked German government document that suggested Turkey has become a platform for Islamist groups

Cardin: Cybersecurity still top priority, needs more attention (FCW) The ranking member of the Senate Foreign Relations Committee said cybersecurity remains one of the top priorities for his state

DOD Unveils Bold Road Map to Modify IT and Cybersecurity Approaches (SIGNAL) New document lays out plans for department-wide operating system, use of CACs, data center consolidation and migration to cloud services

Army acquisition official: Cyber, EW pose enterprise challenges (C4ISRNET) The ability to work through cyber or electronic warfare attacks is dependent upon two factors: understanding systems and categorizing what’s most critical

Litigation, Investigation, and Law Enforcement

Twitter says it shuttered 235k accounts linked to terrorism in 6 months (Ars Technica) There is no "magic algorithm" for identifying extremist content, company says

Twitter Says It Suspended 360,000 Suspected Terrorist Accounts in a Year (Wired) Twitter is still actively combating terrorism on its platform, and it wants you to know so. Really and truly, the company says, it is making progress

Public Summary Report: Wireless Penetration Test of Centers for Medicare & Medicaid Services' Data Centers (Office of Inspector General US Department of Health and Human Services) We performed a wireless penetration test of select Centers for Medicare & Medicaid Services' Data Centers and facilities to determine whether CMS's security controls over its wireless networks were effective

OIG Report Finds Vulnerabilities in Medicaid Services Agency (Threatpost) Vulnerabilities exist in systems that belong to the Centers for Medicare & Medicaid Services, a federal agency that’s part of the United States’ Department of Health and Human Services. If exploited the bugs could result in the disclosure of personally identifiable information and the “disruption of critical operations,” a government watchdog warned this week

Hillary Clinton Told F.B.I. Colin Powell Advised Her to Use Private Email (New York Times) Pressed by the F.B.I. about her email practices at the State Department, Hillary Clinton told investigators that former Secretary of State Colin L. Powell had advised her to use a personal email account

Emails show Trump advisers waged covert influence campaign on behalf of Ukrainian leaders (Chicago Tribune) A firm run by Donald Trump's campaign chairman directly orchestrated a covert Washington lobbying operation on behalf of Ukraine's ruling political party, attempting to sway American public opinion in favor of the country's pro-Russian government, emails obtained by The Associated Press show. Paul Manafort and his deputy, Rick Gates, never disclosed their work as foreign agents as required under federal law.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

Upcoming Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.