skip navigation

More signal. Less noise.

Daily briefing.

The security community continues to follow the Shadow Brokers incident with close attention. Speculation continues to point to Russian intelligence services as the fons et origo of the compromise, which is now generally regarded as genuine. No further leaks have appeared; no one has ponied up the half billion dollars the Shadow Brokers are asking for. There has been some bidding on the unreleased files, but nothing approaching the asking price. ZDNet reports seeing Bitcoin wallets seized from Silk Road in the bidding, which leads some to speculate that the US Government is in on the action.

The compromise prompts discussion of hybrid warfare, cyber deterrence, and retaliation.

The Shadow Brokers incident also continues to stoke concerns about election hacking. Statements from US election officials (state and local, since that's the level at which elections are managed) seek to reassure but seem largely to have failed to assuage fears of compromised voting.

ISIS is attempting to organize online hacking tutorials. Since such tutorials are likely to concentrate on known vulnerabilities and commodity exploits, enterprises are advised to shore up basic digital hygiene.

Some users are calling for a "general strike" against Tor to protest the service's investigation and ouster of a high profile Tor activist.

IOActive identifies multiple vulnerabilities in BHU routers.

Industry analysts see a coming rapid expansion in the deception technology market.

The next round of Wassenaar cyber arms control talks is scheduled for September. It's expected to narrow the scope of "intrusion software" controls industry found objectionable.

Notes.

Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Czech Republic, Georgia, Hungary, Russia, Taiwan, Ukraine, United Kingdom, United States.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today John Leiseboer from our partners at Quintessence will discuss cryptographic and key management standards. Our guest, Michael Marriott from Digital Shadows, will describe the deer.io online malware market. (And if you enjoy the podcast, by all means consider giving it an iTunes review.)

7th Annual Billington CyberSecurity Summit (Washington, DC, USA, Invalid Date Invalid Date, Invalid Date) Cyber attacks continue to pose high-stake threats to national security. Top government, military and private sector cybersecurity leaders will explore the threats and solutions at the leading fall cybersecurity forum.

Cyber Attacks, Threats, and Vulnerabilities

Snowden Docs Support Claim NSA Cyberweapons Stolen, Report Says (ABC News) Documents stolen from the National Security Agency by former contractor Edward Snowden support the claim that the cyberweapons apparently pilfered from the espionage agency and put up for auction online this week are the real deal, according to a report in The Intercept

Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet, and Snowden Docs Confirm (Hacker News) Last week, a group calling itself "The Shadow Brokers" published what it said was a set of NSA "cyber weapons," including some working exploits for the Internet's most crucial network infrastructure, apparently stolen from the agency's Equation Group in 2013.

How the NSA snooped on encrypted Internet traffic for a decade (Ars Technica) Exploit against Cisco's PIX line of firewalls remotely extracted crypto keys

Seized Silk Road wallet payments in Shadow Brokers exploit auction come under scrutiny (ZDNet) UPDATED: Is the US government at play, or are these payments no more than spam?

Hackers say leaked NSA tools came from contractor at RedSeal (CSO) A note published Friday says the group wanted to disclose at DEF CON

Kaspersky’s Analysis of Equation Group’s RC6 is Wrong (Stephen Checkoway) Kaspersky Lab recently published a blog post Rare implementation of RC5/RC6 in ‘ShadowBrokers’ dump connects them to Equation malware in which they analyze the RC6 block cipher implementation used in the recent ShadowBrokers release and compare it to the earlier Equation Group malware they found. They conclude that since all of the implementations they examined contain an RC6 constant in its negated form, it must be from the same authors since that’s so unusual. Their analysis is wrong

Responding to the Shadow Broker Vulnerabilities (RedSeal) The latest revelations about firewall vulnerabilities stolen and leaked by the Shadow Brokers are very scary, but not all that new. We learn about the release of a major infrastructure vulnerability about once every six months or so. Organizations that have learned to focus on resilience — knowing their network and how to operate through a threat — are in the best position to respond

Suspected leak shines spotlight on the NSA's conflicting missions (Baltimore Sun) A top National Security Agency official revealed this month that the agency's staff had rushed to the scene of virtually every major hack of a government computer network in the past two years

NSA-linked hackers hoard malware secrets. What could possibly go wrong? (Los Angeles Times) Emerging out of the blue, a cryptic online group that calls itself the Shadow Brokers claims that it has purloined a cache of cyber burglary tools from a little known but highly skilled hacking operation dubbed the Equation Group. The Shadow Brokers made some of the tools available for free, but announced that it would auction off the rest — with a goal of more than half a billion dollars

Cisco ASA SNMP Remote Code Execution Vulnerability (SANS Internet Storm Center) Looking back through all the vulnerabilities announced this week, one caught my eye. CVE-2016-6366 is a vulnerability in the Cisco ASA products which could allow a remote attacker to remotely execute code. This vulnerability is part of the Equation Group disclosures and was not previously known by Cisco. The vulnerability is in the SNMP code on the ASA and would allow an attacker with knowledge of the SNMP community string to send crafted IPv4 SNMP traffic which could be used to reload the system or possibly exploit the system to gain control

NSA leak rattles cybersecurity industry (Christian Science Monitor Passcode) The National Security Agency stockpiled sophisticated tools designed to penetrate commonly used security software. Now that hackers have revealed some of those techniques, companies are left scrambling to secure their systems

A Cyber-Attack on a U.S. Election is Inevitable (Huffington Post) Since Direct Recording Electronic voting machines first came into vogue in the U.S. in 2002, a team of cyber-academics (known as the Princeton Group) has been busy demonstrating how easy it is to hack these machines, to remind American citizens just how cyber-vulnerable the voting process is

Elections official: Voting system is secure from cyber attack (Jacksonville.com) Clay County as well as the rest of Florida’s voting system is secure from cyber attacks, says Chris Chambless, president of the Florida State Association of Supervisors of Elections and Clay County supervisor of elections

Why Cybersecurity is a Management Problem for Campaigns (Campaigns and Elections) Republicans have made hay out of the Democrats’ recent hacking woes, but the GOP isn’t immune from cybersecurity breaches. Just this past weekend there were reports of Russian hackers dumping emails from Republican campaigns and operatives

Project Sauron has Been Spying on Governments for 5 Years (Infosecurity Magazine) Project Sauron, the sophisticated information exfiltration malware, has been spying on government computers and computers at major organizations for over five years

Isis members share 'how to hack' tutorials encouraging supporters to target western intelligence (International Business Times) The online course is aimed at creating an army of cyber-soldiers to add to the numbers of Isis-affiliated hacker groups

How ISIS noobs are trying to become hackers (Daily Dot) An online course on Kali Linux is being promoted by the main ISIS forum, but there is no reason for immediate concern

Darknet: Where Your Stolen Identity Goes to Live (Dark Reading) Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves

Bitcoin.org Suspects State Sponsored Attacks on Bitcoin Core Release (News BTC) Bitcoin.org has posted a notice on the website warning the Bitcoin community about a potential attack by state-sponsored hackers targeting Bitcoin Core release

A 'Tor General Strike' Wants to Shut Down the Tor Network for a Day (Motherboard) Last month, the Tor Project announced that an internal investigation had confirmed allegations of sexual misconduct against high profile activist Jacob Appelbaum. Now, a few members of the community are calling for a “Tor general strike,” in part to protest how that investigation was handled

Taiwan’s defence university computers hacked (The Star) The National Defence University (NDU) in Taiwan confirmed that its computer system had been hacked in July but said that no classified information had been stolen

Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers (Threatpost) Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS commands with root privileges via a hardcoded root password

Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?) (Wired) Facial recognition makes sense as a method for your computer to recognize you

New Brazilian Banking Trojan Uses Windows PowerShell Utility (Threatpost) Microsoft’s PowerShell utility is being used as part of a new banking Trojan targeting Brazilians. Researchers made the discovery earlier this week and say the high quality of the Trojan is indicative of Brazilian malware that is growing more sophisticated

New Trojan Turns Linux Devices into Botnet (HackRead) New Linux Trojan turns infected Linux devices and websites into P2P botnets and threatens users with DDoS and ransom

Symantec Paws at ZeroAccess Botnet (Technology) Symantec has removed more than 500,000 infected PCs from the botnet created by the ZeroAccess Trojan

7 Cases When Victims Paid Ransom to stop cyber attacks (HackRead) These cases include ransomware infection and DDoS attacks

Why The Windows Secure Boot Hack Is a Good Thing (Bitcoinist) If you even casually follow security news, you’re aware that the key governing Microsoft Secure Boot has been found, exploited, and Secure Boot as a “feature” has been rendered meaningless. I’m here to tell you that this is a good thing

The ABC of Cybersecurity: R is for Rootkit (Hot for Security) Rootkits are some of the most sophisticated breeds of malware that currently exist on the market. For years, security solutions have struggled with detection and removal, mostly because rootkits compromise the operating system at such a low level, that they can hide their presence from both anti-malware solutions and the operating system itself

Colleges and universities see an uptick in denial-of-service attacks (EdScoop) The good news: Higher education is not high on the list of targets by criminal actors

Twitter account of WikiPedia Founder Jimmy Wales Hacked by OurMine (HackRead) OurMine hackers have found their new target and this time it’s Wikipedia co-founder Jimmy Wales

Eddie Bauer Reports Intrusion Into Point Of Sale Network (Dark Reading) Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised

Man hacks Android app to get free beer (Naked Security) Here’s a great one for a Friday afternoon: FREE BEER!

Five Cybersecurity Dangers To Worry About This Week (Forbes) Cyberattacks have become so common that they tend to fade from view. But for head-in-the-sand executives who believe they have better ways of spending their time and money, here’s a wake-up call

Cyber Trends

Attackers don't need vulnerabilities when the basics work just as well (CSO) Weak passwords and network access controls do more harm than malware

The Blurring Line Between Cyber and Physical Threats (Cipher Brief) Every day, the line between cyber-threats and physical threats grows thinner – blurring the crucial distinction between attacks on networks and attacks on materials objects

A closer look at IT risk management and measurement (Help Net Security) IT risk managementIn this podcast recorded at Black Hat USA 2016, Casey Corcoran, Partner, FourV Systems, talks about the most significant trends cyber security and risk management

Cybersecurity Is Broken And The Hacks Are Going To Just Keep Coming (BuzzFeed) “No one in the industry is incentivized to actually fix it”

Verizon 2016 DBIR: Known Attack Methods Remain Security’s Achilles' Heel (CIO) Companies must begin addressing security proactively, not as an afterthought

Traditional Security No Longer Adequate to Protect Industrial Environments from Cyber Threats (ARC) At the recently concluded ARC India Forum, Industry in Transition: Navigating the New Age of Innovation in Bangalore, silver sponsor, Kaspersky Lab explained about cyberattacks and threats, and challenges in industrial control system (ICS) environments

Opinion: Cracking the cybersecurity gender code (Christian Science Monitor Passcode) Attracting more women into the male-dominated cybersecurity field means ditching the bro pipeline of computer science, military, and intelligence recruits and drawing from disciplines such as law and public policy

Marketplace

The deception technology market is exploding (Help Net Security) The global deception technology market is expected to generate a revenue of USD 1.33 billion by 2020, according to Technavio

Cyber Security Market to Grow at CAGR 8.3% Till 2021 Says TechSci Research Report (PRNewswire) Increasing cyber-attacks on the critical infrastructure has rendered worldwide security at risk. The prime motive behind these attacks is to gain access to financial information and retrieve sensitive information related to an organizations' operational strategies, government defense moves, etc

5 Channel Ops: Cisco Layoffs Overstated, Verizon Launches One Talk, Imperva Revamps Partner Program (Channel Partners) Reports of Cisco laying off 14,000 employees greatly overstated the impact of the company’s decision to invest more in – according to CEO Chuck Robbins – security, IoT, collaboration, next-generation data center and cloud. On Cisco’s Q4 analyst call this week, EVP and CFO Kelly Kramer said that the restructuring action “will impact up to 5,500 employees, representing approximately 7 percent of our global workforce"

Cisco System’s Security Segment: Its Performance in Fiscal 4Q16 (Market Realist) In fiscal 4Q16, Cisco (CSCO) continued to maintain significant YoY (year-over-year) growth of 16% in its network security business segment. Deferred revenue rose 29% YoY driven by Cisco’s ongoing shift from hardware to more software and subscription services. Revenues rose from $466 million in fiscal 4Q15 to $540 million in fiscal 4Q16

Cisco Systems Earnings Show a Company in Transition (Madison.com) Cisco Systems (NASDAQ: CSCO) is best-known for providing the IT hardware (switches and routers) that drive the internet, but investors may need to rethink that view in the future. The company's fourth-quarter results, which were reported Aug. 17, reveal a company generating growth from its non-core product offerings while continuing its transition toward more software and subscription revenue. Let's take a look at trends investors should watch

CyberArk Software Ltd. Delivers 39% Revenue Growth (Motley Fool) The company continues to enjoy strong demand for its "privileged account" security solutions, which help to protect against the most advanced cyberthreats -- those that use insider privileges to penetrate network perimeters and attack the most vital aspects of an enterprise's IT infrastructure

How Risky is FireEye Inc Stock? (Motley Fool) Breaking down the two biggest concerns for investors right now

Symantec (SYMC) Stock Advancing, Upgraded at Citi (The Street) Symantec's (SYMC) stock rating was boosted to 'buy' from 'neutral' at Citi on Friday

Chinese approval clears the way for Dell's huge EMC buy (PCWorld) Regulators in China reportedly have approved the estimated $67 billion acquisition

Dell Exec: SonicWall Will Be 'All About The Channel' After Sale To Private Equity (CRN) Dell SonicWall's sale to private equity will allow the network security division to be more channel-friendly than ever before, said a company executive Sunday to solution providers attending 2016 XChange University IT Security

Virtru Closes $29 Million Series A Round Led by Bessemer Venture Partners (MarketWired) Business privacy leader to launch new product lines, scale operations worldwide, and extend its data security platform

Gold Coast Commonwealth Games could swap sponsorship for cyber protection (IT News) Security supplier sought for high-profile event

Products, Services, and Solutions

Huawei Guarantees Two Years Of Software And Security Updates For Honor Smartphones (Hot Hardware) If you have been eyeing the recently-introduced Honor 8 smartphone, you are in luck. Huawei is now guaranteeing two years of software and security updates for Honor devices. Huawei is the third largest telecommunications manufacturer in the world

Technologies, Techniques, and Standards

Dell: Machine learning security hard to explain, harder to beat (Tech Target) Dell's Brett Hansen explains why machine learning security is better than signature-based detection and how it can stop emerging threats

The Right Way to Present a Business Case for Cybersecurity (Healthcare Informatics) There’s an ever-increasing number of threats to healthcare information. Healthcare information is more valuable and visible than ever; and, at the same time, more vulnerable than ever. You feel responsible and, as the CISO, you are responsible for its security

Internet Voting Leaves Out a Cornerstone of Democracy: The Secret Ballot (Technology Review) Maintaining the secrecy of ballots returned via the Internet is “technologically impossible,” according to a new report

Bitcoin Exchanges Should Consider Integrating Microsoft Authenticator (News BTC) Keeping in mind how this solution is available on iOS as well, it would make sense for Bitcoin exchanges to integrate it

Why smart companies don’t sweat the SSL stuff in DDoS defense (Networks Asia) The average company suffers 15 DDoS attacks per year, with average attacks causing 17 hours of effective downtime, including slowdowns, denied customer access or crashes, according to a recent IDG Connect report based on a survey commissioned by A10 Networks

Passwords, biometrics and multi-factor verification: What businesses need to know (Help Net Security) Verifying identity is a double headache for small businesses

Your Security Team is Outgunned: Where's the Help? (Government Technology) Most experts believe the good guys continue to fall further behind in our global hacker wars. So how did we get to this point in cyberspace? Most important, where can you go for help in this new Wild West online?

Improving Cybersecurity Through Human Systems Integration (Small Wars Journal) Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges we face as a nation. --2010 National Security Strategy

Design and Innovation

Why people ignore security alerts up to 87% of the time (Naked Security) Developers, your security warnings are messing with people’s brains, and not in a good way

Research and Development

WiFi Signals Can ID Individuals by Body Shape (Motherboard) With the Internet of Things slated to have tens of billions of connected devices by 2020, one of the most crucial design considerations for internet-connected products is figuring out how to seamlessly integrate these devices into everyday life

Open sourced: Cyber reasoning system that won third place in DARPA’s Cyber Grand Challenge (Help Net Security) Earlier this month, the DARPA-backed Cyber Grand Challenge (CGC) has shown that a future in which computer systems will (wholly or partially) replace bug hunters and patchers looms near

Academia

Wanted: Students to enter cybersecurity field (UPI) The number of universities offering cybersecurity education has soared to more than 200 with support from both the federal government and private industry. But getting students interested in the field and retaining faculty tempted by higher-paying jobs stand in the way of filling the country's cybersecurity talent shortage

For Security Pros, Time to Head Back to School (CIO Insight) Continuing education is a requirement in many fields, but programs to sharpen IT security skills are severely lacking within the cyber-security field

Legislation, Policy, and Regulation

Russia Is Winning the War Before the War (Real Clear Defense) Most Americans don’t know we’re at war; we are, and Russia is winning. Americans think war starts with a formal declaration of war, though this hasn’t happened since December 1941

Tit-for-Tat: Cyber Retaliation (Infosecurity Magazine) Many will be well-versed with the biblical adage: an eye for an eye, a tooth for a tooth

Upcoming Wassenaar meeting (Inside Defense) As a September technical meeting of Wassenaar export control group countries draws closer, sources believe members of the arms control organization will coalesce around language narrowing the scope of a specific technology control stemming from the 2013 definition of "intrusion software" that has drawn the ire of the U.S. cybersecurity industry, Inside U.S. Trade reports

A Cyber Agency for Cyber Terror (Institute for Defence Studies and Analyses) Cyber espionage in India is not a new concept but has been in existence for the last decade. It may be carried out by an insider or an outsider by exploiting the vulnerabilities in the cyber security of an organisation

Police chiefs: we need the right to decrypt your stuff (Naked Security) The maple leaf. Hockey. Tim Horton’s donuts. Forced decryption?

White House cyber response plan raises further questions (Federal News Radio) The Obama administration wants federal agencies to have an organized response plan in place before a major cyber attack hits, but cyber officials wonder how soon that strategy will take effect

U.S. Can't Afford to 'Wait for a Cyber Catastrophe,’ Says U.S. Representative (GovTech) Rep. David McKinley will take messages from a West Virginia forum to Washington, D.C., in hopes of creating funding to support cybersecurity

After Shadow Brokers, should the NSA still be hoarding vulnerabilities? (Verge) Companies had to scramble to patch bugs from the latest leak

Why The NSA's Vulnerability Equities Process Is A Joke (And Why It's Unlikely To Ever Get Better) (TechDirt) Two contributors to Lawfare -- offensive security expert Dave Aitel and former GCHQ information security expert Matt Tait -- take on the government's Vulnerability Equities Process (VEP), which is back in the news thanks to a group of hackers absconding with some NSA zero-days

Everything You Know About the Vulnerability Equities Process Is Wrong (Lawfare) The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities

NSA seeks to reassure on merging cyber defense, offense (FedScoop) Officials at the huge spy agency say, despite concerns, a coming reorganization will not impact their work to defend U.S. computer networks from hackers and cyberspies

Litigation, Investigation, and Law Enforcement

Belgium Called In The NSA To Help Catch Paris Attacker (BuzzFeed) A breakthrough in the four-month-long manhunt for key suspect in the Paris attacks only came when Belgian officials asked the NSA for assistance

The Jihadi Joker, Anjem Choudary, Was a Terror Mastermind (Daily Beast) For 20 years, long before ISIS, he abetted terror plots in the U.K. and around the world. Now that he’s in jail, will he continue his work there?

Kid who DDoSed Aussie bank, cyber crime unit walks free (HackRead) An Australia teen who was behind a series of powerful DDoS attacks on banking, government, and school servers will not face any charges whatsoever

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

Upcoming Events

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

Cyber Jobs Fair (San Antonio, Texas, USA, August 23, 2016) Held in conjunction with the Second Annual CyberTexas Conference, the Cyber Jobs Fair is open to anyone with cyber security education or experience. A security clearance is not required. Booz Allen Hamilton,...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.