skip navigation

More signal. Less noise.

Daily briefing.

Researchers at Silent Signal report a relatively easy upgrade of the Shadow Brokers' leaked Extrabacon exploit that renders it effective against newer versions of Cisco ASA. Others have found the exploits relatively easy to use—a honeypot set up by a researcher at New York University noticed the same sorts of probes Cisco honeypots have seen. US DNI Clapper says investigation continues, but that the Intelligence Community still lacks a good understanding of the incident. Bruce Schneier cites the incident as further evidence of poor US Government disclosure policy. (He also thinks it's "not Snowden stuff," but the work of an outsider.)

That outsider is widely believed, of course, to be the Russian intelligence services, and observers think the leaking reflects a "new normal" in which cyberattacks directly serve the goals of information operations. In recent cases those goals apparently center on discrediting the US political system as irredeemably corrupt. Analysts predict direct election hacking in November. Wikileaks' Assange promises to release, soon, more discreditable information about Democratic Presidential candidate Clinton.

Terrorist attacks have led German policymakers to rethink the national commitment to privacy. French policymakers are on board with this as well, both countries looking for laws that would enable security services to break encryption at need. In the UK, Members of Parliament take social media companies to task for enabling extremism.

A backdoor banking Trojan is found to receive its command-and-control via Twitter.

Ransomware hits an Indian pharmaceutical company, and Bkav warns of ransomware-bearing emails circulating in Vietnam.

Notes.

Today's issue includes events affecting Australia, Belgium, Brazil, Canada, Chad, Germany, Hungary, India, Japan, Netherlands, New Zealand, Nigeria, Russia, Singapore, Thailand, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we talk about building a security operations center with Dale Drew of our partners at Level 3. Our guest is Ralph Sita, CEO of Cybrary, who'll discuss his organization, the job market, and other matters. (If you enjoy the podcast, please consider giving it an iTunes review.)

7th Annual Billington CyberSecurity Summit (Washington, DC, USA, Invalid Date Invalid Date, Invalid Date) Cyber attacks continue to pose high-stake threats to national security. Top government, military and private sector cybersecurity leaders will explore the threats and solutions at the leading fall cybersecurity forum.

Cyber Attacks, Threats, and Vulnerabilities

Leaked ShadowBrokers Attack Upgraded to Target Current Versions of Cisco ASA (Threatpost) Exploits against enterprise-grade Cisco firewalls dumped by the ShadowBrokers have quickly—and apparently without a lot of strenuous effort—been upgraded to attack more current versions of ASA

Of Course Everyone’s Already Using the Leaked NSA Exploits (Wired) Last week, an anonymous group calling itself the Shadow Brokers leaked a bunch of National Security Agency hacking tools. Whoever they are, the Shadow Brokers say they still have more data to dump. But the preview has already unleashed some notable vulnerabilities, complete with tips for how to use them

US intelligence still sorting out purported NSA hack (AP via Fox News) The U.S. is still probing the extent of a recent cyber leak of what purports to be hacking tools used by the National Security Agency

Russian Cyberspies' Leaked Hacks Could Herald New Normal (Dark Reading) Time to set cyber espionage 'norms' before more volatile nation-states follow suit, experts say

New leaks prove it: the NSA is putting us all at risk to be hacked (Vox) The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others' computers. Those vulnerabilities aren't being reported, and aren't getting fixed, making your computers and networks unsafe

For journalists in Russia, fighting off hackers is part of the job (Christian Science Monitor Passcode) Reports that unknown hackers targeted the Moscow bureau of The New York Times is part of a worrying trend of alleged Kremlin spying against journalists in Russia

Assange promises to leak more on Clinton, Dems (Politico) WikiLeaks editor-in-chief Julian Assange on Wednesday night promised to leak “thousands” of document pages pertaining to Hillary Clinton, the Democratic National Committee and the presidential election

How the DNC hack is boosting anti-US sentiment in Russia (Christian Science Monitor Passcode) Russian state-supported media is using the Democratic National Committee leaked emails to portray the American presidential elections as a corrupt spectacle akin to 'House of Cards'

French Submarine Firm Claims Economic Warfare After Massive Data Leak (Dark Reading) The Australian publishes over 22,000 documents on six DCNS Scorpene subs that are being built in India

Boko Haram’s internal rift probably isn’t good news. Here’s why. (Washington Post) What’s the latest with the Islamic State’s West Africa Province (ISWAP), the terrorist group better known as Boko Haram? In early August, the Islamic State named Abu Musab al-Barnawi as the new “Wali” of the group, replacing Abubakar Shekau. Shekau then released a video highlighting masses of soldiers and lambasted Barnawi as unqualified to be a leader

Twitter-controlled Android backdoor delivers banking malware (Help Net Security) A backdoor Trojan named Twitoor is the first instance of Android malware that receives its commands from a Twitter account

New collision attacks against triple-DES, Blowfish break HTTPS sessions (CSO) Legacy ciphers such as triple-DES and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key

First case of 'digital kidnapping' in Punjab, cyber criminals seek ransom from pharma company (India Today) July 19 was just another regular day for employees of Shri Dhanvantari Herbals, an Amritsar-based company making Ayurvedic pharmaceutical products. They reached the office in morning, ready to resume their work. But when they switched on their computers, they were in for a shock. The computers were taken over by cyber criminals and all the employees were logged out, with their login details rendered null and void

Malware detected in emails: Bkav (VietNamNet Bridge) Viet Nam’s cybersecurity company Bkav has warned people about ransomware, a type of malicious software designed to block access to a computer system till a sum of money is paid

The New Scourge of Ransomware 4: CryptoLocker Study in Contradictions (Privacy PC) As part of their story on CryptoLocker analysis, John Bambenek and Lance James dwell on the methodology of tracking the ransomware via payments and DGA

Wildfire Ransomware Campaign Disrupted (Threatpost) The No More Ransom initiative released decryption keys for yet another strain of ransomware this week; now victims of the mostly Dutch-leaning ransomware called WildFire can get their files back without paying attackers

Half of NHS Trusts Hit by Ransomware (Infosecurity Magazine) Nearly half of all NHS Trusts suffered a ransomware attack during the past year, according to a Freedom of Information (FoI) request from NCC Group

The evolution of BEC scams and ransomware (Help Net Security) Trend Micro analyzed the trends in attacks and vulnerabilities seen throughout the first half of this year, and found a rise and impact of attacks, such as a 172 percent increase in ransomware and $3 billion in losses due to business email compromise (BEC) scams so far in 2016

Mail.ru, Funcom gaming forums hacked, user databases stolen (Help Net Security) Vulnerabilities in older versions of the popular vBulletin Internet forum software are being exploited left and right, and data of millions of forum users is being pilfered every day

Blizzard DDoS Blows World of Warcraft Dev Away (Infosecurity Magazine) World of Warcraft developer Blizzard appears to have been hit by multiple DDoS attacks over the past couple of days, affecting its gaming customers

GTAGaming Hack Blamed on Old vBulletin Software (Trheatpost) Outdated vBulletin forum software is being blamed for the breach of a Grand Theft Auto fan forum called GTAGaming. It marks the second time in two days a gaming forum has been targeted by hackers and that a SQL injection vulnerability is believed to have been exploited

Example of Targeted Attack Through a Proxy PAC File (SANS Internet Storm Center) Yesterday, I discovered a nice example of targeted attack against a Brazilian bank. It started with an email sample like this

German Man Behind IRC-Controlled WordPress Botnet (Softpedia) Botnet is still active because of complex legal procedures

Hacked Email - Why Cyber Criminals Want to Get Into Your Inbox (Heimdal) “I don’t care about getting hacked, there’s nothing valuable in my email”

The biggest threat facing connected autonomous vehicles is cybersecurity (TechCrunch) Connected, autonomous vehicles are around the corner. Many of the most innovative and deep-pocketed companies in the world are racing to bring them to market — and for good reason: the economic and social gains they will generate will be tremendous

Ghostbusters star Leslie Jones is targeted in racist cyber-attack on her website (CITI FM Online) Hackers have targeted Ghostbusters star Leslie Jones after intimate photos of the actress were posted online

Security Patches, Mitigations, and Software Updates

Cisco Begins Patching Equation Group ASA Zero Day (Threatpost) Cisco today began the process of patching a zero-day vulnerability in its Adaptive Security Appliance (ASA) software exposed in the ShadowBrokers data dump

Tor Update Fixes ReachableAddresses Problem (Threatpost) The Tor Project on Wednesday updated its software package to version 0.2.8.7 and fixed a number of issues, including a bug it calls “important” in the ReachableAddresses option

Samsung Galaxy S7, Galaxy S7 edge receiving August security patch in the US (Phone Arena) Samsung promised to provide some of its Galaxy Note and Galaxy S series smartphones with regular security updates. As Google releases these security updates at the beginning of each month, handset manufacturers take their time to customize and push them to their smartphones

Android 7 boasts new encryption features as the Crypto War soldiers on (Daily Dot) Not too long ago, the idea of smartphone encryption set off a global debate

United Airlines Sets Minimum Bar on Security (KrebsOnSecurity) United Airlines has rolled out a series of updates to its Web site that the company claims will help beef up the security of customer accounts. But at first glance, the core changes — moving from a 4-digit PINs to password and requiring customers to pick five different security questions and answers — may seem like a security playbook copied from Yahoo.com, circa 2009. Here’s a closer look at what’s changed in how United authenticates customers, and hopefully a bit of insight into what the nation’s fourth-largest airline is trying to accomplish with its new system

Cyber Trends

A Temperature-Check On The State Of Application Security (Dark Reading) AppSec is more dangerous than network security but receives less than half the funding, according to new Ponemon study

A deeper look at business impact of a cyberattack (CSO) Deloitte finds “hidden” costs can amount to 90 percent of the total business impact on an organization, and will most likely be experienced two years or more after the event

The paradox of encryption (Security Info Watch) In his recent paper, "The Moral Character of Cryptographic Work," cryptographer and UC Davis professor Dr. Phillip Rogaway wrote that, “Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.” Put simply, encryption is more than a matter for technologists and politicians – it is an emotionally charged topic, subject to the fluctuations of current events and as divisive as any other debate that is rooted in our moral foundations

Consumers ready to walk away from their favorite retailers if a breach occurs (Help Net Security) Consumers are wary of the increased frequency of cyber attacks against retailers, and many are ready to walk away from their favorite retailers if a breach occurs. In fact, in surveying 448 consumers, KPMG found that 19 percent said they would stop shopping at a retailer that had been a victim of a cybersecurity incident, even if the company took the necessary steps to remediate the issue

The network security skills shortage: Lack of trained professionals is a welcome mat for cybercriminals (Security Brief NZ) ​Is your organisation looking for skilled professionals to help you secure your network? Someone who understands the threat landscape, the various options for preventing intrusions and data loss, mitigating zero day threats and how to install, configure and monitor the various components in near -real time?

Hacking the Skills Shortage: A study of the international shortage in cybersecurity skills (Intel Security) The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations

The State of Bug Bounty (Bugcrowd) Bug Bounty: A cooperative relationship between security researchers and organizations that allow the researchers to receive rewards for identifying application vulnerabilities without the risk of prosecution, thereby aiding companies to identify and resolve security problems that would otherwise go undetected

Marketplace

IDVector Emerges from Stealth with Privacy Focused Secure Public Internet Access Offering (BusinessWire) Former cybersecurity defense contractors launch on-the-go safe and secure access to the Internet

Verizon Has A Message For BlackBerry (Seeking Alpha) BlackBerry is preparing to enter the fleet management space while Verizon has already bought the market leader Fleetmatics. Verizon-Fleetmatics synergy could be too hard for BlackBerry to handle. Is BlackBerry paying attention to Verizon's message?

Recent Buy: Cisco Systems (Seeking Alpha) Earlier this month, I opted to sell $31 puts on CSCO instead of paying an asking price of over $31 per share. Last Friday, expiration day, CSCO closed below $31 and I got put the shares. Taking into account the option premium I received, my cost basis is lower than Friday's closing price and nearly 10% discounted to my fair value estimate. This article includes a stock analysis and I discuss my reasons for adding CSCO to my dividend growth portfolio

CrowdStrike, other cybersecurity firms integrating industry cooperative (Reuters) Some information security companies that were shut out of the leading system for sharing data on malicious software are revealing more about how their own systems work in hopes of rejoining the cooperative effort, a shift that should improve protections for customers throughout the industry

Ondrej Krehel (LIFARS): Tackling Cybersecurity Issues Needs Deeper Collaboration (Slovak Startup) With many years of experience and his deep knowledge of the field, Ondrej Krehel is one of the top experts on cybersecurity and the founder and CEO of LIFARS. LIFARS is a digital forensics and cybersecurity intelligence company based in New York with an office in Bratislava as well

ManpowerGroup buys Ciber Norway (Recruiter) Recruitment giant ManpowerGroup has reached to acquire global IT consulting services and outsourcing company Ciber’s business in Norway

Level 3 Named 2016 Cyber Security Awareness Month Champion (PRNewswire) DHS and NCSA recognize commitment to online awareness and safety

Armorway Is Now 'Avata Intelligence' (PRNewswire) AI innovator refocuses on artificial intelligence beyond security domain

Lear Appoints Dr. André Weimerskirch, a Renowned Industry Expert, to Lead Cyber Security for E-Systems (Yahoo! Finance) Lear Corporation [NYSE: LEA], a leading global supplier of automotive seating and electrical systems, today announced that Dr. André Weimerskirch has been appointed Vice President, Cyber Security for E-Systems, effective immediately

Products, Services, and Solutions

Partnership aims for end-to-end security for Surface devices (GCN) Booz Allen Hamilton will be working with Microsoft to develop security software for the computer giant’s portable Surface products for government users

Wombat Security Technologies and GTRI Join Forces to Combat Insider Threats Through Continuous and Reinforced Employee Education (BusinessWire) Companies collaborate on User Proficiency and Behavior Threat Protection solution

Real-Time Speech Analytics from Verint Optimizes Customer Engagement with Actionable Intelligence (BusinessWire) Advanced analytics solution helps customer engagement centers guide interactions toward positive outcomes, while supporting regulatory compliance and other key organizational initiatives

SecureAuth Unveils Cloud-based Identity Service Using Adaptive Access Control (MarketWired) SecureAuth Cloud Access addresses enterprise needs for security and adaptability unmet by other identity-as-a-service offerings

MobileIron locks down mobile app to cloud security with new offering (Channel Life) MobileIron has debuted its newest security offering, MobileIron Access, locally, with the vendor saying the offering provides ‘the first unified solution for mobile and cloud security’

Dstillery and White Ops Turn Up the Heat on Mobile Ad Fraud (MarketWired) Expanded partnership combines market leading audience engagement platform with industry's first SIVT accredited anti-fraud solution

98 things Facebook knows about you (Naked Security) The Washington Post recently published a list of 98 specific user details that it says Facebook keeps tabs on

98 personal data points that Facebook uses to target ads to you (Washington Post) Say you’re scrolling through your Facebook Newsfeed and you encounter an ad so eerily well-suited, it seems someone has possibly read your brain

Technologies, Techniques, and Standards

How Intel and Others Are Fighting the Ransomware Epidemic (Fortune) Firms release decryption tools to battle Wildfire

When Securing Your Applications, Seeing Is Believing (Dark Reading) While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach

7 Database Security Best Practices (eSecurity Planet) Database security has never been more important, given the high value hackers place on data. These database security best practices will help protect your data

Stay on Track During IR (SANS Internet Storm Center) When responding to incidents, it’s easy to go down a rabbit hole that likely won’t produce results to the questions we are always after: How did the attacker get in? What information is contained on the system? And What information was accessed?

Three Top Ways Marketers Can Fight Phishing Attacks (Martech Advisor) Marketers depend on data to track their contributed ROI to the business. And key performance metrics (KPIs) from the email channel are a big indicator of success

Army explores using cyber teams to aid maneuver commanders (US Army) A pilot program known as Cyber Support to Corps and Below, or CSCB, is now providing some maneuver commanders with an improved situational awareness of the information environment and tools to shape that environment

Security Leadership & The Art Of Decision Making (Dark Reading) What a classically-trained guitarist with a Master's Degree in counseling brings to the table as head of cybersecurity and privacy at one of the world's major healthcare organizations

The Teenager’s Definitive Guide to Social Media Don’ts (Wired) You're only as relevant as you are clued in. Don’t be a social pariah—avoid the hellscape of awkward behavior and secondhand embarrassment by never, ever breaking these ironclad rules

Research and Development

Experts challenge Skyhigh's patent for cloud-based encryption gateway (CSO) Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology is neither new nor unique

Legislation, Policy, and Regulation

Facebook, Google, Twitter lax on terrorists’ misuse of their sites, say UK MPs (CSO) UK lawmakers said the companies could for one have more staff to weed out extremist content

Silicon Valley Giants Hit Back at MPs in Extremism Row (Infosecurity Magazine) The technology industry has hit back at claims made by an influential parliamentary committee that it's failing to combat extremism propagated via online services

As terror hits closer to home, Germany reconsiders privacy (Christian Science Monitor Passcode) Following European terror attacks, German officials have suggested legislation that would force tech companies to decrypt private messages and other measures to increase digital surveillance

France, Germany Want Encrypted App Makers To Help Stop IS (TopTechNews) France and Germany pushed Tuesday for Europe-wide rules requiring the makers of encrypted messaging apps such as Telegram to help governments monitor communications among suspected extremists

Telegram's encryption stymies French police but pleases their bosses (CSO) Senior French legislators and lawmakers are attracted to Telegram for exactly the same reason as terrorists - or anyone else

Taking stock of the new French-German encryption proposal (Politico) Here we go again — France’s and Germany’s interior ministers teamed up on Tuesday to propose an EU law requiring tech companies to decrypt data for investigators. The proposal, which the European Commission will consider at a meeting next month, reflects deepening frustration with fragmented European counterterrorism operations and the investigative challenges posed by widespread encryption

NATO to spend €70 million on 'cyber-refresh' (SC Magazine) More than a thousand industry representatives and NATO officials are expected to attend the NATO Information Assurance and Cyber Defence Symposium (NIAS) in Mons, Belgium, on 7, 8 September 2016, to learn about the Alliance's future cyber-requirements. After hearing about NATO's vision for its future cyber-defences, invitations for bids are expected to be released in 2017, and the first round of investments completed in 2018

Japanese government plans cyber attack institute (The Stack) The government of Japan will create an institute to train employees to counter cyber attacks. The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure

Confronting Cybersecurity Challenges Through US-Singapore Partnership – Analysis (Eurasia Review) Cyber cooperation remains a prominent area of mutual interest between Singapore and Washington. Singapore’s Cyber Security Agency (CSA) and the US Department of Homeland Security (DHS) recently established a formal cybersecurity partnership. This agreement will improve bilateral cybersecurity and potentially create mechanisms for ASEAN nations to better address cybersecurity challenges

This Election Could Be Hacked, And We Need To Plan For It (Forbes) With the Democratic National Committee cyberattack far more widespread than originally thought, fears of foreign power using cyber-espionage to influence this November’s election are growing, and real. It’s also prompted concern that hackers may shift focus to an even more vulnerable target: your vote

What Teddy Roosevelt can teach us about cybersecurity (Christian Science Monitor Passcode) Why wait years to grow new cybersecurity talent when you can take advantage of the talented federal workforce today?

“Highly invasive” plan to collect traveler social media details criticized by group (Naked Security) On 2 December, the day of the shootings in San Bernardino, a post went up on a Facebook page associated with Tashfeen Malik, one of the shooters

Litigation, Investigation, and Law Enforcement

Ashley Madison Failed on Authentication and Data Security (Infosecurity Magazine) Ashley Madison failed to deliver security measures on user details and featured a phoney security certification on its homepage

Shock horror! Ashley Madison security was woeful, finds investigation (Naked Security) Ashley “100% discreet” Madison’s security, before its breach, was as flimsy as tissue paper, according to a new report

Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner and Acting Australian Information Commissioner (Office of the Australian Information Commissioner) Avid Life Media Inc. (ALM)[1] is a company that operates a number of adult dating websites. The largest website operated by ALM is Ashley Madison, which is targeted at people seeking a discreet affair. ALM is headquartered in Canada, but its websites have a global reach, with users in over 50 countries, including Australia

Five things to know about the Clinton Foundation and its donors (The Hill) The private foundation run by the Clinton family has become the latest firestorm in the 2016 presidential race

ATM Malware: Hackers Steal 12.29 million Baht ($350,000) from Thai Banks (HackRead) Hackers who stole $350,000 from Bangkok’s Government Savings Bank ATMs have fled the country

Using PGP Phones Doesn’t Make You a Criminal, Ontario Judge Says (Motherboard) Messaging your gun-toting, drug-trafficking friends by way of encrypted message isn’t proof that you’re a gun-toting drug-trafficker, an Ontario court has ruled

Virgin Trains faces data protection inquiry over Corbyn CCTV footage (Guardian) Information Commissioner’s Office looks into claims train operator broke data protection rules by releasing images of Labour leader

Biden Vows Support For Turkey, Demurs On Cleric's Extradition (Radio Free Europe | Radio Liberty) .S. Vice President Joe Biden has said Washington had "unwavering support" for democracy in Turkey following last month's failed coup, but demurred on Ankara's demands to extradite the self-exiled cleric Turkey says was behind it

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.