skip navigation

More signal. Less noise.

Daily briefing.

Citizen Lab and security company Lookout disclose iOS persistent spyware they found on a UAE dissident's iPhone. The tool, "Pegasus," is an intercept product of NSO Group; it was apparently deployed by UAE authorities. The researchers were given the affected phone after its owner saw a suspicious text message on August 10. They located the exploits (which they've called "Trident") and disclosed them to Apple. Apple's patch, now generally available, was ready in ten days. The Citizen Lab and Lookout reports are linked below; see also commentary from Errata Security for brief, interesting perspective.

Cisco, Huawei, and Juniper Networks are said to be downplaying the impact of the Shadow Brokers' leaked exploits. The US Intelligence Community continues to investigate the incident.

Zscaler's ThreatLabZ reports finding a cybersquatting campaign that's delivering the AgentTesla keylogger.

The Ramnit banking Trojan is out and about, again, now afflicting six major British banks. Proofpoint tracks another banking Trojan, Dreambot (an Ursnif or Gozi ISFB variant) that's spreading via Tor.

Russia feels it's more sinned against than sinning in cyberspace, and points an accusatory finger Beijing-ward. Cybercrime rises in India as a function of device use. A FireEye study suggests many cyber incidents in the Asia-Pacific region are kept very quiet.

In the US, NIST issues a draft publication on de-identifying personal data in government systems.

The Canadian Security Establishment (CSE) has dramatically increased electronic monitoring; no one's quite sure why.

Clinton email sensitive content (more coming, by court order) prompts calls for a special prosecutor.

Notes.

Today's issue includes events affecting Australia, Canada, China, France, India, Mexico, NATO, Poland, Russia, Syria, Tunisia, Ukraine, United Arab Emirates, United Kingdom, United States, and Vietnam.

A note to our readers, especially those of you interested in art and design--"STEM to STEAM," as they call it: the CyberWire is partnering with Maryland Art Place to sponsor a competition for an original work of art on the theme "creating connections." You can read about the competition in NY Arts Magazine. A full prospectus may be found here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Joe Carrigan from our partners at the Johns Hopkins University will tell us about photo backups. And as students prepare to start the academic year, AT&T's Bindu Sundaresan will make our flesh creep with back-to-school cyber security concerns. (Just kidding about the flesh-creeping thing, but he will share some knowledge worth having, fellow kids.) If you enjoy the podcast, please consider giving it an iTunes review.

7th Annual Billington CyberSecurity Summit (Washington, DC, USA, Invalid Date Invalid Date, Invalid Date) Cyber attacks continue to pose high-stake threats to national security. Top government, military and private sector cybersecurity leaders will explore the threats and solutions at the leading fall cybersecurity forum.

Cyber Attacks, Threats, and Vulnerabilities

Apple iOS up to 9.3.4 Kernel Trident Information Disclosure (Vulbd) A vulnerability was found in Apple iOS up to 9.3.4. It has been rated as problematic. Affected by this issue is an unknown function of the component Kernel. The manipulation with an unknown input leads to a information disclosure vulnerability (trident). Impacted is confidentiality

Apple Software Vulnerability Is Linked to Intrusions (New York Times) One of the world’s most evasive digital arms dealers is believed to have been taking advantage of three security vulnerabilities in popular Apple products in its efforts to spy on dissidents and journalists

Government Hackers Caught Using Unprecedented iPhone Spy Tool (Motherboard) On the morning of August 10, Ahmed Mansoor, a 46-year-old human rights activist from the United Arab Emirates, received a strange text message from a number he did not recognize on his iPhone

A Hacking Group Is Selling iPhone Spyware to Governments (Wired) These days it seems like every government has a far-reaching and well-developed digital surveillance operation, complete with defense, international espionage, and offensive components. Smaller nations even join spy alliances to pool resources. But there are still many nation-states that for various reasons prefer not to handle their cyber intelligence development in-house. So they do what we all do when we need software: They buy it from a vendor

The UAE Spends Big on Israeli Spyware to Listen In on a Dissident (Foreign Policy) In attacking the iPhone of human rights defender Ahmed Mansour, the Emirati government reportedly bought a rare, zero-day, Israeli exploit of Apple’s iOS

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender (Citizen Lab) This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware

Sophisticated, persistent mobile attack against high-value targets on iOS (Lookout) Persistent, enterprise-class spyware is an underestimated problem on mobile devices. However, targeted attack scenarios against high-value mobile users are a real threat

Mobile Cyber Espionage is Real! (Skycure Blog) Targeted, persistent spyware called Pegasus

How to know if you’ve been impacted by Pegasus (Lookout) The guidance below will help you determine if you are impacted by the Pegasus threat. Pegasus is a sophisticated attack that uses three vulnerabilities in the iOS software, collectively known as Trident, that, when exploited, enables attackers to install spyware on your device

Apple zero-days mark a new era of mobile hacking (TechMedia Magazine) Apple’s head of security engineering and architecture, Ivan Krstic, told a rapt audience at the Black Hat security conference earlier this month that his notoriously secretive company was ready to open up its vulnerability reporting process to researchers

Notes on the Apple/NSO Trident 0days (Errata Security) I thought I'd write up some comments on today's news of the NSO malware using 0days to infect human rights activist phones. For full reference, you want to read the Citizen's Lab report and the Lookout report

The National Security Agency has no idea how a rogue hacking group leaked its exploits (International Business Times) A group called The Shadow Brokers leaked NSA exploit kits online on 13 August

Cisco, Huawei and Juniper play down NSA attack reports (Capacity Media) Cisco, Huawei and Juniper have played down reports that the US National Security Agency (NSA) has developed tools to spy on traffic running through their equipment

Boko Haram's Doomed Marriage to the Islamic State (War on the Rocks) When the Nigerian jihadist group popularly known as Boko Haram publicly pledged its allegiance to the Islamic State in March 2015, this new alliance made perfect sense to both groups

Agent Tesla Keylogger delivered using cybersquatting (ZScaler) Zscaler ThreatLabZ recently came across an attack chain in which cybersquatting was being used to deliver a commercial keylogger, called “AgentTesla,” with an intent to steal confidential information. The keylogger payload was configured to relay the stolen information back to the cyber-squatted domain, which had been registered two months prior to the attack

Ramnit Trojan rides again, targets customers of six major UK banks (Help Net Security) The infamous Ramnit Trojan is on the prowl again, and this time it targets personal banking customers of six unnamed UK banks

Nightmare on Tor Street: New Ursnif Variant Dreambot Adds Tor Functionality (Proofpoint) One of the most active banking Trojans that we have observed recently in email and exploit kits is one often referred to as Ursnif or Gozi ISFB [6]. Thanks to Frank Ruiz from FoxIT InTELL, we know that the actor developing one of its variants since 2014 has named this variant Dreambot. The Dreambot malware is actively evolving, and recent samples in particular caught our attention for their addition of Tor communication capability, as well as peer-to-peer (P2P) functionality

Anatomy of a cryptographic collision – the “Sweet32” attack (Naked Security) Researchers at the Institute for Research in Computer Science and Automation in France (INRIA) have come up with the latest BWAIN

Monitoring SSL traffic now everyone's concern: A10 Networks (ZDNet) As the uptake of SSL grows, Tim Blombery, systems engineer at A10 Networks, said threat actors are increasingly leveraging SSL-based encryption to hide malicious activity

Cyberattack could impact 148,000 with Highmark Medicaid (Delaware Online: the News Journal) Close to 150,000 Delaware Medicaid clients enrolled in Highmark Health Options are being notified this week that a cyberattack at the end of May could have compromised their health plan information

Brainjacking: Hacking brain implants (Help Net Security) Did you know that Dick Cheney, former US Vice President who held that office from 2001 to 2009, had the wireless telemetry on his implantable cardioverter-defibrillator disabled during his time in office for fear of political assassination?

Essential Pokémon GO protection tips (Help Net Security) Since its release, Pokémon GO has become the most downloaded game in history on iOS and Android. However, Gemalto is now warning its millions of players around the world to stay safe and ensure they only battle fellow players’ gyms, not viruses and identity theft

Security Patches, Mitigations, and Software Updates

Apple plugs three actively exploited iOS zero-days (Help Net Security) Owners of Apple’s mobile devices are advised to upgrade to iOS version 9.3.5 as soon as possible, as it fixes three zero-day vulnerabilities actively exploited in the wild

Cisco starts patching firewall devices against NSA-linked exploit (Computerworld) Cisco has released some fixed versions of its Adaptive Security Appliance firewalls, and more patches are expected

Dropbox prompts certain users to change their passwords (CSO) The move appears to be a precautionary measure

Google to rate down sites with aggravating pop-up ads (Naked Security) Annoying pop-up ads that get in the way of content are going to be the new lead balloons: Google’s planning to penalize mobile sites that use them by placing those sites lower in its rankings

Cyber Trends

Russia More Prey Than Predator to Cyber Firm Wary of China (Bloomberg Technology) While the West sees Russia as a cyber predator, hackers in the East increasingly view it as prey, according to online security company Kaspersky Lab, which says there’s been a sharp spike in attacks from China

Cyber crime in India up 300% in 3 years: Study (Indian Express) India has emerged as one of the primary targets among cyber criminals with growing adoption of internet and smartphones, reveals the study

FireEye releases First Mandiant M-Trends Asia Pacific Report (Data Quest) FireEye released the first Mandiant® M-Trends® Asia Pacific report. The report shares statistics and insights gleaned from Mandiant investigations in the region in 2015, and examines the latest cyber trends and tactics threat actors used to compromise businesses and steal data

Stolen devices to blame for many breaches in the financial services sector (Help Net Security) Bitglass performed an analysis of all breaches in the financial services sector since 2006, with data aggregated from public databases and government mandated disclosures. They found that leaks nearly doubled between 2014 and 2015, a growth trend on track to continue in 2016

The current state of privileged access management practices (Help Net Security) There’s a widening gulf between organizations that adhere to best practices for privileged access management, according to BeyondTrust

Rules? What rules? Huge gap between parents and teens on digital guidelines (Silicon Beat) This shouldn’t come as a big surprise: There is a gap between teenagers and parents over their understanding of family rules about being online, according to a new study by the National Cyber Security Alliance

Marketplace

Stand-alone cyber coverage had direct loss ratio of 65.2%: Fitch (Canadian Underwriter) Cyber-related insurance products present a “significant growth opportunity” for property and casualty insurance carriers, with more than a third of the U.S. market held by American International Group Inc. and Chubb Ltd., Fitch Ratings Inc. suggested in a report announced Wednesday

Global mobile deep packet inspection market explodes (Help Net Security) The global mobile deep packet inspection (DPI) market will grow at an impressive CAGR of almost 22% until 2020, according to Technavio

Proofpoint buys Return Path’s email fraud protection division (BizWest) New York-based data-solutions provider Return Path has sold its Broomfield-based email fraud protection business unit to Proofpoint Inc. for $18 million

Cybersecurity business of Sypris Electronics sold to Analog Devices (Military Embedded Systems) Officials at Analog Devices, Inc. announced that the company has acquired the Cyber Security Solutions (CSS) business of Sypris Electronics LLC., in Tampa, Florida, which is owned by Sypris Solutions in Louisville, Kentucky

Cybersecurity Company Raises $1.2M in Seed Round to Protect ICS/SCADA Networks (PRNewswire) Dragos, Inc. to offer new threat hunting service and ICS-tailored technology

Closer Look: Qihoo Retires from Public View after Record Privatization (Caixin Online) Having pulled off the biggest privatization in history for a US-listed Chinese security software maker, Qihoo 360 is saying it isn't in any hurry to re-list in China. The strategy contrasts with the more than three dozen Chinese firms to announce similar plans to leave New York since last year, most of them hoping to quickly re-list in China at higher valuations

How IBM is pushing data-driven security (FedScoop) The perimeter strategy is no longer effective, an IBM senior security strategist said

Whatever we do is around mobile now: Akamai CEO Tom Leighton (Live Mint) Akamai CEO Tom Leighton on content delivery and Internet trends, and why it makes sense for Akamai to also sharpen its focus on enterprise security

CRN Exclusive: Palo Alto Networks CEO On Security Platform Evolution And When Partners Can Expect Traps To Take Off (CRN) The security industry is at an inflection point, and CEO Mark McLaughlin maintains he is confident that Palo Alto Networks is positioned to win in that shift

Valuing BlackBerry As A Security Software Company (Seeking Alpha) BlackBerry's market value as a security software and services company is at the low end among competitors. BBRY has more cash than most companies in this line of business. But having a handset business (barely) works against it being considered an S&S company

Leesburg’s PhishMe grows into cyber security powerhouse (Loudon Times-Mirror) Leesburg-based cyber security company PhishMe is making waves against fraudulent emails with a new, innovative approach

2016 IPO Prospects: Optiv Grows Inorganically (Seeking Alpha) Optiv is helping address the cyber security problems faced by organizations by offering a holistic approach as a solution provider, and not just a reseller. Optiv continues to grow inorganically. Since the start of the year it has made three acquisitions within the cyber security space. In April this year, Optiv was estimated to be valued at $2 billion

Muddy Waters claims device maker vulnerable to hackers (Financial Times) Muddy Waters, the hedge fund, on Thursday claimed that a pacemaker manufacturer’s life-saving devices are vulnerable to hackers, the first time a shortseller has publicly used alleged cyber security vulnerabilities to put pressure on a stock to fall

Cybersecurity Center in Colorado Springs to hire CEO and host national conference (Colorado Springs Gazette) The National Cybersecurity Center in Colorado Springs plans to hire a CEO next month and will host officials from across the country at a three-day conference in November at The Broadmoor

Products, Services, and Solutions

Zensar Technologies to showcase ‘Return on Digital’ solutions at Oracle Open World 2016 (Yahoo! Finance) Zensar Technologies, a leading digital solutions and technology services company, announced that it will exhibit digital solutions on the central theme of, ‘Return on Digital’ at this year’s Oracle Open World

Elcomsoft Phone Breaker 6.0 Decrypts FileVault 2, Downloads iCloud Photos, Retrieves Apple ID Password (PRNewswire) ElcomSoft Co. Ltd. releases a major update to Elcomsoft Phone Breaker, adding support for decrypting FileVault 2 volumes by downloading the Recovery Key from iCloud. The new release adds the ability to download existing and recently deleted photos from iCloud Photos, introduces the updated Keychain Explorer and the ability to cache online authentication credentials for streamlined subsequent logins into iCloud, Windows Phone and BlackBerry 10

CrowdStrike Integrates Scanning Engine With VirusTotal (Dark Reading) Machine Learning engine first in virus-scanning service to provide confidence levels with results, vendor says

AlienVault and Zscaler Announce Partnership to Provide Customers With Increased Security, Visibility and Control (MarketWired) Partnership extends the Zscaler Platform by integrating threat intelligence while augmenting AlienVault's Unified Security Management with Intelligent Nanologs to improve visibility and control

Balabit Recognized for Blindspotter Security Solution (Find Biometrics) Balabit has become a top-level award winner in this year’s Golden Bridge Awards. The company’s Blindspotter behavior analytics system netted the company a Gold award in the category of User Behavior Analytics (UBA) – Innovations

VMware Helps Service Providers Accelerate Production Deployment of Network Functions Virtualization With Growing Portfolio of VMware Ready Solutions (Yahoo! Finance) VMware, Inc. (VMW) today announced new VMware Ready™ for NFV certified solutions, further demonstrating its ongoing commitment to supporting communications service providers (CSPs) in the adoption and production deployment of Network Functions Virtualization (NFV). These new certified solutions from Brocade, Check Point, Infoblox, Mitel and Netrounds support virtualized mobile infrastructure and SD-WAN

RingCentral and Okta Partner to Enable the Future of Work with Seamless Mobility, Security and Communication (BusinessWire) New integration simplifies identity and access management for IT, supporting secure user access to RingCentral’s UCaaS cloud solutions

Armor helps streamline HITRUST certification (Help Net Security) As the healthcare industry continues to be a major cybercrime target, compliance has gained even more significance. HITRUST certification has emerged as the benchmark for healthcare organizations to demonstrate sound security policies and a commitment to patient privacy

The Password is Dead: MobileIron and Entrust Datacard Partner on Derived Credentials for Next-Generation Multi-Factor Authentication (PRNewswire) MobileIron (NASDAQ: MOBL), the stand-alone EMM leader, and Entrust Datacard, a leader of trusted identity and secure transaction technologies, today announced a technology alliance partnership to deliver derived credentials for next-generation multi-factor authentication

Security Firm Releases Decrypter for Alma Locker Ransomware (Softpedia) Victims can recover files for free without paying the ransom

TrapX launches ransomware deception tool, CryptoTrap (Healthcare IT News) The technology is effective at deceiving TeslaCrypt, Locky and 7ev3n ransomware families, luring hackers away from valuable data assets

Niara's PartnerWatch™ Extends UEBA Reach To Monitor and Track Third-Party Access to High Value Assets (MarketWatch) Advanced machine learning models use behavior profiling to detect misuse of credentials by compromised or malicious business partners

WhatsApp will share your phone number with Facebook (Help Net Security) For the first time in four years, WhatsApp is updating its Terms of Service and Privacy Policy, and the big news is that the messaging service will share users’ phone numbers with Facebook

Virtustream and Iron Mountain Join Forces to Build Cloud Platform for Enterprise Data Management (BusinessWire) Virtustream, the enterprise-class cloud services and software provider and an EMC Federation Company, today announced that Iron Mountain Incorporated (NYSE:IRM), the global leader in storage and information management services, has selected Virtustream® xStream® and Virtustream Viewtrust® software to orchestrate, automate and secure cloud storage services for Iron Mountain’s cloud-based service offerings

Managing Application State in Duo Insight (Duo) Duo Insight is our new free, easy-to-use risk assessment tool to help companies identify their users and devices that may be vulnerable to phishing attacks. One of the key user interface components of Duo Insight is the campaign wizard, where users can quickly and easily configure a phishing campaign using one of several pre-made services

Technologies, Techniques, and Standards

DRAFT NIST Special Publication 800-188: De-Identifying Government Datasets (NIST) The US Government collects, maintains, and uses many kinds of datasets. Every federal agency creates and maintains internal datasets that are vital for fulfilling its mission, such as delivering services to taxpayers or ensuring regulatory compliance. Federal agencies can use de-identification to make government datasets available while protecting the privacy of the individuals whose data are contained within those datasets

Helping to Secure Education Networks (AT&T) Schools and colleges are particularly vulnerable to attacks by cyber criminals. Here’s what education leaders can do to help prevent these incidents

Design and Innovation

This Biohacker Wants to Implant Cryptographic Keys Beneath Your Skin (Motherboard) The millennial trope of your phone feeling like another limb may not be so far off, with new technology that would allow much of the same information in your phone to be stored in a chip under your skin

Academia

Westpac, Deloitte-backed Day of STEM launches in Australia (ZDNet) Australian tech leaders have launched LifeJourney's Day of STEM program, using the power of the industry to get the word out to inspire kids to take up a career in the tech industry

Going Global: SUU Will Train Vietnam's Next Cyber Security Experts (Utah Policy) Information technology students in southeast Asia will soon be taking graduate-level cybersecurity courses from Southern Utah University

Legislation, Policy, and Regulation

Russian “New Generation” Warfare: Theory, Practice, and Lessons for U.S. Strategists (Small Wars Journal) Russian unconventional warfare—dubbed by analysts as “new generation” warfare—elevates the psychological and popular aspects of conflict more so than any of its geopolitical partners and rivals

Polish think-take advocates offensive cyber stance for NATO (IHS Jane's Defence Weekly) NATO should opt for developing offensive cyber capabilities as opposed to only defensive ones, says one of Poland's leading security think-tanks. The mixed nature of hybrid warfare requires the shift, it argues in a new paper

Canada’s Spy Agency Now Intercepting Private Messages 26 Times More Than Previously (VICE) Federal spies in Canada have ramped up the monitoring of phone calls and online messages—but it's not clear why

Experts: Org chart and budget, not technology, is key to federal cybersecurity (FedScoop) Boring work in the back offices is what's needed — not another shiny new piece of security technology

Litigation, Investigation, and Law Enforcement

Court orders State to hand over new Clinton emails by Sept. 13 (Washington Examiner) A federal court ruled Thursday that the State Department has until Sept. 13 to begin handing over emails recovered by the FBI from Hillary Clinton's private server

Graham: Let special prosecutor probe Clinton emails (The Hill) Sen. Lindsey Graham (R-S.C.) is joining a growing number of GOP lawmakers calling for an independent prosecutor to look into Hillary Clinton's emails

Submarine Data Leak Could be Setback for Indian Navy (Voice of America) A massive leak of secret data relating to the combat capabilities of submarines being built for the Indian navy by a French shipbuilder could delay their induction as India investigates the huge security breach

Islamic State group recruiter Hamdi Alqudsi 'loves Australia' (BBC) A Sydney man who helped seven young men travel from Australia to Syria to join the Islamic State conflict has told a court he is "not a terrorist"

Russian Lawmaker’s Son Convicted in U.S. of Hacking Scheme (Bloomberg) The son of a Russian lawmaker was convicted of orchestrating a global hacking bonanza in what a U.S. prosecutor called one of the most prolific credit card trafficking schemes in history

US authorities investigate cyber-attack against Ghostbusters actress Leslie Jones (BBC) US authorities have launched an investigation into the hacking of Leslie Jones' website and iCloud account after intimate photos of the actress were posted online

Leslie Jones website hack reveals stars' tricky cyber landscape (Chicago Tribune) The hateful hack of comedian Leslie Jones' personal website reveals the tricky cyber landscape celebrities tread and the murky legal protections that exist for personal digital content

Massachusetts man admits hoax distress calls to Coast Guard (Stars and Stripes) A Massachusetts man has pleaded guilty to making hoax radio distress calls to theCoast Guard that prompted fruitless searches that wasted time and resources

Cyber Attack Hove Man Sentenced (Juice 107.2) A man who bombarded Sussex Police's contact centre with 3,000 emails in just six hours has been sentenced to ten months in jail, suspended for 18 months

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

HTCIA International Conference and Training Expo (Summerlin, Nevada, USA, August 28 - 31, 2016) The High Technology Crime Investigation Association (HTCIA) sponsors this conference for professionals in law enforcement cyber security and cyber forensic investigations. College and university faculty...

2016 Government Cyber Security SBIR Workshop (Washington, DC, USA, August 30 - September 1, 2016) The 2016 Government Cyber Security SBIR Workshop affords Small Business Innovation Research (SBIR) awardees in the completed Phase II or Phase III processes the opportunity to collaborate and present their...

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater...

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

Upcoming Events

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.