skip navigation

More signal. Less noise.

Daily briefing.

Iran says that a recent series of fires at its petrochemical facilities were not the result of a cyberattack. Official sources report that such facilities had sustained attempted attacks, but those attempts were unsuccessful and unrelated to the fires.

Observers react to reports by Citizen Lab and Lookout of iOS zero-days (since patched by Apple) actively exploited by surveillance tools provided by NSO Group. Some take this as another reason to forego hoarding zero-days, reinforcing conclusions already being drawn on the strength of the Shadow Brokers' leaks.

The Shadow Brokers incident is regarded by many as an escalation of US-Russian conflict to levels not seen since the Cold War. Concerns for upcoming US elections—vulnerable to both information operations and direct manipulation of electoral returns, many fear—prompt some (not universally welcomed by the states) gestures toward infrastructure protection from the US Department of Homeland Security.

Security firm MedSec Holdings makes unusual and controversial use of its vulnerability research: it reported pacemaker bugs not to manufacturer St. Jude, but to Muddy Waters Capital, a hedge fund that shorted St. Jude stock, then announced the vulnerabilities. MedSec is reported to be sharing profits from the short selling. Thus shorting stock now seems an alternative to bug bounties?

FireEye reports that a new variant of RIPPER malware was used recently to skim money from ATMs in Thailand.

Reculer pour mieux sauter: the US again rethinks its social media information operations against ISIS, apparently hoping to enlist third-parties in preference to direct messaging.

Notes.

Today's issue includes events affecting Australia, Austria, Bahrain, China, Hungary, Iran, Israel, Kenya, Mexico, Morocco, Mozambique, Nigeria, Qatar, Russia, Saudi Arabia, Taiwan, Thailand, Turkey, United Arab Emirates, United States, Uzbekistan, Yemen, and Zimbabwe.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Markus Rauschecker, from our partners at the University of Maryland's Center for Health and Homeland Security, who'll discuss Presidential Policy Directive 41, "United States Cyber Incident Coordination." If you enjoy the podcast, please consider giving it an iTunes review.

​3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain​ (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Cyber Attacks, Threats, and Vulnerabilities

Official Confirms Cyber Attacks on Iran’s Petchem Industry (Tasnim News Agency) Head of Iran’s Civil Defense Organization Brigadier General Gholam Reza Jalali confirmed cyber attacks targeting the country’s petchem industry, but said they were not the cause of recent blazes in some petrochemical complexes

Cyber attacks breach Australian government networks (Radio New Zealand) Computer hackers based in China are suspected over sensitive Australian government and corporate computer network breaches over the past five years

Submarine Data Leak Roils Three Governments (Defense News) The revelation Aug. 24 by an Australian newspaper that thousands of pages of presumably secret submarine documents were on the loose shook governments in Canberra, New Delhi and Paris

Apple iPhone hack raises fears about mysterious cyber weapon company (New Daily) Millions of Apple iPhone and iPad users have been urged to update their iOS software immediately, after an Israeli cyber arms firm created weaponry which can attack every single handset

Inside 'Pegasus,' the impossible-to-detect software that hacks your iPhone (Business Insider) The hacking software that completely takes over an Apple iPhone and turns it into a mobile surveillance device is pretty terrifying

A closer look at the NSO Group, the organization behind the most advanced iPhone spyware ever released (BGR) Late last week, security researchers uncovered what may very well be the most advanced mobile hacking tool we’ve seen to date

British Companies Exporting Advance Spy Tech to Interntional Authoritarian Governments (International Business Times) Devices capable of recording mobile phone calls among those sold

The Cost of Using Zero-Days (Lawfare) I'm quite proud of my officemate, Bill Marczak, who with along with John Scott-Railton discovered an iOS zero-day apparently used by the United Arab Emirates to attack human-rights activist Ahmed Mansoor

Zero-days: Why these security flaws are so dangerous and expensive (Christian Science Monitor Passcode) Hackers hunt for them and governments around the world use them to carry out spy operations

When Governments Hack Their Way Into Your iPhone (Haaretz) The NSO case reveals the dangers of the cyberwarfare trade, and how easily governments can use it against their own citizens

Disarming a Cyber Mercenary, Patching Apple Zero Days (Ronald Diebert) I am pleased to announce a new Citizen Lab report: “The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender,” authored by senior researchers Bill Marczak and John Scott Railton

Militärs und Polizei regieren "Cyber-Schurkenmarkt" (FM4) Der Schwarzmarkt für Schadsoftware ist längst jenseits jeder Strafverfolgung angesiedelt, da er von Militärs und Polizei westlicher Demokratien regiert wird

Cyber Cold War: Unmasking the ‘Russian Hacker’ (Computer Business Reivew) Analysis: From IP smokescreens to political espionage - CBR separates fact from fiction in the recent surge in attacks purportedly from Russia

Equation Group Hacking Tool Dump: 5 Lessons (Inforisk Today) Security experts outline enterprise defense essentials

The cyber hack that could swing an election (Financial Times) ‘The bizarre has almost become the norm in US politics this past year’

WikiLeaks malware causes problems for unsuspecting users (Trend Micro: Simply Security) When WikiLeaks founder Julian Assange created his organization in 2006, he leaked thousands of documents that alleged government misconduct

Indian Enterprises Easy Prey for Pakistani Hackers (InfoRisk Today) Why have Website defacements become so common?

Opera warns Sync users of possible data breach (CSO) Browser developer says that incident could impact 1.7 million users

New Linux Trojan Capable Of Creating P2P Botnet (NWPC Switzerland) Security researchers have discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer (P2P) botnet

GoDaddy customers targeted by clever phishing scam (HackRead) Another day another phishing scam — this time, it's the GoDaddy customers

New RIPPER Malware Suspected Behind Thailand ATM Heists (Softpedia) FireEye researchers discover new RIPPER ATM malware

Dropbox users details may have been compromised (CRN) Dropbox has recommended some users to update the log in credentials for their account because a group of member emails and passwords may have been compromised

Another Denuvo-protected game cracked just weeks after release (Ars Technica) Quick Inside crack shows that industry's best DRM is no longer safe

DNS Security – Why Cyber Criminals Want to Take Over Your Internet Traffic (Heimdal Security) Sometimes, when I go about my daily tasks, mostly glued to my laptop, I realize that maybe I’m taking technology for granted

Keystroke Recognition Uses Wi-Fi Signals To Snoop (Threatpost) A group of academic researchers have figured out how to use off-the-shelf computer equipment and a standard Wi-Fi connection to sniff out keystrokes coming from someone typing on a keyboard nearby

Tracking Instagram’s money-flipping scammers (TechCrunch) Trying to get more followers on Instagram? If you follow a few verified banks and financial institutions, you’ll suddenly end up with dozens of new followers. There’s just one drawback: Your new followers are trying to scam you

Russian Doping Whistleblowers Fear for Their Lives After Cyber Attack (NBC News) The couple was tense when we met in a nondescript hotel room somewhere in the United States. We were asked not to reveal the exact location of the rare interview and only learned it ourselves at the last minute

Data breach at Kentucky Fish and Wildlife reveals some customer information (Lexington Herald-Leader) A data breach at the Kentucky Department of Fish and Wildlife Resources might have revealed some customers’ personal information, the agency said Friday

Alleged hacker claims he may sell game licensees' information (Mail Tribune) A computer hacker calling himself "Mr. High" claims he stole and may sell names and other personal identification from nearly 1.2 million people who bought Oregon hunting and fishing licenses through a private vendor

Cyber Trends

The Hype—and Hope—of Artificial Intelligence (New Yorker) Earlier this month, on his HBO show “Last Week Tonight,” John Oliver skewered media companies’ desperate search for clicks

Artificial intelligence and the future of cyber-security (SC Magazine) Alexandre Arbelet and Daniel Brown explain the role of artificial intelligence in enhancing cyber-security

New study highights important talks about tech you should have with your kids (Chicago Now) Parenting teens and tweens in the digital age is something that we are all figuring out together, and most parents are very well aware that there are many important talks about tech you should have with your kids

Analysis: FireEye Report on APAC Data Breach Challenges (InfoRisk Today) Experts recommend ways to improve detection, response

Improving Incident Response in the Middle East (InfoRisk Today) Perspectives from a Saudi Arabian security practitioner

Why Choosing a Security Solution Is Getting Tougher (InfoRisk Today) Trend Micro CTO Raimund Genes shares insights on the evolving security industry

RSA's Yoran Issues Call to Action (InfoRisk Today) Security leaders respond to president's keynote address

This is what happens when bots influence cart abandonment in eCommerce (Shield Square) With the proliferation of mobile devices, and faster Internet connectivity, ​eCommerce websites are capitalizing on this boom by trying to acquire as many customers, and sell them as many products. However, almost all of these websites will be facing a common problem: cart abandonment

Marketplace

Muddy Waters Is Short St. Jude Medical, Inc. (STJ) (Value Walk) Muddy Waters Capital is short Short St. Jude Medical, Inc. (NYSE:STJ).1 There is a strong possibility that close to half of STJ’s revenue is about to disappear for approximately two years. STJ’s pacemakers, ICDs, and CRTs might – and in our view, should – be recalled and remediated

Unusual stock move shakes up cyber community (The Hill) An investment firm’s use of medical device security research has alarmed many within the cybersecurity and healthcare fields, and excited others

MedSec's Bone: Hope St. Jude Responds With Urgency (Bloomberg) MedSec Holdings CEO Justine Bone discusses St. Jude Medical's cybersecurity risks

MedSec goes its own way with medical device flaw (SC Magazine) In an arrangement that has raised both eyebrows and ethical ondisclosure questions among security pros, when cybersecurity firm MedSec detected a flaw in a medical device from St. Jude Medical, it eschewed seeking a bug bounty from the manufacturer for the find and instead partnered with an investment firm to capitalize on its knowledge and short sell stock in the device manufacturer

MedSec and Muddy Waters Partnership may put Profit over Responsible Disclosure (Bleeping Computer) Typically when information security firms discover vulnerabilities in hardware or software, they disclose them to the manufacturer so that they can be fixed. Healthcare security firm, MedSec, is breaking from this norm

Notes on that StJude/MuddyWatters/MedSec thing (Errata Security) I thought I'd write up some notes on the StJude/MedSec/MuddyWaters affair

Rackspace taken private in US$4.3 billion deal (CRN) Cloud services provider Rackspace Hosting said it agreed to be taken private by Apollo Global Management LLC in a deal valued at US$4.3 billion, as the private-equity firm boosts its investments in the technology sector

Microsoft and Cisco join Chinese cyber security programme (Computer Business Review) News: Chinese government signals greater cooperation on cyber security standards

NASA CIO allow HPE contract's authority to operate to expire (CSO) In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise

Why this major Navy program could spell trouble for Hewlett-Packard Enterprise Co. (Washington Business Journal) Hewlett-Packard Enterprise Co.’s (NYSE: HPE) public sector services portfolio is heavily weighted toward one U.S. Navy contract, which is a concern not only because it will be recompeted in two years but also that the Navy’s shifting IT procurement strategy could severely diminish the role HPE plays on it

Splunk: You Really Need A Scorecard To Tell Who's On First (Seeking Alpha) Splunk reported the results of its fiscal Q2 late last week and beat revenue and EPS estimates. The shares declined by 10% because the company did not raise Q3 guidance above the consensus (it did raise full-year guidance) due to more ratable bookings. The company saw a couple of downgrades by some less observant analysts. It almost certainly significantly beat its bookings target for the quarter

Get to know HackerOne: The firm that helped hackers breach the Pentagon (FedScoop) The company that holds bug bounties for various companies — as well as the Defense Department — held an AMA on Reddit recently. Here's what we learned

San Diego's next big growth industry: cybersecurity (San Diego Union Tribune) Private sector cybersecurity job growth topped 19% last year

Products, Services, and Solutions

WhatsApp’s Privacy Cred Just Took a Big Hit (Wired) For the first time since even before Facebook acquired it in a whopping $19 billion acquisition two years ago, WhatsApp has changed its terms of service. This time, you’ll want to read them very closely

HP Laptops Block Unwelcome Snoopers (HackRead) HP’'s business laptops will make over-shoulder snooping impossible

Invincea's Next-Generation Machine Learning Engine Featured on VirusTotal (MarketWIred) First next gen machine learning engine to identify malware family for unknown programs

RiskSense Selected Best Cyber Risk Management Software of the Year (BusinessWire) Cyber risk management platform honored for its intelligence-driven analytics that drive real-time threat identification and prioritized remediation across entire attack surface

Microsoft takes stand against hate speech, unveils new tools for its applications (Economic Times) In an effort to curb hate speech and ensure safe online communities, Microsoft has announced a new dedicated web form for reporting hate speech on its hosted consumer services and a separate online form for petitions to reconsider and reinstate content

Technologies, Techniques, and Standards

DNSSEC: Don’t throw the baby out with the bath water (Help Net Security) DNSSECA recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. The article reported that DNSSEC-signed domains can be used to conduct reflected DDoS attacks with large amplification factors (averaging 28.9x in their study) that could potentially cripple victim servers. The report went on to recommend that organizations deploying DNSSEC should configure their DNS servers to prevent this and other types of abuse

What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams (InformationWeek) If your organization doesn't run its own threat analysis center, it may be worth hiring a hunt team to watch your back. Here's what you need to know

How much of a risk is BYOD to network security? (Help Net Security) We’re all familiar with BYOD dangers: data breaches exploited because of a lack of proper security protocols and encryption on devices or missed operating system updates; data leakage as a result of device software not being regularly updated; malware on the device finding its way onto the corporate network. Then there are the tech savvy employees who try to bypass restrictions, or misuse Wi-Fi and the careless ones who lose these ‘always-on’ personal devices

The smartest way to stay unaffected by ransomware? Backup! (Emsisoft) Here at Emsisoft, we know that ransomware is now the most consistently problematic type of malware to effect internet capable devices and businesses. As a security software vendor you might expect that with this blog post we would try to sell you our product as the ultimate solution against ransomware. A quality anti-malware program is vital. Our software in fact is specialized in finding and blocking ransomware, but there is one additional layer of protection you need to consider

When it comes to protecting personal data, security gurus make their own rules (San Jose Mercury News) Marcin Kleczynski, CEO of a company devoted to protecting people from hackers, has safeguarded his Twitter account with a 14-character password and by turning on two-factor authentication, an extra precaution in case that password is cracked

What’s next for threat intelligence? (Information Age) Sharing cyber threat intelligence is pivotal in defending against future cyber attacks

How to opt out of WhatsApp sharing your phone number with Facebook (Naked Security) Nearly two and a half years after Facebook acquired WhatsApp, and despite Whatsapp CEO Jan Koum saying at the time of the acquisition that user privacy wouldn’t suffer, the services are about to get a little bit friendlier with their data sharing

Real-life examples test whether you are prepared for a cyberattack (CSO) These tabletop exercises will update your response plan for live action

How (and Why) to Safely Open Your Wi-Fi Network During a Disaster (Wired) After an earthquake rattled through Italy yesterday, flattening towns and leaving at least 250 dead, the Italian Red Cross asked average citizens to help out … by handing over their Wi-Fi. In a tweet, the organization requested people in earthquake-affected areas disable password protection on their home Wi-Fi networks so everyone could get on the web in a hurry

Jacobson: Email hacked? Here's what to do (Des Moines Register) Today, people are more aware of the possibility of their email being "hacked." There is a big difference between the typical user email hack and the type of email hacking against the national political parties where attackers gained access to the email system and therefore access to all of the party's emails

Design and Innovation

Future iPhones might grab a thief’s photo and fingerprint when stolen (Naked Security) Apple may be working on anti-theft technology to protect iPhones that would covertly snap a photo of (what the device assumes is potentially) the thief, capture their fingerprint, shoot some video and/or record audio

Research and Development

World’s first flexible security Secure Cryptoprocessor with adjustable security level (Okayama University e-Bulletin) Information security technology is necessary for the Cloud and IoT era. Particularly, public key cryptography such as RSA cryptography and elliptic curve cryptography plays an important role since it enables digital authentications for users and devices

Academia

DU program tackles lack of cybersecurity experts amid rise in computer hacking attacks (Denver Post) In Colorado alone there are as many as 12,000 unfilled cybersecurity jobs

Legislation, Policy, and Regulation

U.S. Revamps Line of Attack in Social-Media Fight Against Islamic State (Wall Street Journal) After online efforts fizzle, government turns to encouraging others to join battle to counteract the terrorist group’s propaganda

Inside the Head of an ISIS True Believer (Daily Beast) The so-called Islamic State vows to endure and expand. But under relentless pressure, it’s shrinking. How do its partisans think they can endure? Here’s what one says

'Cyber Crimes Bill will protect all' (Bulawayo) The Computer Crimes and Cyber Protection Bill is there not to protect Government, Cabinet ministers or Zanu-PF, but to protect Zimbabweans. This must never be seen to be favouring anyone, but should be seen for what it is – to protect every Zimbabwean

Elections security: Federal help or power grab? (Politico) Some state election officials say offers to aid the fight against hackers could lead to Washington taking greater control

Former cybercop gives administration D-minus on cybersecurity (Federal Times) Despite a number of new laws and executive orders in the last decade, not much has changed in the government's approach to improving cybersecurity. For example, the president's Cybersecurity National Action Plan has surprisingly few new ideas

NGA’s Conner Moves Cybersecurity ‘at the Speed of Mission’ (Meritalk) Like Federal entities and tech companies nationwide, the National Geospatial-Intelligence Agency (NGA) is working on solutions for good cybersecurity practices

Undersecretary of Defense Visits U.S. Navy's Cyber Thought Leaders (DVIDS) The Undersecretary of Defense for Acquisition, Technology and Logistics (AT&L), Frank Kendall, visited the U.S. Navy's Space and Naval Warfare Systems Command's (SPAWAR) Old Town Campus and SPAWAR Systems Center Pacific's (SSC PAC's) facilities Aug. 24, 2016

Litigation, Investigation, and Law Enforcement

Congress urged to investigate security concerns raised by Apple flaws used by ‘digital arms dealers’ (Washington Times) Rep. Ted Lieu, who has a degree is computer science, urged his colleagues Thursday to hold a hearing on mobile phone security after Apple rushed to repair critical iPhone vulnerabilities reportedly being leveraged by state-sponsored hackers

Congressman to FCC: Fix phone network flaw that allows eavesdropping (Ars Technica) SS7 weakness, leak of phone numbers could let hackers spy on "half of Congress"

FBI vs. State Department Over Hillary Clinton’s Secrets (Daily Beast) The FBI and the State Department are squabbling over whether Clinton’s personal lawyers had the right security clearances to personally store her emails

Hillary Clinton Deleted Emails Using Program Intended To ‘Prevent Recovery’ (Daily Caller) Hillary Clinton’s team of aides and lawyers deleted emails from her private server using a software program intended to “prevent recovery” and hide traces of deleted files

Hackers insert malware onto Thai ATMs, steal 12 million baht (Naked Security) The central bank of Thailand (BoT) has shut down about half of its ATMs, suspecting an Eastern European gang of being responsible for planting malware on the machines in order to siphon off 12 million baht ($350,000, £263,000)

HostSailor Threatens to Sue KrebsOnSecurity (KrebsOnSecurity) Earlier this month, KrebsOnSecurity published The Reincarnation of a Bulletproof Hoster, which examined evidence suggesting that a Web hosting company called HostSailor was created out of the ashes of another, now-defunct hosting firm notorious for harboring spammers, scammers and other online ne’er-do-wells

Chinese man arrested in Hong Kong over FACC cyber attack in Austria (Business Insider) A Chinese citizen has been arrested in Hong Kong in connection with a cyber attack that cost Austrian aerospace parts maker FACC 42 million euros ($47.39 million), Austrian police said on Friday

US unveils charges against KickassTorrents, names two more defendants (Ars Technica) Admins gave users who uploaded up to 1,000 torrent files "Achievement" awards

FBI’s stingray quickly found suspect after local cops’ device couldn’t (Ars Technica) New court filings in US v. Ellis show the lengths that Oakland police, FBI went to

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Innoexcell Annual Symposium 2016 (Singapore, September 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This...

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the...

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals...

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate...

Upcoming Events

HTCIA International Conference and Training Expo (Summerlin, Nevada, USA, August 28 - 31, 2016) The High Technology Crime Investigation Association (HTCIA) sponsors this conference for professionals in law enforcement cyber security and cyber forensic investigations. College and university faculty...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

2016 Government Cyber Security SBIR Workshop (Washington, DC, USA, August 30 - September 1, 2016) The 2016 Government Cyber Security SBIR Workshop affords Small Business Innovation Research (SBIR) awardees in the completed Phase II or Phase III processes the opportunity to collaborate and present their...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.