skip navigation

More signal. Less noise.

Daily briefing.

An FBI report that "foreign hackers" (and for "foreign hackers" most observers are reading "Russian intelligence services") last month penetrated two US state election databases contributes to worries about election hacking. The affected states appear to be Illinois and Arizona. The SQL injection attacks used commonly available, off-the-shelf tools: SQLMap, DIRBuster, and Acunetix.

Offering some useful perspective, Motherboard points out that state election databases have not only been hacked before, but the information they contain is often made readily available by state officials themselves. Besides, the number of records taken was relatively small—about 200,000 in Illinois. What's troubling is not the breach itself, but the foreign involvement (and the foreign interest), the context provided by other hacks of political parties and campaigns, and the fears of data manipulation the incidents stoke.

The Trident zero-day affair raises similar questions. As Haaretz asks about the jailbreaking attempt against an Emirati dissident's iPhone, if a security service can do that, what's to stop them from electronically framing people for crimes? (Which seems to have already occurred in Turkey.) So too with manipulation of election data.

ISIS and al Qaeda internal discontents may be affecting jihadist information operations capabilities.

St. Jude Medical strongly disputes the pacemaker vulnerabilities disclosed in the course of short-selling by Muddy Waters Capital and MedSec. The device manufacturer says the exploits as described aren't possible.

The RIPPER ATM malware FireEye found in Thailand may use a rogue EVM chip.

Level 3 researchers describe the risk of IoT-based DDoS campaigns.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, Colombia, France, India, Iran, Ireland, Israel, Kazakhstan, Republic of Korea, Mexico, Panama, Russia, Saudi Arabia, Taiwan, Thailand, Trinidad and Tobago, Uganda, United Arab Emirates, United Kingdom, United States, and Uzbekistan.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Ben Yelin from the University of Maryland's Center for Health and Homeland Security comments on how Muddy Waters and MedSec shorted St. Jude stock on the strength of publicly disclosed vulnerability research. Our guest, Dan Lohrmann, Chief Security Officer at Security Mentor talks about preventing C-Suite fraud (and everything you wanted to know about spearphishing and whalephishing). As always, if you enjoy the podcast, please consider giving it an iTunes review.

.

​3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain​ (Baltimore, MD, USA, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Cyber Attacks, Threats, and Vulnerabilities

FBI says foreign hackers penetrated state election systems (Yahoo! News) The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials

After Illinois hack, FBI warns of more attacks on state election board systems (Ars Technica) Concern about more attacks mounting as presidential elections approach

FBI: Common scanning tools used to target state election systems (CSO) Basic VPS hosting providers used to launch scans with SQLMap, Acunetix, and DirBuster

Hackers had a chance to hamper voting by deleting records (CSO) In June, attackers managed to steal administrative login credentials from a county official in the U.S.

Voter Records Get Hacked a Lot, And You Can Just Buy Them Anyway (Motherboard) On Monday, Yahoo reported the FBI had uncovered evidence that foreign hackers had breached two US state election databases earlier this month. The article, based on a document the FBI distributed to concerned parties, was heavily framed around other recent hacks which have generally been attributed to Russia, including the Democratic National Committee email dump

Hack Brief: As FBI Warns Election Sites Got Hacked, All Eyes Are on Russia (Wired) In any other year, hackers breaking into a couple of state government websites through common web vulnerabilities would hardly raise a blip on the cybersecurity community’s radar

Reid asks FBI to probe threat of Russian election tampering (AP via Yahoo! Finance) Senate Minority Leader Harry Reid is asking the FBI to investigate the threat of Russian tampering with U.S. elections, including potentially falsifying election results

How to hack- and rig-proof U.S. elections (Washington Post) A Monday report from Yahoo News’s Michael Isikoff raised concerns that this year’s election will be rigged — though not in the way Donald Trump has predicted. Election systems in at least two states — Arizona and Illinois — have been compromised, seemingly by foreign hackers, possibly operating out of Russia or Iran

NYTimes: Kremlin Likely Behind the Attack (Infosecurity Magazine) The cyber-attack that targeted the New York Times’ Moscow bureau earlier this month is now suspected to have been carried out by hackers tied to the Russian military

If Spies Can Hack Our iPhones, What’s Stopping Them From Framing Us for Crimes? (Haaretz) Instead of being astonished by the ease with which an Israeli firm’s software can hijack ‘secure’ devices, we need to put in place laws governing how all actors can use this personal data

Israel's secretive surveillance industry in the spotlight following iPhone spyware discovery (PRI) The discovery of sophisticated spyware to infiltrate and remotely take control of iPhones without leaving a trace has put a spotlight on Israel's secretive surveillance industry, considered among the world's most advanced

Two Months of Internet Blackouts Have Taken a Toll on Kashmir (Motherboard) Earlier this summer, the north Indian state of Kashmir was hit with a new wave of riots when young militant leader Burhan Wani was killed by state police.

Leaked ISIS Documents Show Internal Chaos (Daily Beast) Reading the recently captured ISIS documents is like watching a bad comedy about embezzlement, infiltration, and bureaucratic infighting

U.S. intelligence sees Islamic State as weakened after series of defeats (Los Angeles Times) The Pentagon and U.S. intelligence agencies now view Islamic State as a shrinking and increasingly demoralized military force, a sharp shift from the seemingly invincible extremist army that declared an Islamist caliphate two years ago

Once a Qaeda Recruiter, Now a Voice Against Jihad (New York Times) In the four years that he ran the Revolution Muslim website out of his walk-up apartment in Flatbush, Brooklyn, Jesse Morton became one of the most prolific recruiters for Al Qaeda, luring numerous Americans to the group’s violent ideology

Ghost Squad Shuts Down Israeli Prime Minister, Bank of Israel websites (HackRead) The Ghost Squad hackers shut down israeli prime minister office and the Bank of Israel Website in support of Palestine

St Jude calls easily hackable pacemaker claims 'false and misleading' (Network World) St. Jude came out swinging, calling MedSec and Muddy Waters' report on how easily its pacemakers could be hacked 'false and misleading'

Pacemaker Hacking Fears Rise With Critical Research Report (Threatpost) Pacemakers, defibrillators and other medical devices made by a leading medical equipment maker are vulnerable to potentially “catastrophic” cyberattacks

Medical device security ignites an ethics firestorm (CSO) Security firm Medsec tried to use its research findings to drive down the stock of St. Jude Medical

Thousands of Australian computer log-ins up for sale on dark web (Australian Broadcasting Corporation) Computers from a federal research network, a peak sporting body, a school and a local council are among tens of thousands of machines which have been hacked and had their login details put up for sale in a dark web marketplace, a Four Corners investigation has revealed

Sophisticated malware possibly tied to recent ATM heists in Thailand (CSO) The Ripper malware allows attackers to withdraw money from ATMs with specially made cards

RIPPER ATM Malware Uses Malicious EVM Chip (Threatpost) A never-before-seen malware family known as RIPPER is being blamed for a rash of ATM heists in Thailand last week. The malware, found by researchers at FireEye, is responsible for the theft of 12 million baht ($378,000) from ATMs at banks across Thailand

Google Chrome users targeted by tech support scammers (Help Net Security) Google Chrome users, beware: tech support scammers are misusing helpful browser features to impersonate Microsoft and to bombard users users with pop-ups

XSS flaw in D-Link NAS devices allows attackers to mess with your data (Help Net Security) Security researcher Benjamin Daniel Mussler has unearthed an XSS flaw affecting seven D-Link NAS devices – a flaw which could allow attackers to access the devices and peruse and change the stored contents

Australia Census 2016: Cyber attack and huge traffic ‘foreseeable’ (Melbourne Herald Sun) The Australian government should have been better prepared for a potential cyber attack and huge amount of website traffic on Census night, Telstra’s chief Information Security officer says

Attack of Things! (Level 3 Communications Blog) The rush to connect everything to the internet is leaving millions of everyday products vulnerable and ripe for abuse. We’ve seen internet connectivity added to appliances, athletic clothing, pill bottles and even forks

Attack of Things: Level 3 Threat Research Labs Releases New Malware Research (Level 3 Communications) The Level 3 Threat Research Labs, Level 3 Communications' (LVLT) threat intelligence and research arm, unveiled new research about the botnet size and behavior for the malware commonly referred to as Lizkebab, BASHLITE, Torlus or gafgyt, including botnet size and victim stats

The Kelihos Botnet Shifts to Banking Trojans and Ransomware Distribution (Virus Guides) The MalwareTech security expert discovered that the Kelihos botnet, also known as Waledac, has started dropping banking Trojans and ransomware instead of its standard “pump-and-dump” spams while adding more and more new bots during the summer

Meet USBee, the malware that uses USB drives to covertly jump airgaps (Ars Technica) Technique works on virtually all USB drives with no modifications necessary

Linux servers hit with FairWare ransomware – or is it just a scam? (Help Net Security) Users posting on Bleeping Computer’s forums have alerted the world to a new threat targeting Linux server admins: the FairWare ransomware

Social media, the gateway for malware (CSO) Why the Common Vulnerability Scoring System (CVSS) doesn't give an accurate picture of the security risks from social media sites

Cyber threat grows for bitcoin exchanges (Reuters) When hackers penetrated a secure authentication system at a bitcoin exchange called Bitfinex earlier this month, they stole about $70 million worth of the virtual currency

Inside ‘The Attack That Almost Broke the Internet’ (KrebsOnSecurity) In March 2013, a coalition of spammers and spam-friendly hosting firms pooled their resources to launch what would become the largest distributed denial-of-service (DDoS) attack the Internet had ever witnessed

Critical Infrastructure: The Next Cyber-Attack Target (Dark Reading) Power and utilities companies need a risk-centric cybersecurity approach to face coming threats

Going Beyond Cybersecurity Compliance (IEEE Power and Energy) What power and utility companies really need to consider

Gotta Hack em’ All: Pokémon Go, Security and Privacy Awareness (Infosecurity Magazine) Pokémon Go made a big splash for many reasons when it was first released to iPhone and Android users in early July. Building on the legacy of a franchise that has been around since the 90s, it effectively pulled at the nostalgic heartstrings of many Gen Xers and Gen Yers – almost all of which are equipped with the latest smartphones

Some Pokémon Go players given lifetime bans are being let back into the game (TechCrunch) Did you get banned from playing Pokémon Go after downloading an app that you thought might make the game more fun? Well, it turns out that you might be able to get back into the smash hit title after all

Angry Birds bad: Security threats outpacing mobile policy (Australian) Angry Birds is the number one black-listed consumer app inside Australian enterprises as businesses strive to get a handle on the mobility trend

Security Patches, Mitigations, and Software Updates

Kaspersky fixes antivirus crash bug (ZDNet) The denial-of-service flaws could be used to install malware

Cyber Trends

Microsoft: Security Top Hurdle to Enterprise IoT Adoption (eWeek) The internet of things may be loaded with promise, but it's the potential hazards that are keeping many businesses from making the leap

Feds are using big data analytics for cybersecurity, but is it effective? (Help Net Security) 81 percent of Feds say their agency is using big data analytics for cybersecurity in some capacity

55% of apps are already in the cloud, security a priority (Help Net Security) Executives are increasingly adopting a digital business model, with the cloud as the key enabler

Marketplace

ASRC Acquires Vistronix Intelligence & Technology Solutions (Washington Exec) Arctic Slope Regional Corporation announced Aug. 17 its acquisition of Vistronix Intelligence & Technology Solutions by its wholly-owned subsidiary, ASRC Federal. Going forward, Vistronix will be a subsidiary of ASRC Federal

Tech stocks for your portfolio: Proofpoint, Inc. (PFPT), Imperva Inc. (IMPV) (Independent Republic) Proofpoint, Inc. (PFPT) ended last trading session with a change of 0.92 percent. It trades at an average volume of 639.45K shares versus 0.38M shares recorded at the end of last trading session

Symantec Moves Security Forward in Blue Coat Era (eWeek) Mike Fey, president and COO of Symantec, discusses how the security giant will differentiate against competitors and help secure users

Symantec (SYMC) Stock Gains, Barron's Sees 25% Upside (The Street) Symantec (SYMC) stock was up in pre-market trading on Monday after Barron's issued a bullish note on the company

Dimension Data lands $450K Victorian grant for cybersecurity incubator (CRN) Dimension Data has been awarded $450,000 from startup investment fund LaunchVic to establish a cyber security incubator

DoD Taps DEF CON Hacker Traits For Cybersecurity Training Program (Dark Reading) Famed capture-the-packet contest technology will become part of DoD training as well

Raising the Profile of Women in Security (IBM Security Intelligence) If you take a historical look at security, there is a perception that industry professionals are predominantly male and ex-military

Next-Gen Solution Provider Fivesky Nabs Former Proofpoint Exec Tierney As Managing Partner (CRN) Next-generation solution provider Fivesky has landed a big executive win, appointing former Proofpoint exec Luanne Tierney as managing partner and co-owner as the company looks to vastly expand its business

EXCLUSIVE: Lani Edwards leaves FireEye (ARN) Vendor’s A/NZ channel boss departs after 18 months in the role

Products, Services, and Solutions

Bay Dynamics Announces Major Enhancements to Flagship Cyber Risk Analytics Platform (Bay Dynamics) New version of Risk Fabric® prioritizes threats and vulnerabilities, deputizes line-of-business leaders and automates cyber risk management

Palo Alto Networks Unveils New WildFire European Cloud Hosted in the Netherlands English (PRNewswire) Enables customers to submit data for full analysis within European borders while benefiting from global threat prevention

CodexGigas: Malware profiling search engine (Help Net Security) CodexGigas is a free malware profiling search engine powered by Deloitte Argentina, which allows malware analysts to explore malware internals and perform searches over a large number of file characteristics

The secure messaging app that is better than WhatsApp (My Broadband) If you’re worried about WhatsApp sharing your information with Facebook, here’s where you can turn

illusive networks' Deceptions Everywhere (Linux Journal) illusive networks' bread and butter is its deception cybersecurity technology called Deceptions Everywhere whose approach is to neutralize targeted attacks and Advanced Persistent Threats by creating a deceptive layer across the entire network

Fortinet Launches Industry's First Universal Wireless Access Points (MarketWired) Fortinet's new series of universal access points automate operations and defend against IoT threats with the Fortinet Security Fabric

Technologies, Techniques, and Standards

Cybersecurity Sharing Launches for Credit Unions (Credit Union Times) The National Credit Union Information Sharing and Analysis Organization officially announced its launch. Their mission - to advance cyberresilience, real-time security situational awareness information sharing, and coordinated response

How To Bullet Proof Your PAM Accounts: 7 Tips (Dark Reading) Recent studies demonstrate the need for companies to focus more on their privileged users

Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs (SANS Internet Storm Center) My Twitter feed brought a good paper to my attention, courtesy of Andrew Case @attrc, that is appropriate for your consideration, Storm Center readers

IT security’s reality distortion field (Network World) Organizations need to create a 'Secure Breach' environment to safeguard data

South Korea, U.S. unveil interoperable spectrum management capabilities (C4ISRNET) The Army, along with coalition partners in the Pacific, have developed a plan for cooperative management of the electromagnetic spectrum

Risk and the Pareto Principle: Applying the 80/20 rule to your risk management strategy (Help Net Security) Enterprises these days are putting more resources into monitoring and managing business risk

Design and Innovation

Pentagon Looks to Adaptive EW Systems to Thwart Future Adversaries (Defense News) The US military is cultivating new electronic warfare technologies that, in real time, use artificial intelligence to learn how to jam enemy systems that are using never-before-seen frequencies and waveforms

Facebook fires human editors, algorithm immediately posts fake news (Ars Technica) Facebook makes its Trending feature fully automated, with mixed results

Mr. Robot’s tech guru: “My job is to outsmart this hive of geniuses” (Ars Technica) "They’re hacking the show, which is something that’s never really been done before"

Hollywood's 7 Dumbest Hacking Depictions (Dark Reading) Movies and TV shows too often use hacking as a deus ex machina device to resolve an impossible plot, but real hacking takes time, effort and lots of testing

Academia

GCSE Computing Numbers Jump 76% (Infosecurity Magazine) The number of students taking GCSE computing rocketed by 76% over the past year, fuelling hopes that this could translate into more UK school leavers pursuing careers in cybersecurity

Legislation, Policy, and Regulation

International defense deal motivated by Russian hacking, experts say (FedScoop) “It’s the realization that hybrid warfare is a Russian tactic designed to circumvent things like NATO, and cyber is a big part of it," one expert said

U.S. and EU need secure threat sharing (FCW) The United States and the European Union are deepening their information sharing regarding potential terrorist threats in hopes of preventing more Paris or Brussels-style attacks

Microsoft joining China's cybersecurity council paves the way for better relations between the two largest internet markets (Business Insider) China is allowing foreign technology companies to join a key government committee in an effort to ease foreign concerns over its strict cybersecurity policies

French Education minister: Get rare Pokémon out of our schools (Ars Technica) The minister is worried that "legendary" Pokemon could draw strangers

Exclusive: Six U.S. senators urge Obama to prioritize cyber crime at G20 summit (Reuters) Six U.S. senators have urged President Barack Obama to prioritize cyber crime at this weekend's Group of 20 summit in China, in the wake of the theft of $81 million from Bangladesh's central bank, according to a letter obtained by Reuters

For law enforcement, the rule must be no implementation without representation (TechCrunch) Last week it emerged that the police in Baltimore were working with a company called, appropriately enough, Persistent Surveillance, which deployed aircraft equipped with high-resolution cameras, recording entire regions of the city for hours on end for law enforcement to browse through

Litigation, Investigation, and Law Enforcement

Facebook Slapped With FTC Complaint Over WhatsApp Data Grab (Motherboard) Consumer privacy watchdogs filed a federal complaint Monday against Facebook over the tech titan’s decision to begin harvesting phone numbers from its popular WhatsApp messaging service

WhatsApp Angers Users Over Facebook Data Sharing (Infosecurity Magazine) Messaging service WhatsApp has come under fire for privacy changes that will see it share more personal data with parent company Facebook

Apple ordered to pay up to $14.5 billion for illegal tax benefits in Ireland (TechCrunch) The bill is getting quite expensive as the European Commission has just released a statement saying that Apple has benefited from illegal tax benefits in Ireland for its European operations

NH man pleads guilty to sextortion, accessed victims' social media accounts (SC Magazine) A 22-year-old New Hampshire man, pleaded guilty to hacking into social media and email accounts and engaging in sextortion of almost a dozen female victims

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety...

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

ShmooCon 2017 (Washington, DC, USA, January 15 - 17, 2017) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

29th Annual FIRST Conference (San Juan, Puerto Rico, USA, June 11 - 16, 2017) FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

Upcoming Events

HTCIA International Conference and Training Expo (Summerlin, Nevada, USA, August 28 - 31, 2016) The High Technology Crime Investigation Association (HTCIA) sponsors this conference for professionals in law enforcement cyber security and cyber forensic investigations. College and university faculty...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

2016 Government Cyber Security SBIR Workshop (Washington, DC, USA, August 30 - September 1, 2016) The 2016 Government Cyber Security SBIR Workshop affords Small Business Innovation Research (SBIR) awardees in the completed Phase II or Phase III processes the opportunity to collaborate and present their...

ISAO SO Public Forum (Tysons, Virginia, USA, August 31 - September 1, 2016) This public forum is the last opportunity to meet face-to-face and participate in conversations that will shape the first set of standards and guidelines to be published in September! Speakers will include ...

cybergamut Technical Tuesday: Quantifying Cyber Attacks: To Optimize and Assess your Defense by Jason Syversen of Siege Technologies (Elkridge, Maryland, USA, September 6, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 6 September 2016 (1600 – 1730...

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

Innoexcell Annual Symposium 2016 (Singapore, September 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.