skip navigation

More signal. Less noise.

Daily briefing.

TalkTalk and the British Post Office were hit with a distributed denial-of-service attack Sunday. The incident was smaller than the one that afflicted Deutsche Telekom: about 100,000 UK customers were knocked offline. A Mirai IoT botnet is implicated (the botmasters again tell affected customers they're sorry).

Shamoon continues to bedevil Saudi networks, destroying data in several sectors. Civil aviation is thought to be particularly affected by the Iranian malware.

WikiLeaks doxes the Bundesnachrichtendienst (BND) over its relationship with the US NSA. WikiLeaks also sustained a four-hour outage yesterday, and speculators speculate on a priori grounds that the incident was retaliatory DDoS.

Russian authorities say they've uncovered "a plot" by unnamed foreign intelligence services (but they're looking at you, Vice President Biden, you spymaster you) to disrupt Russia's banking system with a mix of cyberattacks and information operations designed to foment financial panic. These statements have a certain symmetry with concerns expressed in the US over Russian election hacking. On that election hacking, FireEye describes Russian intelligence services as having "weaponized social media," and says those services no longer appear to care, much, about their activities remaining undetected. Several US Senators have asked the White House to reveal more of what they think the White House knows about Russian attempts to influence the election.

A careless police investigator seems to have exposed documents relevant to Europol terror investigations.

In good news, an international police operation (involving the FBI, the NCA, the Bundeskriminalamt, and others) has taken down the Avalanche cyberfraud ring.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Italy, Japan, Netherlands, Poland, Russia, Saudi Arabia, Ukraine, United Kingdom, United States.

A quick word to our readers about sponsoring the CyberWire—there are a few sponsor slots available for 2017, but they're going fast. Learn more here.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin reviews the continuing revelations from the Playpen case. He'll also take up the related issues of the activation of the amendment to Rule 41, and what that means for US law enforcement in cyberspace. describes the challenges of including encryption in ransomware. Our guest John Dickson from the Denim Group will discuss privacy, cybersecurity, and surveillance policy under the new US Presidential Administration.

A special edition of our Podcast up is up as well—the topic is venture capital. In it we examine the current state of investment in cyber security, speak to experts in the field, and learn from top cyber security-focused venture capitalists about what they expect before they invest.

As always, if you enjoy the podcasts, we invite you to please consider giving it an iTunes review.

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville MD, USA, December 6, 2016) Your employees could be your biggest cybersecurity risk. Join us to learn more.

Cyber Attacks, Threats, and Vulnerabilities

Talk Talk and Post Office routers knocked offline in cyber attack (Telegraph) A cyber attack has left tens of thousands of Post Office and Talk Talk broadband customers without internet this week

Hackers Say Knocking Thousands of Brits Offline Was an Accident (Motherboard) A new zombie army of hacked Internet of Things devices forced thousands of Brits offline, as hackers tried to expand the reach of their botnet

Mirai Fingered for Massive Post Office and TalkTalk Outage (Infosecurity Magazine) Over 100,000 Post Office and TalkTalk broadband customers have been taken offline after their routers were targeted by what appears to be a version of the infamous Mirai IoT malware

Infoblox On This Week’s Deutsche Telekom Attack (Information Security Buzz) A failed Mirai botnet attack left 900,000 of Deutsche Telekom’s network customers without Internet this weekend (continuing into this week) after a botched attempt to hijack consumer routers in Germany. The large-scale attack was designed to quietly recruit the devices for a wider botnet attack and follows on from findings released this week which found that cybercriminals have begun exploiting a critical flaw that may be in millions of home routers

WikiLeaks releases 2,000 files from German inquiry into NSA spying scandal (International Business Times) Whistleblowing website WikiLeaks has released a 90GB-sized trove of data relating to the ongoing German parliamentary inquiry into the relationship between the county's foreign intelligence agency – the Bundesnachrichtendienst (BND) – and the National Security Agency (NSA)

WikiLeaks Suffered A Mysterious Outage For 4 Hours: Victims Of A DDoS Attack? (IT Tech Post) The radical transparency website WikiLeaks suffered a suspicious outage on December 1 for 4 hours, and many social media users quickly speculated that this situation could have been the result of another distributed-denial-of-service (DDoS) cyber strike, which has been very known this year after it attacked major websites as Twitter, Spotify and GitHub

Russia says foreign spies plan cyber attack on banking system (Reuters) Russia said on Friday it had uncovered a plot by foreign spy agencies to sow chaos in Russia's banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust

Russia Weaponized Social Media in U.S. Election, FireEye Says (Bloomberg) Attempts to hack the campaign were unprecedented, DeWalt says. Senate Democrats want data on Russian hacking declassified

Mandia: Russian State Hackers Changed The Game (Dark Reading) Founder of Mandiant and FireEye CEO says Russia doesn't appear to want to cover its tracks anymore

Is the White House Hiding Secrets About Russia's Role in the Election? (Atlantic) Seven senators have asked President Obama to declassify additional information about the Kremlin’s possible involvement.

Reports of a Facebook fake news detector are apparently a plugin (TechCrunch) Update: The feature appears to be an implementation of the Chrome plugin B.S. Detector, which some users took as a test by Facebook itself. We’ll continue to investigate but for now it looks like this is not a Facebook feature. Yes, the irony is rich

Shamoon virus returns in new Gulf cyber attacks after four-year hiatus (Reuters) A version of Shamoon, the destructive computer virus that crippled tens of thousands of computers at Middle Eastern energy companies four years ago, was used in mid-November to attack computers in Saudi Arabia and elsewhere in the region, according to U.S. security firms

Data-wiping malware strikes Saudi government agencies (CSO) Several government bodies and vital installations experience the attack from malware known as Shamoon

Cyberattack sidelines Saudi transportation sector as hackers target government offices (Washington Times) Saudi Arabia said Thursday that its government was subjected to a significant cyberattack last month believed to have been waged using a variant of the same malware that crippled its state-owned oil company in 2012

Saudi Arabia hit by wave of cyber attacks, Iran blamed (Computing) Civil aviation authority hit by data destroying malware

Europol Suffers Data Breach as Employee Takes Home Files on Terrorist Suspects (Bleeping Computer) Reporters from a Dutch television station said today they've discovered files from Europol investigations into possible terrorist suspects on an unprotected hard drive connected to the Internet

Europol blames rogue officer for leak of 700 pages of data on serious crimes across Europe (Coputing) Data on 54 European investigations leaked following security breach by "experienced" officer

Shodan finds confidential Europol terrorist dossiers (SC Magazine) Unprotected classified Europol files were linked to the internet and accessible via a hard drive found through Shodan

Europol Left Red-Faced After Terror Data Leak (Infosecurity Magazine) Europol has launched an internal investigation after an officer accidentally exposed highly sensitive material on terror suspects online after contravening internal security policies

Security got first clue of San Fransisco Muni hackers (Socpedia) It had become the talk of the town ever since hackers attacked ticket vending machines of San Francisco Municipal Transportation with ransomware. To everyone’s amazement, the screen showed ‘You hacked, All data encrypted’

A Brief History of the Ransomware Threat (MSPmentor) It is not clear why there wasn't much activity between the first known ransomware attack and the mid-1990s, when antivirus began to be a common defense

At least 10 million Android users imperiled by popular AirDroid app (Ars Technica) For six months, the remote management app has opened users to code-execution attacks

AirDroid app opens millions of Android users to device compromise (Help Net Security) Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through fraudulent updates

New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer (TrendLabs Security Intelligence Blog) In January of 2016, we found various “SmsSecurity” mobile apps that claimed to be from various banks. These apps supposedly generated one-time passwords (OTPs) that account holders could use to log into the bank; instead they turned out to be malicious apps that stole any password sent via SMS messages. These apps were also capable of receiving commands from a remote attacker, allowing them to take control of a user’s device

One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild (TrendLabs Security Intelligence Blog) Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. Microsoft was able to release a patch by the next Patch Tuesday, November 8. This entry provides a complete analysis of the vulnerability based on samples acquired in the wild

E-Cigarettes Are Spreading Malware (Wapack Labs) Suspect Chinese e-cigarette manufacturers are hardcoding USB charging units with malware. If an infected e-cigarette USB charger is used to connect with a computer, malware can be downloaded. This information is being supplied for your situational awareness

Insecure pacemakers can be easily hacked (Help Net Security) A group of researchers has discovered that it’s not that difficult for a “weak adversary” with limited resources and capabilities to fiddle with or even shut down a variety of insecure pacemakers and Implantable Cardioverter Defibrillators (ICDs), putting the lives of the individuals who use them in jeopardy

Your Tinder Account could be hacked. (Panda Mediacenter) Security researchers have discovered that two of the world’s most popular mobile dating apps can be hacked, exposing sensitive user data in the process. The team from the University of South Australia ran a series of tests, proving that a number of personal details could be extracted from the apps relatively easily

Uber now collecting location data even after you leave a driver’s car (Naked Security) Last year, Uber gave us a heads-up about its new privacy policy and how it had given itself permission to routinely track our locations even after we’ve left the car, following us as we sally forth into businesses, cross the street, or head for our doctors’ appointments, even if the app is only running in the background

New “TV” app from Apple raises security and net neutrality concerns (IPVanish) A new app for tvOS aptly called “TV” was unveiled during an Apple event in late October

Online credit card fraud up 20% Black Friday to Cyber Monday (Help Net Security) Iovation released new data that shows card-not-present fraud increased significantly from Black Friday to Cyber Monday 2016 when compared to the same period in past years

Security Patches, Mitigations, and Software Updates

Firefox and Tor users update now: 0-day exploit in the wild (Naked Security) If you’re a Firefox user or, even more importantly, a Tor Browser user, make sure you have the latest update

Moxa Fixes NPort Device Holes (Insudtrial Safety and Security Source) Moxa produced new firmware versions to mitigate vulnerabilities in its NPort serial device servers first identified in April, according to a report with ICS-CERT

Lenovo: If you value your server, block Microsoft's November security update (Register) UEFI scramble for frozen boxes

Cyber Trends

Experian issues five predictions for data breaches in the coming year (GSN) While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. To learn more about what risks may lie ahead, Experian Data Breach Resolution releases its fourth annual Data Breach Industry Forecast white paper

Machine learning: A new cyber security weapon, for good and ill (Computerworld) Machine learning may be able to boost information security, but it can also be potentially employed by cyber criminals

Faceless and faithless: A true depiction of today’s cyber-criminals? (IT Pro Portal) Hackers have been maligned by those who do not have our best interests at heart

Migrating to cloud is no security solution; here’s why it is a collective effort (Financial Express) According to the Forcepoint 2017 Cyber Security Prediction report, organisations think they get inherent security just by migrating to the cloud

Travelers are ‘easy targets’ for online financial crime when abroad (IT News Africa) As holiday season begins, many are looking forward to spending some much needed time away from home. Others will be on vacations abroad and spending money is inevitable. Travelers need to be wary of online financial operations

Cyber Security: It's About Creating A Strong Defense Mechanism (CXO Today) The IT security industry is clearly responding to an ever increasing number (and complexity) of attacks. In a recent conversation with CXOtoday, Sanjai Gangadharan, Regional Director, SAARC, A10 Networks, explains that as cyber-attacks take various forms, it is important to understand all the possible modes of assault, and guard against them

Marketplace

Exceptions in a buyer’s market (Virginia Business) Auto and cyber insurance rates are rising

National Shortage Highlights Urgent Need For Cybersecurity Pros (Channel Partners) If you’re skilled in cybersecurity, the national job market is your oyster

WISeKey makes offer to acquire ABRY-backed QuoVadis (PE Hub) Swiss cybersecurity company WISeKey International Holding Ltd has inked a letter of intent to buy Bermuda-based QuoVadis, a public key infrastructure company. No financial terms were disclosed. QuoVadis is backed by ABRY Partners

Why FireEye Partnered with Microsoft (Market Realist) Microsoft partners with FireEye for its iSIGHT Intelligence offering

ProofPoint, Rapid7 and CyberArk lead the field of publicly-traded cybersecurity companies (CSO) Q3 2016 financial results are in for publicly-traded cybersecurity firms

Recent Maryland cybersecurity incubator graduates show strength, diversity of the region’s cyber ecosystem (Christian Science Monitor Passcode) Light Point Security and iWebGate graduate from the Baltimore-based Cync program

Cylance Named Top 15 Company of the Year by Inc. Magazine (BusinessWire) The only cybersecurity company on the list, Cylance was recognized alongside entrepreneurial juggernauts Riot Games, Tesla, Uber, Snapchat and Niantic Labs (makers of Pokemon Go!)

Cryptographer Who Broke the NSA’s Secure Hash Algorithm Joins Symbiont (Finance Magnates) Dr. Lisa Yin is the new Chief Security Officer and Chief Cryptographer of the smart securities blockchain developer Symbiont

Former Coast Guard CIO Robert Day to Head Blackberry’s Federal Cyber Center & FedRAMP Efforts (GovConWire) Robert Day, a retired U.S. Coast Guard rear admiral and former USCG chief information officer, has been appointed by Blackberry (Nasdaq: BBRY) to manage the mobile device maker’s new federal Cybersecurity Operations Center and Federal Risk and Authorization Management Program product initiatives

Products, Services, and Solutions

Kudelski Security Sets Modern Standard in Cybersecurity Program Strategy with Secure Blueprint (PRNewswire) Comprehensive approach guides clients from resource analysis through design of agile, business-driven security programs; Empowers CISOs with "board-ready" dashboards to enhance communication and gain support from senior leadership

Amazon Cloud Computing Division Unveils New Cyber Security Service (Wall Street Journal) AWS Shield will help customers defend against so-called distributed denial-of-service attacks that can knock websites offline

Silent Circle Sets New Benchmark for Enterprise-Class Secure Mobile Communications (MarketWired) Delivers first-to-market capabilities to its end-to-end, scalable solutions to meet the exacting demands of global organizations

TopSpin Security deploys realistic deceptions to lure and trap attackers (Network World) Deception technology can be effective in detecting an attacker as soon as they begin making moves on the network

Avast's App Triage Program Provides Free Security Assessment for Mobile Apps -- Prior To Launch (Integration Developer News) Avast Mobile Enterprise is launching a free service to help mobile app developers locate and diagnose security vulnerabilities in their apps – before it gets launched. Learn how to test your app’s security – for free -- with the Avast’s App Triage Program

Core Security is making the password reset process self-service, faster and simpler (App Developer Magazine) Core Security announced the release of Core Mobile Reset 1.0 and Core Access Insight 9.2. With the introduction of these solution updates, enterprise security teams will now be able to resolve immediate threats with prognostic analytics applied to the big identity and access data, while also enhancing organizational efficiency

Cryptzone's new enterprise capabilities with next generation of AppGate software-defined perimeter solution (Private Protocol) Cryptzone's new enterprise capabilities with next generation of AppGate software-defined perimeter solution

Microsoft Antivirus Tied for Last in Malware Tests (Tom's Guide) Windows 10 added a lot of security enhancements to ordinary PCs, but perhaps it hasn't added enough. Most third-party antivirus software still does better than Microsoft's built-in defenses at protecting computers from new strains of malware, although Microsoft has caught up in stopping better-known bugs

Technologies, Techniques, and Standards

There’s No Flying Under the Radar: Why Small Businesses Should Get Smart About Information Security (JDSupra) The latest publication by the National Institute of Standards and Technology (NIST), entitled “Small Business Information Security: The Fundamentals,” aims to promote and assist small businesses in their efforts to manage information security risks

Small Business Information Security: The Fundamentals (NIST) Small businesses are an important part of our nation’s economic and cyber infrastructure

Cut through the FUD in online security tips (Naked Security) In light of social movements and political upheavals around the world this year, there have been a spate of articles lately touting security tips to keep you, your information, and your contact list safe in a potentially inhospitable climate. But when you’re surfing around the web, you’ll come across as much FUD – fear, uncertainty and doubt – as you will useful suggestions to help keep you safe

FS-ISAC sets up Asian threat intelligence chapter with MAS (Finextra) The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Monetary Authority of Singapore (MAS) announced today that they will collaborate to establish an Asia Pacific (APAC) Regional Intelligence and Analysis Centre to encourage regional sharing and analysis of cybersecurity information within the financial services sector

Building a threat intelligence program? How to avoid the 'feed' frenzy (Tech Target) Cyberthreat intelligence is just data if it is not actionable. We offer tips to help your team focus on relevant CTI for faster threat detection and response

Shadow IT And The Challenge Of Controlling The Cloud (Information Security Buzz) “Shadow IT” sounds like something you might see in a thriller starring Matt Damon, but it’s a clear and present danger for IT pros. It refers to the practice of people throughout a company setting up their own IT services without consulting with the IT department. It’s easy to do, thanks to the “consumerization of IT” trend and the availability of cheap or free cloud-based SaaS services from the likes of Dropbox, Google’s G Suite (formerly known as Google Apps), Microsoft Office 365, and Slack

The Human Firewall: Why People Are Critical To Email Security (Dark Reading) Technology is just the beginning; employees must be fully on board with security procedures

Design and Innovation

How Windows 10 data collection trades privacy for security (CSO) Here's what data each telemetry level collects and the price you pay to send the least telemetry to Microsoft

Research and Development

Advancing the science of cybersecurity (NSF) NSF awards $76 million to support interdisciplinary cybersecurity research

Hydro-Québec and Concordia join forces to secure smart grids (Montréal Gazette) A team of researchers from Concordia University has received a $2.1-million grant to shed light on new ways of protecting Quebec’s high-tech power grid system from cyber attacks

Legislation, Policy, and Regulation

Microsoft, Intel, IBM Push Back on China Cybersecurity Rules (Wall Street Journal) Comments offer rare glimpse at tussle between Beijing and U.S. tech companies

Canada’s Update to Classified Documents System Could Raise Hacking Risks (Motherboard) Canada’s track record with handling top secret information hasn’t been great as of late. A recent government report showed that in the last year, there were 10,000 incidents where classified or “protected” documents had been mishandled or stored improperly

Obama cybersecurity commission to present final report Friday (The Hill) The Presidential Commission on Enhancing National Cybersecurity will submit its final report to President Obama Friday afternoon. It will be released to the public soon after

FBI Can Now Hack Computer Virus Victims, Suspects Located Anywhere With 1 Warrant (US News and World Report) Rule 41 changes take effect over the objection of privacy advocates

Rule 41 Opponents Vow to Fight Government’s New Hacking Powers (Threatpost) A new rule goes into effect Thursday that gives law enforcement the ability to hack millions of computers or smartphones at once with a single search warrant. But opponents of the controversial Rule 41 say they are committed to fight the government’s expanded powers

The FBI Should be Enhancing US Cybersecurity, Not Undermining It (Lawfare) I believe that lawful hacking is a legitimate and necessary way for law enforcement to handle certain investigations in the Digital Age. But as Steve Bellovin, Matt Blaze, Sandy Clark, and I said in our paper, the default on using a vulnerability should be to report it. One can have exceptions just as the intelligence community does, but these should be rare and only when the potential damage to innocent people is minimal

Congress set to elevate CYBERCOM to unified combatant command (C4ISRNET) Congress is set to authorize the elevation of US Cyber Command, taking it from under the purview of US Strategic Command and making it a fully unified combatant command

Trump picks retired Marine Gen. James Mattis for secretary of defense (Washington Post) President-elect Donald Trump said Thursday he has chosen retired Marine Gen. James N. Mattis, who has said that responding to “political Islam” is the major security issue facing the United States, to be secretary of defense

Army Electronic Warfare Strategy Nearing Completion (Defense News) The establishment of an Army Cyber Directorate, the Rapid Capabilities Office and a nearly completed strategy are ushering in a more productive era in electronic warfare capability development, according to Col. Jeffrey Church, the chief of strategy and policy in the cyber directorate

Litigation, Investigation, and Law Enforcement

Europol Brings Down Global Cybercrime Syndicate (Voice of America) Europol, the European Union's law enforcement agency, said Thursday it has arrested five people in an online criminal enterprise and seized 39 computer servers following a four-year-long international investigation

Alert (TA16-336A) Avalanche (crimeware-as-a-service infrastructure) (US-CERT) “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI), is releasing this Technical Alert to provide further information about Avalanche

Major cybercrime network Avalanche dismantled in global takedown (CSO) The Avalanche network used 500,000 infected computers to launch phishing email attacks

‘Avalanche’ Global Fraud Ring Dismantled (KrebsOnSecurity) In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks

Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation (Dark Reading) 800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families

It Took 4 Years to Take Down ‘Avalanche,’ a Huge Online Crime Ring (Wired) On Thursday, a group of international law enforcement agencies announced that it had completed an ambitious takedown of an extensive online criminal infrastructure called “Avalanche.” It’s one of the largest botnet takedowns ever, a four-year effort that turned up victims in 180 countries worldwide. Which is to say, nearly all of them

Massive cybercrime infrastructure demolished (Help Net Security) After more than four years of investigation, the Public Prosecutor’s Office Verden and the Lüneburg Police in cooperation with the US Attorney’s Office for the Western District of Pennsylvania, the DOJ and the FBI, Europol and Eurojust, dismantled an international criminal infrastructure platform known as Avalanche

Joint Statement on Dismantling of International Cyber Criminal Infrastructure Known as Avalanche (US Department of Justice) Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Soo C. Song of the Western District of Pennsylvania and Special Agent in Charge of the Federal Bureau of Investigation’s Pittsburgh Division Robert Johnson issued the following statement today

Hacking: Not Just for the Feds! (Slate) The next big battles over law enforcement use of technology will involve local police

Someone Accessed Silk Road Operator’s Account While Ross Ulbricht Was in Jail (Motherboard) Attorneys for Ross Ulbricht, the man convicted of running the Silk Road online drug marketplace under the pseudonym “Dread Pirate Roberts” say they’ve discovered evidence that someone logged into the Dread Pirate Roberts account on the Silk Road forums six weeks after Ulbricht was arrested. Ulbricht was in federal custody at the time

Data Breach Lawsuits Not Avoidable, But Reasonable Security Helps, Expert Says (Forbes) David Willson, a retired Army officer, attorney and now owner of Titan Info Security Group, travels the country, educating CEOs and executives on how to protect their companies from data breaches, which have become increasingly common in recent years

Teen bullied with fake sex profiles kills herself in front of family (New York Post) An 18-year-old girl committed suicide in front of her family at their Texas home after what relatives say were months of relentless torment on social media

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Upcoming Events

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine...

Infosecurity Magazine Conference (Boston, Massachusetts, USA, December 6 - 7, 2016) Bringing together 100+ information security end-users, analysts, policy-makers, vendors and service providers, the meeting connects the information security community providing actionable information,...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.