skip navigation

More signal. Less noise.

Daily briefing.

Researchers see newly evolved strains of malware showing more sophisticated evasion capabilities. Trustwave reports that the Neutrino exploit kit now uses OS fingerprinting to screen out Linux devices security researchers commonly use. Palo Alto Networks describes how the T9000 custom backdoor identifies 24 security products, and then customizes its installation to evade analysis.

The ransomware campaign afflicting WordPress sites continues to serve up TeslaCrypt.

Someone (perhaps a white hat?) has coopted a Dridex botnet to deliver, not Trojans, but rather an Avira Antivirus installer. (Whoever did it, it wasn't Avira.)

In industry news, Symantec reported solid results last night. The fate of Norse remains murky even as its former CEO hits back at critics. Some analysts believe VCs are rethinking threat-intelligence plays, but the subsector still seems to have room to run.

Reports from US intelligence sources suggest a weakening of ISIS in its core territories, and there's some cautious optimism that ISIS realities may be undermining its narrative in ways its information ops will find it difficult to overcome.

Concerns about terrorism prompt governments to seek more comprehensive surveillance powers. Poland is the latest to enact a law enabling such surveillance. The EU's not happy about the new laws, but Poland is probably more bellwether than outlier in European surveillance policy.

The UK and the US discuss extending the UK ability to serve wiretap warrants in the US.

Privacy Shield's happy afterglow dims a bit with concerns over whether it will hold up in EU courts. Businesses, stay cautious.

Notes.

Today's issue includes events affecting China, European Union, Iraq, Ireland, Democratic Peoples Republic of Korea, Poland, Russia, Syria, Thailand, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

New U.S. intelligence report says Islamic State weaker (Reuters) Islamic State has as many as 25,000 fighters in Syria and Iraq, down from a previous estimate of up to 31,000, according to a U.S. intelligence report revealed by the White House on Thursday

Bin Laden backers want to crush Islamic State in Afghanistan (Stars and Stripes) The Afghan militant group that sheltered Osama bin Laden before the Sept. 11, 2001, attacks is closing the door to the Islamic State

Anonymous Leaks Databases for 100 Thai Prison Websites (Softpedia) The Blink Hacker group, a known division of the Anonymous hacker collective, has leaked the databases of 100 websites belonging to Thai prisons

The Neutrino exploit kit has a new way to detect security researchers (IDG via CSO) Neutrino is using passive OS fingerprinting to detect visiting Linux machines, according to Trustwave

T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques (Palo Alto Networks) Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach. We refer to this backdoor as T9000, which is a newer variant of the T5000 malware family, also known as Plat1

A New Era for ICS Security — Dragonfly Introduces Offense in Depth (Belden: the Right Signals) Last month, we updated our article on the Dragonfly malware to announce the research results by Joel Langill of RedHat Cyber, a leading independent ICS security expert. Joel's research showed that the Dragonfly campaign focused on pharmaceutical targets, rather than energy sector targets, as had been previously reported

Security Alert: Ransomware Delivered by Hundreds of Compromised WordPress Websites (Heimdal Security) Our team warns that a disproportionate amount of websites that employ the WordPress platform have been compromised by cyber criminals

WordPress Infections Leading to TeslaCrypt Ransomware (Threatpost) Website operators running sites on the WordPress platform need to be aware of a massive string of infections that as of Thursday were poorly detected by security products

Mysterious spike in WordPress hacks silently delivers ransomware to visitors (Ars Technica) Researchers still aren't sure how the sites are getting compromised

Hidden Tear ransomware 'teachable' moment turns into profit for criminals (FierceITSecurity) The Hidden Tear ransomware, which was released last year as open source code to "teach" security researchers about ransomware, is being used by cybercriminals to develop nefarious variants, warned Jornt van der Wiel, a security researcher from Kaspersky Lab

Mac users beware! Scareware hides behind fake Flash Player update (Help Net Security) Mac users are being targeted by scareware peddlers, warns SANS ISC CTO Johannes Ullrich. The malware is delivered in the form of a Flash Player update

Mystery hacker pwns Dridex Trojan botnet… to serve antivirus installer (Register) Ah, great. Ave AV

Netgear Management System Vulnerable to RCE, Path Traversal Attacks (Threatpost) Netgear's ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files

A trip through the spam filters: more malspam with zip attachments containing .js files (Internet Storm Center) I was discussing malicious spam (malspam) with a fellow security professional earlier this week. He was examining malspam with zip attachments containing .js files. This is something I've covered previously in ISC diaries. However, the traffic patterns he saw was somewhat different than I've seen, so I figured it's time to revisit this type of malspam

Taobao hack: Cyber-attack on 'Chinese eBay' leaves 20 million-plus user accounts exposed (International Business Times) Taobao, China's largest online marketplace that operates in a similar fashion to eBay and Amazon, has been hit with an attempted cyber-attack as hackers successfully compromised more than 20 million user accounts linked with the service

UCF Cyber Attack Targets Students, Alumni & Staff (CBSMiami) Hackers have gained access to 63,000 Social Security numbers belonging to current and former University of Central Florida students and staff, the school announced

Intrusion into UCF Network Involves Personal Data (University of Central Florida) Today I am sharing news that a recent outside intrusion into UCF's computer network compromised the personally identifiable information of some members of our university community

Vulnerability Note VU#305096: Comodo Chromodo browser does not enforce same origin policy and is based on an outdated version of Chromium (US-CERT) Comodo Chromodo browser, version 45.8.12.392, 45.8.12.391, and possibly earlier, does not enforce same origin policy, which allows for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities

So, my Gmail inbox started getting these weird emails… (CNET) When a pattern of bizarre messages began piling up in my inbox, I turned to the source for answers: Google

Fed up with bogus computer support calls, man turns tables on scammers (CSO) Played along with scammer using a Windows PC whose 'My Documents' folder was loaded with malware

'Error 53' bricking repaired iPhones (ZDNet) If your iPhone is hit by 'Error 53' then you can kiss it - and all the data on it - goodbye

IRS e-filing down, outage could continue today (FierceGovernmentIT) The Internal Revenue Service has temporarily stopped accepting electronically filed tax returns because a hardware failure has caused major disruptions to a number of tax processing systems, said the agency in a statement posted late Wednesday

Cybercrime for sale (SC Magazine) When the United States Secret Service started to focus on cybercrimes nearly two decades ago, the market for this kind of electronic malfeasance was not nearly as large or as organized as it would quickly become, according to William Noonan, deputy special agent in charge for the Criminal Investigative Division of Cyber Operations at the U.S. Secret Service

Security Patches, Mitigations, and Software Updates

Flaws Expose Sauter SCADA Systems to Takeover (SecurityWeek) Researchers at vulnerability management company Outpost24 have identified a series of vulnerabilities that can be exploited by a remote attacker to take complete control of Sauter's moduWEB Vision SCADA product. The vendor has released a firmware update to address the issues

Cisco Patches High Severity Flaws in Several Products (SecurityWeek) Cisco announced on Wednesday the release of software updates that address high severity vulnerabilities in switches and products designed for security and system management

Avast Antivirus Updated with Windows 10 Improvements (Softpedia) Avast Antivirus has recently received an update that brings improvements on Windows 10 computers and fixes some of the issues users previously experienced with the firewall

Google declares war against deceptive download buttons (Help Net Security) There's likely no Internet user that hasn't, at some point, been tricked into clicking on a deceptive "download," "install," or "update" button

Google was ever so quick to throw out that Android ad blocker… shame they can be slower on malware (Graham Cluley) Having rocketed to the top of the download charts in the Google Play store, the Android ad blocker AdBlock Fast fell down to earth with a bump yesterday as it was removed for violating developer guidelines

Cyber Trends

Security Firm Warns of New Chinese Cyber Attacks (Washington Free Beacon) CrowdStrike: Russia, North Korea also engaged in cyber theft

DNI Clapper: Cyber bigger threat than terrorism (Federal Times) Cybersecurity is a critical component of national security — as the leaders of the national defense have said multiple times over the last year

Cybersecurity 'Not Designed for the Human Psyche' (ThinkAdvisor) New malware is discovered every 90 seconds

Human error blamed for more than half of UK public sector data breaches (Computer Business Review) More than half of data breaches in the UK public sector originate from someone who has access to the systems, with loss in many cases being accidental or due to human error, according to the Public Sector Data and Information Security Survey

Surprise? Most organizations are not cyber resilient (Help Net Security) 71 percent of UK organisations would rate their cyber resilience as low today, underlining a lack of preparedness to handle cyberattacks by the majority of UK organisations, according to a new study by the Ponemon Institute

34 Percent of Security Pros Say Their Budgets Are Inadequate (eSecurity Planet) And 37 percent don't have enough highly-skilled staff, a recent survey found

Hacker: the maddeningly imprecise term that is loaded with menace (Financial Times) "The word hacking is like feminism. It has got too much baggage attached." Of all the things Cal Leeming told me — and he told me a lot of hair-raising stuff about banks' security flaws — this was one of the things that stayed with me. He does not call himself a hacker, although he almost exactly embodies the stereotype of one

Marketplace

CRO says NY Fed faces same op risks as commercial banks (Risk.net) "The predominant risks the bank faces have shifted since the end of the financial crisis," says Rosenberg

After Norse: VCs, pros eye cyber investments (SC Magazine) As the dust settles from the apparent demise of Norse Corp., IT security professionals are looking at lessons that can be learned from the collapse of a company that was until recently considered one of the fastest-growing threat intelligence companies

Newly Fired CEO Of Norse Fires Back At Critics (Dark Reading) Critics maintain that Norse Corp. is peddling threat data as threat intelligence

Fired Norse Corp CEO blames the media (Register) And has a good old moan at his former employees

Symantec Corporation (SYMC-$19.18*) Delivers Respectable December Results; Cash Strategy and Silver Lake Investment a Focus — Maintain Market Perform (FBRFlash) Earlier tonight, Symantec delivered respectable December results that were generally in line with preannounced results, while 4Q guidance was also generally in line with the Street

Jiran Security plans to complete its IPO and achieve sales of 100 trillion Won by 2020 (WhoWiredKorea) Jiran Security announced on the 4th that it will complete its IPO by 2016 and increase sales to 100 trillion Won by 2020. First of all, Jiran security aims to making 22 billion won of sales and 5 billion of profits

Startup Enlists AI to Predict Cyber Threats (Datanami) While major players are increasingly emphasizing human "intelligence-led" approaches to cyber security, artificial intelligence along with advanced analytics continue to make inroads in the "threat intelligence" market

World's Most Famous Hacker Raises $8 Million To Play In Billion Dollar Training Market (Forbes) Kevin Mitnick was once the world's most wanted hacker. Today he is Chief Hacking Officer at KnowBe4 — a security training firm — which announced yesterday they raised $8 million in series A funding in order to accelerate their product development, marketing and sales

Radware Announces a New $40 Million Share Repurchase Plan (Nasdaq) Radware® Ltd. (NASDAQ:RDWR) a leading provider of cyber security and application delivery solutions ensuring optimal service level for applications in virtual, cloud and software defined data centers, today announced that its board of directors has authorized a new one-year share repurchase plan allowing the Company to invest up to $40 million to repurchase its ordinary shares

Benchmark Executive Search Names New Members to its Cyber Security & Risk Advisory Board (Yahoo! Finance) In conjunction with benchmark expanding its board of director practice, distinguished security and risk experts join search firm as trusted advisors

Former Director of National Intelligence Mike McConnell Named to Securonix Board of Advisors (Broadway World) Securonix announced today that Vice Admiral (Ret.) Mike McConnell, former U.S. Director of National Intelligence, has joined the company in an official capacity as senior advisory board member

Products, Services, and Solutions

Two Baltimore City Companies, Think and PivotPoint, Partner to Take-on Cyber Risk (Sys-Con Media) Think Systems and PivotPoint Risk Analytics have teamed up to provide a combined offering to companies who are serious about addressing cyber risk

This Va. Cybersecurity Firm Will Help Protect 70K Fans at Super Bowl 50 (DCInno) Haystax collects data and translates it into real-time alerts

Dell launches new post-boot BIOS verification tool for its commercial PCs (FierceiTSecurity) Dell launched on Thursday a new post-boot basic input/output system (BIOS) verification product for Dell commercial PCs, which allows customers to ensure their devices remain free from malware during the boot process

Harnessing artificial intelligence to build an army of virtual analysts (Help Net Security) Enterprises of all types and sizes are continually probed and targeted by cyber attackers. It doesn't matter whether they are after the company's or their customers' information, or are trying to find ways in so that they can commit fraud, what matters is that many are succeeding

When Host Security Falls Down (Tenable Network Solutions) Validating anti-virus software with Nessus and SecurityCenter

Barracuda Enhances Web Application Security Portfolio with New Barracuda Vulnerability Manager for On-Premises, Cloud, and Hybrid Environments (PRNewswire) Cloud-based Barracuda Vulnerability Manager provides customers with easy-to-use detection and remediation of Web application vulnerabilities

Keybase Introduces End-To-End Encrypted File Sharing Service (TechCrunch) There's promising news for individuals and organizations that deal in confidential data. Keybase, the service for sending encrypted messages, has begun to offer a file-sharing feature that is powered by end-to-end encryption, making it considerably more secure than Dropbox or other mainstream file-sharing options

Technologies, Techniques, and Standards

JIE has undergone no test or evaluation, says OT&E report (FierceGovernmentIT) Despite launching one and a half years ago, infrastructure and components of the Defense Department's Joint Information Environment have yet to undergo any operational testing, said the Office of the Director, Operational Test and Evaluation in an annual report submitted to Congress Feb. 1

Security flaws not so critical if admin rights are taken away (InfoWorld) Privilege management can be a good workaround while waiting for IT to catch up on patch schedules

Detecting and Mitigating USB Propagating Malware (Screenshot Demo) (Digital Guardian) Put those hot glue guns away — here's how to detect and mitigate USB propagating malware

How Yahoo Hacks Itself (BankInfoSecurity) Red Team leader Chris Rohlf shares penetration testing secrets

New Kid On The Block: Cyber Threat Analyst (Dark Reading) Drawing from the financial service industry, this new role uses the "art of the intelligence cycle" to drive efficiency in the security operations center

Security in the age of software-defined networks (FierceITSecurity) When customers look at adopting software-defined networking (SDN), increasingly they are thinking ahead on the security issues of SDN itself

Here's How To Protect Against A Ransomware Attack (Dark Reading) Recovering data encrypted by a ransomware attack is next to impossible, so prevention offers the better approach

The Perilous Side of the Cloud: Shadow IT and Excess Data (Legaltech News) As the cloud market explodes, a Legaltech New York panel asks what this portends for a company's digital security

What You Can't See Can Hurt You: The Intricate World of Dark Data (Legaltech News) Hidden metadata can prove a minefield — and a gold-mine — for tech savvy legal experts

IBM's Terrorist-Hunting Software Raises Troubling Questions (Just Security) Last week, Defense One published an article about a new use that IBM is pioneering for its data-crunching software: identifying potential terrorists in the stream of refugees entering Europe

Private or Not: Employer Information on Private Devices (Legaltech News) In the keynote at Day 3 of LTNY, experts discuss BYOD, private servers and other issues surrounding shadow IT

Design and Innovation

MIT paints giant target on new "hack-proof" chip (ZDNet) Opinion: Stop calling things "hack-proof"

Clouds, Start-Ups, Privacy Issues and Blockchains: Is This the Future of Legal Tech? (Legaltech News) A Legaltech New York Panel discussed what the future tech is on the horizon — and what complex issues are likely to remain unsolved

Irishman solves GCHQ cryptography challenge (RTE News) An Irish code-breaker, along with two others, has proved he is almost a match for the UK's national intelligence and security agency by winning its Christmas card cryptography challenge

Research and Development

Brainprints hit 100% accuracy at identity verification (Naked Security) Brainprint. Bee. Lady Gaga. When you read those words, the part of your brain that assigns meaning to words sparkled, firing neurons in a pattern that's both consistent and unique to each of us

Academia

UNG launches Center for Cyber Operations Education (University of North Georgia) A cybersecurity education initiative through the University of North Georgia (UNG) aims to strengthen workforce opportunities in Georgia and fill critical staffing shortages in private industry, as well as in the Georgia Army National Guard, the U.S. Army and entities at all levels of government

Legislation, Policy, and Regulation

US, Europe have been working on Safe Harbor 2.0 for years, says FTC Commissioner (FierceCIO) Negotiations have been 'intense,' she said

What businesses need to know about Privacy Shield (CSO) It may not stand up in European court, one policy expert warns

Reactions to the EU-US Privacy Shield (Help Net Security) The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield

New Safe Harbor Data "Deal" May Be More Politicking Than Surveillance Reform (Intercept) Lobbyists, government officials, and technology executives celebrated news from Strasbourg on Tuesday morning that the European Commission and the United States had reached an agreement to reinstate the free flow of massive amounts of data between companies in the United States and the European Union, safeguarding users' privacy at a new level

UK wants authority to serve warrants in U.S. (USA Today) British and U.S. officials have been negotiating a plan that could allow British authorities to directly serve wiretap orders on U.S. communications companies in criminal and national security inquiries, U.S. officials confirmed Thursday

Poland increases government surveillance powers despite protests (Reuters via Euronews) Poland's president approved new legislation to increase the government's surveillance powers, his office said on Thursday, despite fears that the new law undermines privacy

Killing Jihadist Hackers Sets a Flawed Precedent (War on the Rocks) For much of the early 2000s, the worst job in terrorism was "Al Qaeda's third-in-command"

Administration to pursue more dialogue on Wassenaar Arrangement, won't rule on implementation yet (FierceGovernmentIT) In response to more than 250 comments from stakeholders on a Commerce Department-proposed rule, the administration has decided not to issue a final rule on its plans to implement updates to the Wassenaar Arrangement until at least one more round of public comments has concluded

Government Promises Comment Period on Next Wassenaar Draft (Threatpost) It's been months since the U.S. Commerce Department's Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software

US Government Says Weapons Export Rules Won't Hurt Cyber Researchers (Motherboard) The Obama administration is committed to making sure that controversial proposals regarding the sale of spy software will not interfere with legitimate uses of cybersecurity tools, according to a letter written by the National Security Council

White House highlights 2015 cybersecurity record, teases new policies (FierceGovernmentIT) The Obama administration achieved several important cybersecurity milestones in 2015 that lay the foundation for this year's plans, said one of the president's senior advisors in a Feb. 2 post to the White House blog

Opinion: How NSA reorganization could squander remaining trust (Christian Science Monitor Passcode) Adm. Michael Rogers, director of the National Security Agency, wants to combine the agency's cyber defenders and its architects of espionage. While that may streamlines processes at the agency, it won't create more openness and trust when it's needed most

DHS to kick off cybersecurity data sharing with private sector this month (FierceITSecurity) The Department of Homeland Security plans to begin sharing cybersecurity threat indicators automatically with private industry this month

CIOs wary of sharing cyberthreat data (CIO) CIOs are still lukewarm to the idea of sharing the cybersecurity threat information the U.S. government is requesting in its Cybersecurity Information Sharing Act

Cyber/Acquisition Measures: Understanding How the Federal Government Will Protect Controlled Unclassified Information (LinkedIn) Businesses should protect their operations against cyber threats, and for many reasons. A different question is whether, and for what purposes the government (federal, state or local) should compel that protection

Litigation, Investigation, and Law Enforcement

Oversight subpoenas OPM for hack information (The Hill) The House Oversight Committee has issued a subpoena seeking documents related to last summer's massive data breach at the Office of Personnel Management (OPM)

Lawmaker wants briefing on OPM hack damage (Washington Examiner) The chairman of the Senate Homeland Security Committee on Tuesday called for a briefing with counterterrorism analysts to discuss ways that data stolen from the Office of Personnel Management may be used in the future

Ryan offers new warning for Chaffetz on email probe (Politico) Paul Ryan and Kevin McCarthy met privately with Chaffetz Wednesday evening to reiterate that he can't proceed with any investigation that involves Clinton

Clinton's Security Clearance Is Under Scrutiny (Bloonberg View) Now that several e-mails on Hillary Clinton's private server have been classified, there is a more immediate question than the outcome of the investigation: Should the former secretary of state retain her security clearance during the inquiry?

Symantec Corp. v. Finjan: Denying Institution in View of Piecemeal Claim Limitation Presentation (National Law Review) Piecemeal presentation of claim limitations, without adequate explanation of how the various embodiments in the prior art tie to the claims, is not sufficient to persuade the Board that the standard for institution has been met

PayPal blocks VPN, SmartDNS provider's payments over copyright concerns (Ars Technica) PayPal cuts off UnoTelly, which touts geo-blocking circumvention to customers

Homeless stripped of free Wi-Fi due to illegal downloaders (Naked Security) Grace Marketplace thinks of itself as being the Walmart of homeless centers

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

OPSWAT Cyber Security Seminar (Washington, DC, February 9, 2016) OPSWAT, along with our Washington DC partners, InQuest and Punch Cyber, will be hosting a half-day seminar to cover several threat detection and research technologies

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Suits and Spooks (Washington, DC, USA, February 4 - 5, 2015) Suits and Spooks DC (Feb 4-5, 2015) is moving to the Ritz Carlton hotel in Pentagon City! We're expanding our attendee capacity to 200 and for the first time will be including space for exhibitors. We...

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.