skip navigation

More signal. Less noise.

Economic Alliance of Greater Baltimore

Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.

Daily briefing.

Anonymous surfaces again in attacks on government websites in Italy's Apulia region. Their cause is opposition to the Trans Adriatic Pipeline project and its putative environmental risks.

TeaMp0is0n may be back. Someone claiming to represent the hacker crew defaced the UN's World Tourism Organization, apparently for the lulz.

The industry group running Operation Blockbuster against the Lazarus Group indicates that their research points fairly conclusively to North Korea as the source of the 2014 Sony hack. This agrees with earlier US Government attribution, and runs counter to other claims that the incident eventually involved North Korea, but began as a post-layoff protest by disgruntled employees.

CTB-Locker (also known as "Critroni") is back as a minor-league ransomware counterpart of TeslaCrypt, CryptoWall, and Locky. CTB-Locker targets websites, whose contents are routinely backed up and easily restored.

Mobile health records—an attractive option to the healthcare sector for many reasons—continue to exhibit disturbing patterns of vulnerability and poorly resourced security. But as just-released study by Independent Security Evaluators suggests that concentration on records invokes the wrong threat model. Patient health, they say, not HIPAA concerns, should drive medical cyber security.

Drupal and Palo Alto Networks have issued security updates.

The US Congress appears ready to pass substantial cyber security appropriations, and is also considering establishing a blue-ribbon panel to study the complex interplay between security and privacy.

The legal dispute between Apple and the FBI takes a surprising turn: Apple will base its case in part on Fifth Amendment protections against self-incrimination.

Notes.

Today's issue includes events affecting China, Egypt, Germany, India, Iran, Ireland, Italy, Democratic Peoples Republic of Korea, Republic of Korea, Taiwan, United Kingdom, United Nations, United States.

We'll be at RSA next week. If you're going to be there, drop by booth 1145 in the South Hall and say "hello." (We'll even give you a pen, while supplies last.)

In today's podcast we hear from Accenture's Malek Ben Salem on biometric authentication. We also talk with Independent Security Evalutors' CEO Stephen Bono about his company's study of healthcare cyber security.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

“Anonymous” attacks Italian state website because of pipeline transporting gas from Azerbaijan (Panorama) State website of Italian region Apulia was attacked by the members of the international network of activists “Anonymous,” who protested against Trans Adriatic Pipeline (TAP) project, Italian news agency ANSA reports

United Nations World Tourism Organization hacked and forum members’ data dumped (Office of Inadequate Security) The United Nations World Tourism Organization has reportedly been defaced, hacked, and forum data dumped by TeaMp0isoN. A TeaMp0isoN spokesperson alerted DataBreaches.net to the incident

Sony Pictures hackers linked to breaches in China, India, Japan: report (Reuters) The perpetrators of the 2014 cyber attack on Sony Pictures Entertainment were not activists or disgruntled employees, and likely had attacked other targets in China, India, Japan and Taiwan, according to a coalition of security companies that jointly investigated the Sony case for more than a year

CTB-Locker/Critroni Finds New Legs Targeting Websites (Threatpost) After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites

An Android Trojan Raises Serious Concerns (BankInfoSecurity) Experts describe evolving worldwide threat and what to do about it

Porn clicker trojans keep flooding Google Play (We Live Security) ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising

Why the Linux Mint hack is an indicator of a larger problem (Tech Republic) Security vulnerabilities at the Linux Mint project highlight substantial issues with the popular Linux distribution, and the difficulty of maintaining a Linux distribution as a hobbyist project

Malicious websites exploit Silverlight bug that can pwn Macs and Windows (Ars Technica) Code execution exploit for just-fixed bug makes encore appearance in Angler

Mousejacking: What you need to know (Naked Security) US startup Bastille Networks boldly claims to be “the first and only company to completely secure the Enterprise,” even though it doesn’t have any products on its website yet

Phishers Spoof CEO, Request W2 Forms (KrebsOnSecurity) With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves: Spoofing emails from a target organization’s CEO, asking human resources and accounting departments for employee W-2 information

The Habits Of Hackers: When You're Most Likely To Get Attacked (LifeHacker) When are you most likely to be hit by a cyberattack? What methods and tools do cybercriminals prefer to use when they are targeting an individual or an organisation? Security specialist Proofpoint has looked at some common trends to come out of recent attacks to reveal the habits of hackers

Cybercriminals use mobile apps to gather data for enterprise spear-phishing attacks (FierceMobileIT) Mobile apps are being used to gather information in order to launch spear-phishing attacks against enterprises as part of advanced persistent threat attacks, warned mobile app security firm Appthority in its Q1 2016 Enterprise Mobile Threat Report

Avast set up rogue access points at Mobile World Congress to prove people suck at security (Geek) You might think that the kind of tech heads who attend CES and Mobile World Congress have a clue about security. Avast set up an experiment to prove that’s not necessarily the case

I got hacked mid-air while writing an Apple-FBI story (USA Today) “I don’t really need to worry about online privacy,” I used to think. “I’ve got nothing to hide. And who would want to know what I’m up to, anyway?”

I dared two expert hackers to destroy my life. Here’s what happened. (Fusion) Several months ago, while I was typing a few e-mails at my dining room table, my laptop spoke to me

Baltimore hackers say they reveal potentially deadly cybersecurity weaknesses at area hospitals (Baltimore Sun) Area hospitals are riddled with cybersecurity flaws that could allow attackers to hack into medical devices and kill patients, a team of Baltimore-based researchers has concluded after a two-year investigation

Securing mobile health records remains a significant challenge (CSO) Healthcare organizations are investing big into mobile medical records, but are they keeping them secure?

Breach of millions of kids’ images and messages sparks disclosure spat at uKnowKids (Naked Security) The bad news: millions of messages and images of 1,700 kids were exposed by a site that – ironically! – helps parents babysit their offsprings’ mobile chats, social media doings and locations

Nissan LEAF cloud security fail leaves drivers exposed (Naked Security) The Nissan LEAF is a popular all-electric vehicle: you have to charge it up from a power supply, and it can’t run on an alternative fuel if the battery goes flat

Security Patches, Mitigations, and Software Updates

Critical Vulnerabilities in Palo Alto Networks PAN-OS (Internet Storm Center) Yesterday, Palo Alto Networks released an update to PAN-OS, which addresses five different vulnerabilities. The security researcher who identified the vulnerabilities will publish details about these issues at a conference on March 16th. You MUST patch affected systems before that date

Security Advisories (Palo Alto Networks) This section provides a listing of all security vulnerabilities identified in currently supported Palo Alto Networks products. Each vulnerability is given a criticality rating and an updated status on any updates or mitigations regarding each discovered vulnerablity. Each vulnerability listing also provides a list of the versions of PAN OS the vulnerability is known to affect

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001 (Drupal) Vulnerability: Multiple vulnerabilities

Outdated payment terminals exempted by Mozilla from SHA-1 certificate ban (IDG via CSO) Mozilla will allow Symantec to issue new certificates signed with the weak SHA-1 algorithm to payment processor Worldpay

Cyber Trends

Firms detect breaches sooner, but attackers have gotten nastier (CSO) Firms are detecting breaches sooner, according to a new report from Mandiant

An industry in turmoil: Poor cyberthreat prep puts patients in danger (FierceHealthIT) Study: Hospitals plagued by lack of security funding, personnel, training

Securing Hospitals: A research study and blueprint (Independent Security Evaluators) The research results from our assessment of 12 healthcare facilities, 2 healthcare data facilities, 2 active medical devices from one manufacturer, and 2 web applications that remote adversaries can easily deploy attacks that target and compromise patient health

Leaky Apps Far Riskier Than Mobile Malware (Dark Reading) Even top enterprise apps are rampant with data leakage and privacy-invasive behavior

2015 Highlights and Trends in the Deep & Dark Web (Flashpoint) 2015 was a year of escalating activity in the Deep & Dark Web. Illicit goods marketplaces matured and new, specialized marketplaces emerged. Novel schemes for fraud and financial cybercrime appeared, as did offerings, and business models allowed a larger class of less sophisticated actors to engage in cybercrime

Verizon: Mobile Beaches Cost More than $9K Each (IT Business Edge) The issue of mobile device security is huge, complex and very important. And, according to a new study by Verizon, the problem even may be worse than though

Understanding The Weapons Of Mobile Warfare (TechWeek Europe) As enterprises go increasingly mobile, it’s inevitable that cybercrime will follow

How to Identify and Authenticate in the Expanding IoT Ecosystem (CloudTweeks) It is a necessity to protect IoT devices and their associated data

Devices Running Insecure Software: Study (eSecurity Planet) Study of two million devices reveals that more than half are running outdated, vulnerable software

Twitter Can Only Lose When It Polices Abuse (Bloomberg View) Less than a year ago, in those innocent, dewy-eyed days before Donald Trump had become the front-runner for the Republican nomination, I wrote about an issue that seemed important at the time: Twitter’s harassment problem

Marketplace

Someone is posting images of dead unicorns in the heart of Silicon Valley (Quartz) Taped on multiple lampposts on University Avenue in the downtown district is a directive for employees of Palantir—which is headquartered here in the heart of Silicon Valley—to “stand up for startup employee rights”

Innovative Cybersecurity Startups Boosted by New, Big-League Investment Group (IBM Security Intelligence) It’s a cyber startup’s wildest dream: An investment group led by InfoSec powerhouses is willing to supply pro bono services along with big cash infusions. As noted by SecurityWeek, that dream will become a reality in 2016 due to Strategic Cyber Ventures (SCV), which is already seeking innovators in the authentication, mobile and intrusion detection space. So, how do cybersecurity startups get their products on SCV’s radar?

Vera secures $17 million in series B financing (Help Net Security) Vera, a top 10 finalist for the Innovation Sandbox competition at RSA Conference 2016, has closed $17 million in Series B financing, led by Sutter Hill Ventures, with participation from existing investors Battery Ventures, Clear Venture Partners, and Amplify Partners

KEYW soars after Q4 beat; strategic review underway for Hexis (Seeking Alpha) KEYW Holding (KEYW +21.3%) used its Q4 report to state it's "exploring strategic alternatives" for its Hexis Cyber Solutions unit, which is responsible for the company's HawkEye G threat-detection and malware-removal solution

New KEYW CEO starts overhaul with $12M sale of business line (Baltimore Business Journal) Hanover-based cybersecurity and intelligence contractor KEYW Holding Corp. is selling one of its business lines for $12 million and looking at unloading another, it said Wednesday as it released fourth-quarter earnings capping a tumultuous year

Feature: iovation and the story behind one of Nevada’s deepest regulatory investigations (Gaming Intelligence) For the first time since the UltimateBet poker scandal hit, iovation founder and chief executive Greg Pierson tells his story about the painful road to redemption

Threat Intelligence Innovator Norse Corp. Releases Findings of Investigative Review, Uncovers Serious Errors in Recent Coverage of the Company (BusinessWire) Norse Corp. today announced the findings of a comprehensive forensic review conducted to examine details cited in a blog post on the company, written by veteran security reporter Brian Krebs and published on Krebs on Security

Force 3 Awarded ITES-3H Contract (Benzinga) Force 3 today announced that it was awarded an ITES-3H contract by the U.S. Army Contracting Command

Iron Bow Secures U.S. Army’s $5B ITES-3H Contract (Sys-Con Media) Iron Bow Technologies, an information technology solutions provider, today announced that the United States Army Contracting Command has awarded the company the Information Technology Enterprise Solutions-3 Hardware (ITES-3H) contract, valued at $5 billion

Air Force awards SIGINT contract (C4ISR & Networks) Assured Information Security has been awarded a $9.8 million Air Force contract for research into signals intelligence (SIGINT)

NIKSUN to Form Key Components of the U.S. Government's New Cyber Security Architecture (NIKSUN) NIKSUN, the world leader in cyber security and network performance monitoring solutions, announced today that it has become the chosen primary provider of full packet capture capability for the U.S. Government's new network protection program, the Joint Regional Security Stacks (JRSS)

Ireland can be cybersecurity capital of the world – report (Silicon Republic) Adding to its tech portfolio, in a somewhat more niche way, a new report claims that Ireland could become a major hub for cybersecurity companies

Raytheon Intell Segment Lead Dave Wajsgras Chosen to 2016 Wash100 for Commercial Cyber Leadership (GovConExec) Executive Mosaic is pleased to introduce Dave Wajsgras, president of Raytheon‘s intelligence, information and services business segment into the 2016 edition of the Wash100 — Executive Mosaic’s annual selection of influential leaders in government contracting

Virtustream Appoints New Executives to Accelerate Global Growth (BusinessWire) Following most successful year to date, company names new COO and head of global markets to drive worldwide expansion

ThreatStream Announces Two New Executive Hires (MarketWired) Management team expanded to support burgeoning threat analysis platform

Products, Services, and Solutions

Google Wants to Save News Sites From Cyberattacks—For Free (Wired) Mehdi Yahyanejad thought that after Iranians voted on June 12, 2009, he would finally get some rest

LookingGlass Delivers Next Generation of Intelligence-Driven Network Security Solutions (BusinessWire) Integrated network security appliances and applications offer the industry’s only contextual threat visibility combined with threat intelligence-driven dynamic defense solutions

Operationalizing Threat Intelligence at the Network Layer (Cyveillance Blog) By integrating threat intelligence into the network layer, security and network operations teams often find that both their effectiveness and efficiencies improve. Today we are pleased to announce an update to LookingGlass’ suite of threat mitigation applications dubbed the ‘NetX’ product line

Lieberman Software Provides Unified Solution To Control Privileged Access In On-Premises, Cloud And Hybrid Environments (HostReview) Lieberman Software Corporation today announced significant new cloud security capabilities incorporated in its Privileged Access Management (PAM) product, Enterprise Random Password Manager™ (ERPM)

Morphisec Launches MTD-Based Endpoint Threat Prevention Solution, Enabling Companies to Seize the Cyber Advantage from Hackers (IT Business Net) Game-changing technology revealed prior to West Coast security conferences

Webroot launches enterprise cybersecurity threat investigator BrightCloud (ZDNet) The solution has been designed to find "needle in the haystack" critical security threats to enterprise systems

TrustPipe fine tunes its security software to target enterprise (Network World) Endpoint software blocks zero days, creates new ID markers to catch them faster the next time

CEO: Corero’s new product will be a “very important tool” for DDos protection (Proactive Investors) Ashley Stevenson, chief executive of cyber security specialist Corero Network Security (LON:CNS), speaks to Proactive about the launch the beta version of its latest software monitoring solution

Blue Coat and NetApp to provide high-density storage for industry-leading security incident response and forensics solution (CSO) Blue Coat Systems, Inc., a market leader in enterprise security, and NetApp, a leader in enterprise storage, today announced the companies are working together to provide high-density storage solutions that enable extended network forensic analysis

SentinelOne Introduces First Next Generation Endpoint Protection Built for Linux Servers (Yahoo! Finance) Platform combines best-in-class detection, prevention and remediation against sophisticated malware and exploit-based attacks

BlackBerry Launches New Professional Cybersecurity Services Practice to Expand Portfolio (BlackBerry) BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader in secure mobile communications, today announced the launch of its new Professional Cybersecurity Services practice that will further expand BlackBerry’s security portfolio by offering organizations new consulting services, tools and best practices to assess and thwart ever-changing cybersecurity risks

Fortscale Joins FireEye Fuel Cyber Security Coalition (BusinessWire) Integrates Fortscale UBA into FireEye Global Threat Management Platform

Varonis Announces Interoperability With LogRhythm to Protect File Data Before Cyberattacks Materialize (Nasdaq) Varonis Systems, Inc. (Nasdaq:VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, today announced the interoperability of its DatAdvantage and DatAlert solutions with the LogRhythmSecurity Intelligence Platform

Encrypted Email Startup Tutanota Reaches 1 Million Users (Hack Read) The trend for using encrypted email service started after Snowden leaks. Several firms took on the NSA and came up with end-to-end email encryption system

Technologies, Techniques, and Standards

Operation Blockbuster security biz: We'll get you, Sony hackers (Register) Or neutralise? At the very least, we'll slow you down

Defending Your Network Against DDoS Attacks (Tripwire: the State of Security) There is nothing more frustrating to a customer or client who is unable to access the website of a company, bank or retailer. Multiple emails and attempts to “check out” often lead to the viewpoint of “forget them; I will just go to another e-retailer to see if they have it in stock"

‘Ten Commandments’ of Cyber Security Can Enhance Safety (Knowledge@Wharton) Hacker attacks such as the one on Hollywood Presbyterian Medical Center show how easily digital platforms can be turned against organizations, but taking 10 steps can augment security, write RANE founder David Lawrence and his co-authors in this opinion piece

Bugcrowd CEO Casey Ellis on bug bounty programs (FedScoop) Cybersecurity Insights & Perspectives host Kevin Greene speaks with Bugcrowd CEO Casey Ellis about the challenges and opportunities of bug bounty programs

The Importance of Source Code Analysis for Investigations (Part 2) (Legaltech News) Joe Sremack examines the types of source code analysis that can be performed and how you can integrate that analysis into an investigation

Security Lessons From My Doctor (Dark Reading) Why it's hard to change risky habits like weak passwords and heavy smoking, even when advice is clear

Avoiding the Internet of spam still requires human intelligence (Control) If AI becomes an agent of spam—meaningless messages that require no action—the time and resources expended on data analysis will have been wasted

Design and Innovation

Apple Is Said to Be Working on an iPhone Even It Can’t Hack (New York Times) Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts

Research and Development

Galois-Led TAMBA Project to Test DARPA Data Privacy Program Brandeis (ExecutiveBiz) Galois has been awarded a $6.2 million Defense Advanced Research Projects Agency contract to test the privacy of systems for DARPA’s Brandeis program

Legislation, Policy, and Regulation

European companies sold powerful surveillance technology to Egypt, report says (Verge) Privacy International investigation sheds light on Egyptian intelligence agency that operates in total secrecy

Appropriators appear to back more cyber spending (FCW) Lawmakers at a budget hearing appeared cautious but receptive to proposed increases to the Department of Homeland Security's cybersecurity budget as Secretary Jeh Johnson continued to pitch them on the progress made last year

Justice asks for $38M to build encryption-breaking tools (Federal Times) No matter which way it goes, no one believes the current court (and public) battle between Apple and the FBI over access to an iPhone used by a terrorist involved in the San Bernardino shooting will be the end of the debate over encryption

Lawmakers propose commission to settle encryption debate (Federal Times) As feds and private companies come to grips with the dueling security issues at the heart of the encryption debate, two lawmakers are preparing to create a commission to find answers to the major questions

Washington Has a Very Washington-Like Solution for the Apple-FBI Crypto War (Foreign Policy) Despite being locked in an acrimonious fight over the government’s ability to access encrypted communications, both Apple and the FBI say they agree on one basic principle: the need to strike a balance between privacy and national security interests. The problem is that no one can agree on what that should look like

The economics of backdoors (CSO) Why it’s bad for U.S. corporations and the U.S. economy

The privacy vs. security battle, reignited (PBS Newshour) As Apple’s standoff with federal courts reignites the debate over privacy versus security, some may wonder just how much American intelligence policies have changed since Sept. 11. Hari Sreenivasan talks with former CIA Director Michael Hayden about the constitutional cost of national security, the efficacy of drone strikes and the human element within the Central Intelligence Agency

Litigation, Investigation, and Law Enforcement

Forget the 1st Amendment, Apple to plead the 5th in iPhone crypto flap (Ars Technica) It's a novel constitutional legal argument versus an unprecedented government demand

Apple May Use a First Amendment Defense in That FBI Case. And It Just Might Work (Wired) Apple's lawyers indicated yesterday that they plan to use a First Amendment defense in the San Bernardino iPhone case, arguing that if code is speech, then the government is compelling the company to say something it doesn’t want to by forcing it to cooperate in cracking the phone’s password. That might sound like a weak argument on which to hang a critical data privacy case. But experts say the company might actually be onto something

Apple: FBI Wants Access To Many Different iPhones (InformationWeek) Despite the FBI's insistence that it's focused on the San Bernardino terrorism case, authorities want access to more than one iPhone

Tim Cook: An iPhone Master Key Would Be the 'Software Equivalent of Cancer' (Gizmodo) Apple CEO Tim Cook told ABC World News Tonight’s David Muir that he remains opposed to giving the FBI a skeleton key that would allow it to break into one of the San Bernardino shooter’s iPhones

Verizon supports 'strong encryption with no backdoors': CEO (Reuters) Verizon Communications Inc supports "the availability of strong encryption with no backdoors," Chief Executive Lowell McAdam said on Wednesday, weighing in the showdown between Apple Inc and U.S. authorities over mobile device encryption

Hands Off Our iPhones! (Spiked) The FBI is trying to strongarm Apple into compromising user privacy

Arizona prosecutor: We’re not buying any more iPhones over Apple and DOJ dispute (Ars Technica) Maricopa Co.: Apple is "on side of terrorists instead of on the side of public safety"

Spy agencies say Clinton emails closely matched top secret documents: sources (Reuters) U.S. spy agencies have told Congress that Hillary Clinton's home computer server contained some emails that should have been treated as "top secret" because their wording matched sections of some of the government's most highly classified documents, four sources familiar with the agency reports said

Confirmed: Carnegie Mellon University Attacked Tor, Was Subpoenaed By Feds (Motherboard) In November, Motherboard reported that a “university-based research institute” provided information to the Federal Bureau of Investigation that led to the identification of criminal suspects on the so-called dark web

FBI subpoenaed Carnegie Mellon University for Tor-using suspect’s IP address (Help Net Security) A court order in the case of U.S. vs Brian Farrell, a man charged with conspiracy to distribute illegal drugs while he was allegedly an administrator of the Silk Road 2.0 website, has provided official confirmation that the FBI identified him thanks to the IP address provided by the Software Engineering Institute of Carnegie Mellon University, who did some research on the Tor network

FTC And Asus Settle Router Security Case (Threatpost) The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers that left the personal data of 12,900 consumers’ publicly available

Navy engineer with secret access accused of concealing double life as Iranian citizen (Navy Times) A 30-year Navy engineer with access to government secrets has been indicted on charges of lying about his dual Iranian citizenship and creating false identities to conceal his ongoing ties and money he received from overseas

UK businesses and police growing cyber capabilities, summit told (ComputerWeekly) UK businesses and police are getting better at building cyber capabilities, but there is still work to be done, according to the deputy head of the Met Police's Falcon unit

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

Upcoming Events

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.