skip navigation

More signal. Less noise.

Daily briefing.

To most observers — including, according to reports, US intelligence services — Russia appears the most likely suspect in December's cyber attack on the Ukrainian power grid. How the attack was accomplished, however, remains less clear. As ESET's reports suggest, signs point to BlackEnergy malware (BlackEnergy was found in affected networks) but many think it's too early to close the case.

The motive for a Russian hack also remains unclear: there's no obvious operational purpose served. Some speculate the episode amounts to dissuasion or saber-rattling. (In its own bit of dissuasion, the US Treasury Department finalizes its system of sanctions for hacking.)

Other utilities around the world reassure stakeholders they've taken precautions against similar attacks.

Saudi Arabia and Iran seem poised to escalate ongoing tension into conflict in cyberspace. ISIS has taken to denouncing the Saudi regime as tyranny and Saudi soldiers as apostates. Shi'ites, Christians, and Jews also come in for their usual share of odium in Daesh social media. Western services are still working out their information operational response.

Anonymous takes down Thai police sites to protest death sentences handed down in the case of two murdered tourists.

"GeNiuS-JorDan," known for attacks on Kuwaiti and Nepalese sites, defaces Ugandan Foreign Ministry sites with protests of US and Israeli actions in the Middle East.

Analysts review Ransom32, which Emsisoft described this week. Its JavaScript-based ability to affect different operating systems is as disturbing as Ransom32's crimeware-as-a-service distribution.

Rapid7 finds issues with Xfinity's home security system.

Android patches five critical security flaws.

Notes.

Today's issue includes events affecting Afghanistan, Australia, Belgium, Brazil, Canada, China, Denmark, Ethiopia, France, Germany, India, Iraq, Iran, Israel, Italy, Jordan, Latvia, Japan, Kenya, Myanmar, Netherlands, Nigeria, Palestine, Russia, Rwanda, Saudi Arabia, Singapore, Switzerland, Syria, Tanzania, Thailand, Turkey, Uganda, Ukraine, United Kingdom, United States, and Yemen.

Cyber Attacks, Threats, and Vulnerabilities

Russian hackers suspected in attack that blacked out parts of Ukraine (Washington Post) U.S. Homeland Security and intelligence agencies are analyzing computer code from what appear to be one of the first known cyberattacks that resulted in an electrical power outage — this one in Ukraine

Ukrainian Power Grid: Hacked (InfoRisk Today) Blackouts tied to malware attack against power provider

Exclusive: CIA Eyes Russian Hackers in 'Blackout' Attack (Daily Beast) Somebody hacked the Ukrainian power grid just before Christmas — and U.S. intel analysts are looking toward Moscow for answers

Ukraine blackout was a cyberattack milestone (C|NET) Hundreds of thousands of homes were left in the dark in what security experts say was a first for hackers with ill intent

Hack of Ukrainian Power Grid Marks 'New Territory,' Analyst Says (DoD Buzz) The recent cyberattack on Ukraine's power grid was the first of its kind and signals "new territory" for potential offensive military applications, an analyst said

Questions Remain On How Cyberattack Caused Ukraine Blackout (Dark Reading) Could BlackEnergy backdoor with KillDisk really cause a power outage? Some experts think piece of puzzle is missing

Ukraine power outages blamed on "hackers and malware" — the lessons to learn (Naked Security) You may have read news stories over the New Year's break about hackers causing power outages in Ukraine, using malware as their primary toolkit for attack

Measures to fend off cyber attacks tested regularly: Singapore Power (Channel News Asia) Singapore Power's comments come on heels of an attack on Ukrainian power company Prykarpattyaoblenergo late last month

Saudi And Iranian Hackers Are Already On A Cyber Warpath (BuzzFeed) Saudi and Iranian hackers are already launching small-scale cyberattacks on each other, but both countries have the ability to do more

Anti-ISIS group claims credit for taking down websites of BBC, Trump, Turkish prime minister (FierceITSecurity) The New World Hacking group, which bills itself as an anti-ISIS group, claimed that it took down the websites of the BBC, Donald Trump's presidential campaign and the Turkish prime minister in distributed denial of service attacks carried out in recent days

ISIS Campaign Targets Saudi Arabia, Calls For Attacks Against Saudi Monarchy, Shi'ites, And Polytheists (MEMRI) The Islamic State (ISIS) has exerted much effort in the last couple of weeks to attacking Saudi Arabia and its ruling and religious echelons in an extensive and well-coordinated media campaign it launched against it. The campaign included the unprecedented release of 15 official ISIS videos from ISIS's various provinces, along with similarly prolific content released from the ISIS-affiliated Al-Battar media company over social networks and jihadi forums

Fixing How We Fight the Islamic State's Narrative (War on the Rocks) Over the past couple of years, counter-messaging has been driven to the forefront of countering violent extremism (CVE) efforts undertaken by the United States and its allies. From defense agencies to diplomats to civil society groups, almost every actor involved in CVE is committed to developing narratives to counter the potent propaganda and appeal of groups such as the Islamic State and al-Qaeda. The need for effective counter-messaging is apparent: The Islamic State in particular possesses an agile and robust propaganda machine that has helped to inspire as many as 31,000 people from across the globe to leave their homes and join the cause

Thai police websites hacked with 'Failed Law' message (AP: The Big Story) Hackers took over several police websites in Thailand, replacing the home pages with a message saying, "Failed Law. We want Justice!"

Anonymous Hacks 14 Thai Police Websites to Protest Flawed Murder Investigation (Softpedia) Anonymous hackers are contesting the decision of another judge, yet again, but this time in Thailand, in the Koh Tao murder case

Uganda High Commission Website For 20 Countries Hacked (Hack Read) The defaced sites were left with messages against the US invasion of Iraq, human rights violations in Afghanistan and Palestine

JavaScript makes Ransomware as simple as a snap of fingers (Hack Read) A new variant of ransomware, Ransom32, uses JavaScript to ease the process of attacking use systems with ransomware and cause problems

Researchers uncover JavaScript-based ransomware-as-service (Ars Technica) Malware, based on Node.js desktop framework, offered up to would-be extortionists for fee

Author of Linux.Encoder Fails for the Third Time, Ransomware Is Still Decryptable (Softpedia) The Linux.Encoder ransomware has received a third update, which security researchers from Bitdefender have managed to crack, yet again, for the third time

Security Alert: Exploit Kits Activity Spike Packs Improved Payloads, New Servers and a Predilection for Flash Player (Heimdal Security) It seems that cyber criminals are well rested and have also gotten back to the "office", because our team has spotted a substantial increase in exploit kit activity for Neutrino, RIG and Angler. Here's what it's all about

Hell is back with Hell Reloaded on the Dark Web (Hack Read) The Dark Web hacking forum named Hell was shut down last year when a data dump of personal details of users was found on the website. However, a few months after its reported shutdown by authorities, Hell is back

Linode To Hosting Customers: Change Your Passwords Now (Dark Reading) Stolen Linode customer credentials discovered on an 'external' server by cloud hosting provider that has been under continuous DDoS attack

Xfinity's Security System Flaws Open Homes to Thieves (Wired) New-generation alarm systems that send real-time text alerts and other digital notifications if an intruder tries to breach a property offer homeowners a great sense of security. Except when thieves can easily undermine the system to trick homeowners into thinking they're protected when they're not

Comcast security flaw could help burglars break into homes undetected (Ars Technica) Comcast says industry-standard tech to blame, but will try to fix it

XFINITY Security System Flaw Allows Sneak Attacks By Jamming Radio Frequency (Dark Reading) Rapid7 Researcher finds that when communication between base station and sensors is disrupted, alarm system continues to think it is armed

BTCC Bitcoin Trader Confronts DDoS Attackers Like A Pro (Hack Read) Bitcoin-for-DDoS extortion scheme has a new victim and its none other than the BTCC — however, the hacker was unfortunate this time as the company was capable financially and had implemented advanced DDoS protection measures beforehand

Brazilian Cyber-crime Flourishes, Catching Up to Russian, Chinese Groups (eWeek) Studies of cyber-crime in Russia, China, Brazil and other nations find that each has its strengths

As Microsoft support winds down, security risks ratchet up (GCN) When it comes to security, government IT managers do their best to balance risk and cost. In 2016 that balance will be harder to maintain when "extended support" for some Microsoft products ends

European Trains at risk of being Hacked: Hackers (Hack Read) Trio of Russian hackers revealed numerous bugs in the train systems of many of Europe's railway companies, saying that hackers and terrorists can easily exploit them to derail or even hijack the trains

SNHU still investigating database leak exposing over 140,000 records (CSO) Class records exposed by third-party vendor, university says

HSBC hails "steady return of service" to online banking (ITPro) But bank's technical problems are still ongoing

Two-day outage at British bank not cyberattack (The Hill) Britain's biggest bank, HSBC, said on Tuesday that hackers aren't responsible for a mobile and online banking outage that has now lasted two days

60 Percent of Banks Operating in the UK Have Weak Crypto (Softpedia) More than half of British or foreign-owned banks operating in the UK were found to run insecure SSL instances on the login page of their Web portals

Security Patches, Mitigations, and Software Updates

January Android security update fixes 5 critical flaws, removes unneeded component (Help Net Security) Google has released the January security update for Android (for its Nexus devices). The update fixes 12 issues, five of which are critical

Nexus Security Bulletin — January 2016 (Android) We have released a security update to Nexus devices through an over-the-air (OTA) update as part of our Android Security Bulletin Monthly Release process

Got an Android? I hope you're patching it (We Live Security) If you are one of the many millions of people who owns an Android phone, I do hope you're managing to keep it updated

Security Notification and Linode Manager Password Reset (Scheduled Maintenance Report for Linode) Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution

Cyber Trends

3 Information Security Trends for 2016 (Recorded Future) Threat intelligence truly took center stage in 2015. While there is an element of trendiness to the term, the need for more accurate, timely, and actionable information about threats to enterprises, individuals, and even nation-states has never been more important

2016 Technology Report: New Security Solutions and Risks Go Hand-in-Hand (Security) Technology moves quickly, as military and commercial tools and toys merge with security applications to create both new solutions and risks for the enterprise. What should you be on the lookout for this year?

Hacker 2016 To-Do List: Botnet All The Things! (Dark Reading) Most predicted security crisis of the year is an impending wave of zombified Internet of Things (IoT) devices taken over to fill out cybercriminal botnets

The Biggest Security Threats We'll Face in 2016 (Wired) Hackers are nothing if not persistent. Where others see obstacles and quit, hackers brute-force their way through barriers or find ways to game or bypass them. And they'll patiently invest weeks and months devising new methods to do so

Security and Data Breach Trends in 2016 (InfoRisk Today) What's the new stance for breach prevention and detection?

Forward-facing security by remembering the past (GCN) As the new year begins, it?s a good time to look forward to what?s on the horizon and reflect on the successes and struggles of the past 12 months. Given the speed with which technologies emerge, these moments give us perspective when planning to make the coming year a stronger and more successful one

An Internet of Things wish list for 2016 (Help Net Security) I've been writing about the Internet of Things for a while now, both from the perspective of the great opportunities that the IoT offers and the very real pressure it will put on both security practice and legislation designed to protect our privacy

Confusion about IT security leaves devices at risk (Help Net Security) When it comes to Internet security, consumer concern and awareness are both on the increase. However, despite a growing recognition of the need to protect devices, many consumers are struggling to identify, install and use security software, according to Kaspersky Lab and B2B International

Infographic: The Size and Scope of Data Breaches in 2015 (Bromium) Looking back at 2015, it's clear that IT security is a real and growing concern. Just a few years ago, online retailers were the source of most security failures. Now, cybercriminals are getting more sophisticated. In 2015, cybercriminals have successfully attacked governments, hospitals and insurance companies — the organizations that store our most personal data

2015 Government Technology in Review: Mobile Security, the Cloud, and Police Body Cameras (Samsung) While no one would dispute that the past year has seen some game-changing advances in government technology, some might be surprised at just how deep these changes run

2016: Year of the Empowered CISO? (InfoRisk Today) Intel Security's MD on trends and challenges facing Indian security jeaders

The Growing Role of Incident Response (InfoRisk Today) Arbor's Buhl: awareness up, but Asian approach still young

What About Canada, Eh? — The Canadian Threat Landscape (TrendLabs Security Intelligence Blog) As a Canadian Threat Analyst, one challenge that I and others like me face is that there are very few threat reports that focus on or cover Canada

Marketplace

More Executives Turn to Cyber Risk Transfer (Tripwire: the State of Security) As cyber threats grow in scope and potential impact, the complexity of enterprise digital data protection grows to astonishing proportions. Last year, a Fortune 500 survey revealed that cyber security is the second biggest concern for CEOs, who keep looking for new solutions to keep their data safe and their clients happy

Cybersecurity Demand Looks Strong into 2016; Is There Enough Pie for Everyone at the Table? (FBR Capital) On the heels of another strong year for cybersecurity players, our field checks for 4Q15/initial 2016 pipelines indicate strong deal flow, particularly on the seven-figure-deal front, as the sophisticated threats facing enterprises and governments remain unprecedented. Our channel partner/customer checks suggest elevated threats coupled with increasing endpoints (e.g., cloud buildouts, mobile proliferation) are catalyzing IT departments to aggressively build out next-generation firewalls, email protection, and advanced threat analysis/detection

Cybersecurity Industry Predictions for 2016 (Network World) Skills shortage, M&A, and trusted systems will impact the industry this year

The life and times of the cyber security hype curve (Information Age) The evolution of cyber provisioning and how this reflects the maturity (or the lack of it) of the cyber security market in developed economies

Digging Into The Deceleration At Qualys (Seeking Alpha) Qualys Chairman/CEO Philippe Courtot has led many technology companies to strong exits, and Qualys is likely another feather in his cap. Unfortunately, competition is heating up, calling the achievability of both growth rates and the company's aggressive target model into question. At the current valuation, Qualys doesn't look like a compelling long, but it may be an M&A candidate. More aggressive investors might find it worth a look on a deeper selloff

New Company, CyberVista, Launches to Tackle Cybersecurity Training for Business Leaders and Practitioners (BusinessWire) CyberVista, a wholly owned subsidiary of Graham Holdings Company and sister company to Kaplan, Inc., will make its official debut today during the first-ever CES CyberSecurity Forum at 2016 CES in Las Vegas. CyberVista, a cybersecurity education and workforce development company, aims to create a cyber-ready workforce through personalized training programs that provide organizations with the people, knowledge and skills required to defend their most critical assets

What Washington tech startups want out of CES (Washington Business Journal) If you're in the tech world — or even just a self-proclaimed tech geek — it's arguably the most wonderful time of the year for you: The Consumer Electronics Show kicks off Wednesday in Las Vegas

Zerodium offers $100,000 to hackers to breach Flash's new security feature (TechWorm) Zerodium, the company that deals in exploits and zero-days has put up a fresh $100,000 bug bounty for zero-days in the new Flash security feature. Zerodium buys zero-day bugs from security researchers and then sells them forward to government intelligence agencies. It has already been in news for offering a $1 million bug bounty to a security researcher for a zero-day bug in Apple's newly released iOS 9 mobile operating system

Air Force wants to simulate cyberwar in a virtual environment (FierceGovernmentIT) The Air Force issued a request Monday for research and product information on a virtualized system that could help the service rehearse combat scenarios in the cyberspace domain

Sotera Wins Prime Position on $6 Billion DIA E-SITE IDIQ Contract (PRNewswire) Sotera Defense Solutions (Sotera), a provider of mission-critical, technology-based systems, solutions and services for national security agencies and programs of the U.S. Government, was recently awarded a prime position on the Enhanced Solutions for the Information Technology Enterprise (E-SITE) Indefinite Delivery Indefinite Quantity (IDIQ) — Large Business track

SRA International awarded DCGS maintenance contract (UPI) SRA International has been awarded a $35 million contract to manage and maintain the Processing, Exploitation, and Dissemination, or PED, Operation Center of the Air Force Distributed Common Ground System

IT security is a safe job? Tell that to Norse staff laid off this week (Register) Exclusive One of the more promising security startups of recent years has laid off a sizable chunk of its staff, citing business pressures

KEYW Names Michele M. Cook Executive Vice President of Business Development (CNN Money) The KEYW Corporation, a wholly-owned subsidiary of The KEYW Holding Corporation (NASDAQ:KEYW), announced today it has named Michele M. Cook as Executive Vice President of Business Development, with an employment commencement date of January 18, 2016

Products, Services, and Solutions

Microsoft's New Security Approach (Redmond Magazine) Microsoft is shifting to an operational focus and creating a security graph to help address the alarming new threat landscape and the rise of cloud computing

Cloudlock And Check Point Partner to Revolutionize Cloud Malware Threat Detection and Quarantine (EIN News) Joint solution discovers and attacks hybrid cloud shadow IT and malware at the source through detection, quarantine, and eradication capabilities

VMware integrates mobile security into enterprise threat defense lifecycle with Intel Security (Computer Technology Review) VMware further enhanced Tuesday its alliance with Intel Security to include joint solutions for customers using the AirWatch by VMware Enterprise Mobility Management platform

Silicon Labs Gecko MCU Platforms Focusing on IoT Security and Energy (App Developer Magazine) Silicon Labs has introduced two new EFM32 Gecko microcontroller (MCU) platforms that focus on security and energy management for IoT-connected devices

LoJack SCI and TransVoyant Partner to Deliver Supply Chain Risk Alerting (PRNewswire) Will the potential for a port workers' strike in Shanghai affect my shipments? How risky is this shipping route through northwestern Mexico for cargo theft? Will severe weather in the Pacific cause my ocean cargo to arrive late into the Port of Long Beach? Converging logistical risk subject matter expertise with live data analytics, LoJack SCI and TransVoyant today announced a partnership that will answer these questions and more

Can enterprises keep mobile security threats from driving customers away? (CSO) A 2015 mobile app survey from Bluebox Security supports the notion that most consumers would turn away from vendors if their mobile app is compromised and take their business elsewhere

WISeKey Locks Down Digital Identity Solution In China (PYMNTS) Swiss-based cybersecurity firm WISeKey announced yesterday (Jan. 4) that it will launch its Digital Identification and secure cloud services for Chinese consumers

Technologies, Techniques, and Standards

Cyber security guidelines for the shipping industry (Help Net Security) A group consisting of several leading shipping organizations and companies has published a set of guidelines to help the global shipping industry develop good solutions for preventing cyber incidents onboard their ships

Wi-Fi HaLow to extend Wi-Fi solutions for the Internet of Things (Help Net Security) With industry momentum mounting around a low power Wi-Fi solution, Wi-Fi Alliance announced the Wi-Fi HaLow designation for products incorporating IEEE 802.11ah technology

Cyber security: making banking safer (The Banker) Protecting the banks' crown jewels — money and personal data — may have become more difficult than ever, but financial institutions have fortified their defences with a little help from their fintech friends

Data convenience isn't a crime, but treating it as one should be (Computerworld) It's self-defeating to try to protect data by treating it all as if it's equally sensitive

Solid cyber risk management depends on good defense metrics (Business Insurance) Cyber security is vital for corporations and individuals alike, but its practice is hamstrung by a lack of effective data, loose monitoring and impediments to sharing the data that does exist

Victims or Villains: Intelligent Incident Response Can Save the Day (Infosecurity Magazine) We all know the lessons of nursery school tales: don't lie, don't steal, and play nice with others

HTML5 Security Cheat Sheet (Help Net Security) This OWASP cheat sheet serves as a guide for implementing HTML5 in a secure fashion

Design and Innovation

The Father of Online Anonymity Has a Plan to End the Crypto War (Wired) It's been more than 30 years since David Chaum launched the ideas that would serve as much of the groundwork for anonymity online. In doing so, he also helped spark the debate that's endured ever since, over the anarchic freedoms that digital secrecy enables — the conflict between privacy advocates and governments known today as the "crypto wars"

New Dropbox patent hints at possible P2P future (FierceCIO) BitTorrent Sync might be getting some new competition

Gaming Gets Serious on Addressing Online Dual Threats of Cyber-Attacks and Piracy (Willis Wire) Within the world of game console systems, piracy is an ever-present threat and the potential consequences of a cyber-attack have spiraled upward, now that online gaming services have become an inextricable part of modern game consoles

Research and Development

De-anonymizing code authors by analyzing executable binaries (Help Net Security) A group of researchers that have previously proven that it's possible to de-anonymize programmers by analysing the source code of programs they have created, have now demonstrated that a good result can be also be achieved by analyzing executable binaries of those programs

Quantum Cryptography May Not Be as Secure as Previously Thought (IBM Security Intelligence) Researchers from Stockholm University and Linköping University in Sweden have discovered that quantum cryptography may not be as secure as it was presumed to be. They found that energy-time entanglement, which forms the basis for many systems of quantum cryptography, is vulnerable to attack

Hacking the Bell test using classical light in energy-time entanglement-based quantum key distribution (Science Advances) Photonic systems based on energy-time entanglement have been proposed to test local realism using the Bell inequality. A violation of this inequality normally also certifies security of device-independent quantum key distribution (QKD) so that an attacker cannot eavesdrop or control the system. We show how this security test can be circumvented in energy-time entangled systems when using standard avalanche photodetectors, allowing an attacker to compromise the system without leaving a trace

Legislation, Policy, and Regulation

EU finally agrees on General Data Protection Regulations (ITPro) The wording of the document has been finalised and is set to come into force in 2018

Dutch Government Embraces Encryption, Denounces Backdoors (Threatpost) While the "Going Dark" debate over encryption standards rages on here in the United States, government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely

CSU : Financial Constraints to Combat Terrorism Includes Call for Bitcoin Framework (CryptoCoinNews) The Christian Social Union (CSU), a leading Christian democratic and conservative political party in Bavaria, Germany is due to issue a paper detailing effective ways to combat terrorism that will include financial restraints, as the party sees it. The paper will also include regulation for all virtual currencies including Bitcoin

Treasury finalizes rule for imposing cyber sanctions (Federal Times) As the U.S. looks to get tougher on cyber criminals that threaten the nation's critical infrastructure, the Treasury Department released an abridged version of a proposed regulation for imposing cyber-related sanctions to foreign actors, whether individuals, groups or nation-states

CRS sheds light on enforcement authority in data breach notification legislation (FierceGovernmentIT) As lawmakers return to the Hill, several data security and breach notification bills remain up for consideration in the 114th Congress. Among the major legal issues members of Congress must consider in proposed legislation is the existing jurisdiction and enforcement authority of the Federal Trade Commission and the Federal Communications Commission, reported the Congressional Research Service

Federal legislation takes look at social media and terrorism (ABC 13 WHAM) New federal legislation is taking aim at terrorist's use of social media sites. The new bill is called the "combat terrorist use of social media act of 2015"

Army FORSCOM Relaunches Intell Operations Facility in North Carolina (ExecutiveGov) The U.S. Army Forces Command has reopened a 27,000-square-foot facility at Fort Bragg in North Carolina to provide a training venue for uniformed personnel and support future intelligence missions

Litigation, Investigation, and Law Enforcement

Britain accused of security lapse in case of jihadi who fled (Gazette) Opposition members of Parliament criticized the British government Tuesday for failing to prevent a man charged with serious crimes from traveling to Syria to join Islamic State extremists

What to Know About the New 'Jihadi John' (TIME) How a bounce-house salesman became an alleged ISIS executioner

How Jewish groups got spied on by Obama (JTA) At first blush, it appears like a bombshell: The United States listened in on Israeli Prime Minister Benjamin Netanyahu's phone calls

China Asks Microsoft to Explain 'Major Problems' in Probe Data (Wall Street Journal) Software firm's sales and marketing practices face further scrutiny by Chinese officials

Latvian Who Co-Wrote Worldwide Computer Virus Can Go Home (ABC News) A Latvian computer code writer who admitted a role in spreading a virus to more than a million computers worldwide, including some at NASA, can return home after serving 20 months in prison

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance...

Upcoming Events

CES CyberSecurity Forum (Las Vegas, Nevada, USA, January 6, 2016) Premiering at CES 2016 — the global stage for next generation technologies — The CyberSecurity Forum will bring together security experts and technology visionaries with executives and policymakers...

FloCon 2016 (Daytona Beach, Florida, USA, January 11 - 14, 2016) The FloCon network security conference provides a forum for large-scale network flow analytics. Showcasing next-generation analytic techniques, FloCon is geared toward operational analysts, tool developers,...

Breach Planning & Incident Response Summit: Proactive Collaboration Between Private Industry and Law Enforcement to Mitigate Damage (Odenton, Maryland, USA, January 12, 2016) The Cybersecurity Association of Maryland, Inc.(CAMI), Chesapeake Regional Tech Council, Maryland Chamber of Commerce, Chesapeake Innovation Center, Tech Council of Maryland are partnering together to...

Cyber Security Breakdown: Chicago (Chicago, Illinois, USA, January 12, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Insider Threat Program Development Training Course — Georgia (Atlanta, Georgia, USA, January 12 - 14, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

FTC PrivacyCon (Washington, DC, USA, January 14, 2016) The Federal Trade Commission will in January hold a wide-ranging conference on security and privacy issues lead by all manner of whitehat security researchers and academics, industry representatives, consumer...

National Insider Threat Special Interest Group Meeting (Laurel, Maryland, USA, July 16, 2015) Topics to be discussed at the meeting; Insider Threat Program Development & Implementation, Behavioral Indicators Of Concern, Legal Considerations When Developing & Managing An Insider Threat Program.

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.