skip navigation

More signal. Less noise.

Daily briefing.

ESET reports that utilities in Ukraine have come under fresh attack. This time there's no immediate connection with BlackEnergy malware, but rather spearphishing with an email vector for malicious xls files. This seems, researchers suggest, more consistent with a criminal group than a state security service.

Ukrainian authorities also continue to investigate this week's earlier hacking incident at Kiev's Borispil International Airport.

The Republic of Korea's President Park warns her country to prepare for a surge of cyber aggression from north of the 38th parallel. Israeli officials think Iran and others will become increasingly active as long as cyber attacks are perceived as cost-free. American and Australian authorities work toward even closer cooperation in cyberspace.

The US Air Force announces full operational capability for the Air Force Intranet Control Weapon System, whose mission is "intelligence gathering, cyberspace surveillance and reconnaissance, interdiction and security."

Patriotic cyber rioting flares again from Turkey, as the THT group hits both Russian and Iranian websites to display THT's support for Turkey's Erdoğan government.

Symantec observes a new criminal campaign affecting India, the UK, and the US. Businesses are being phished to install two commodity RATs: Backdoor.Breut and Trojan.Nancrat.

Dr. Web describes a new Linux Trojan for system reconnaissance, "Linux.Ecoms.1."

Cisco closes vulnerabilities in three products. Intel addresses a man-in-the-middle flaw in the Intel Driver Update Utility.

In industry news, FireEye buys iSIGHT for a reported $200 million in cash, followed by $75 million in cash and equity. Malwarebytes and ForeScout each receive more venture funding.

Notes.

Today's issue includes events affecting Antigua and Barbuda, Australia, Germany, India, Iran, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Syria, Turkey, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

New wave of cyberattacks against Ukrainian power industry (We Live Security) Yesterday (January 19th) we discovered a new wave of these attacks, where a number of electricity distribution companies in Ukraine were targeted again following the power outages in December. What's particularly interesting is that the malware that was used this time is not BlackEnergy, which poses further questions about the perpetrators behind the ongoing operation. The malware is based on a freely-available open-source backdoor — something no one would expect from an alleged state-sponsored malware operator

Ukrainian power companies are getting hit with more cyberattacks (PCWorld) These attacks use different malware than those in December did, Eset says

Ukraine Mounts Investigation of Kiev Airport Cyberattack (Tech News World) Ukrainian officials earlier this week said they had launched a probe into the source of a cyberattack that targeted the Boryspil International Airport in Kiev

Turk Hack Team Conducting DDoS Attacks on Iran and Russian Websites (Hack Read) The famous group of Turkish hackers going with the handle of Turk Hack Team or THT has been busy conducting cyber attacks against Russia, Iran and anyone standing against the country's policies or the prime minister Recep Tayyip Erdoğan

Indian, US, UK finance department employees targeted with remote access Trojans (Symantec Security Response) Financially motivated attackers are sending social-engineering emails to SMBs in India, the UK, and US in order to deliver Backdoor.Breut and Trojan.Nancrat

Dridex Launches Dyre-Like Attacks in UK, Intensifies Focus on Business Accounts (IBM Security Intelligence) IBM X-Force researchers have been following new developments in the Dridex Trojan's attack methodologies. In their latest alert, researchers divulged a new modus operandi launched by Evil Corp, the cybercrime group that owns and operates the Dridex banking Trojan

Updated Blackmoon banking Trojan stays focused on South Korean banking customers (Proofpoint) First analyzed in early 2014, the Blackmoon banking Trojan targets a user's online banking credentials using a type of pharming that involves modifying or replacing the local Hosts file with one that redirects online banking domain lookups to an IP address controlled by the attacker. Blackmoon has been observed targeting primarily customers of South Korean online banking sites and services, and is usually distributed via drive-by download

Hot Potato Exploit Gives Attackers the Upper Hand in Multiple Windows Versions (Softpedia) By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows

MSN Home Page Drops More Malware Via Malvertising (Malwarebytes Unpacked) Malvertisers are once again abusing ad technology platform AdSpirit and exposing visitors of the MSN homepage to malware. These attacks appeared to have been primarily focused on Germans users via an ad for Lidl, one of the Germany's leading supermarkets

New Linux Trojan performs system reconnaissance (Help Net Security) A new Linux threat has been identified by Dr. Web researchers. Dubbed Linux.Ekocms.1, this Trojan's apparent function is to discover details about the system it has infected and what the user does on it

Linux.Ekoms.1 (Dr. Web) Malware for Linux designed to take screenshots every 30 seconds. It can upload the /tmp folder to the server and download various files upon cybercriminals' command

Asacub Transitions from Spyware to Banking Malware (Threatpost) Asacub, once thought of as spyware, appears to have completed its transition into mobile banking malware, according to research published this week

Angler exploit kit rings in 2016 with CryptoWall ransomware (Naked Security) What do cybercrooks do over New Year?

Music-themed Malvertising Lead to Angler (Zscaler) Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break

Major security flaw found in Intel driver software (ZDNet) The flaw could have allowed an attacker to install malware on affected machines through a man-in-the-middle attack

Intel Driver Update Utility MiTM (Core Security) The Intel Driver Update Utility [is a tool that analyzes the system drivers on your computer. The utility reports if any new drivers are available, and provides the download files for the driver updates so you can install them quickly and easily. Intel Driver Update Utility is prone to a Man in The Middle attack which could result in integrity corruption of the transferred data, information leak and consequently code execution

iOS cookie theft bug allowed hackers to impersonate users (Ars Technica) Apple fixes vulnerability 2.5 years after receiving private report

Threat Actors Use Sketchy Dating Website to Launch New Home Router Attacks (Damballa: Day Before Zero) A year ago, SANS ISC revealed a malware family, dubbed TheMoon, that scans for any vulnerable home router based on the HNAP protocol. At that time, many Linksys DLink home routers were identified as vulnerable; many were fixed via firmware updates

Cybercriminals are Sending Phony Emails to WhatsApp Users Watch Out! (Blorge) Comodo Antispam Labs (CASL), a cybersecurity firm, has identified malware that targets instant messaging app WhatsApp

XSS bug in Yahoo Mail could have let attackers take over email accounts (Naked Security) One minute, your Yahoo account is nice and calm. And it utterly lacks a signature

How prying eyes put PHI at risk (FierceHealthIT) Visible computer screens, smartphones could allow employees to snoop on data

Cyber intrusion attempts targeting VA continue to increase (FierceGovernmentIT) Intrusion attempts targeting the Veterans Affairs Department continued to trend upward in recent months, according to the VA's information security monthly activity report to Congress

DHS: Social engineering is a persistent threat for agencies (FierceGovernmentIT) Social engineering continues to play a major role in successful intrusions of information technology systems, especially as a more widely used and diverse Internet provides more avenues for entry, said a recent Homeland Security Department notice

Social Engineering is Bigger Than Hacking — But Countermeasures Work (WillisWire) All the major information security firms credit humans and social engineering, in the form of phishing and spear-phishing emails, as the root cause of most cyber-attacks. By using social engineering techniques, attackers can efficiently and cost effectively deliver malicious software, or "malware," to disrupt or damage computer systems

BlackBerry says its encryption has not been "cracked" by police (Naked Security) BlackBerry is refuting recent media claims that its encryption was "cracked" in police investigations where data was recovered from encrypted devices

Lotto ticket terminals brought down by cyber attack (Irish Times) No winner of draw for €12m jackpot ahead of which ticket machines and website were down

Psycho Voyeur Hacked Baby Monitor to Scare Toddler with Spooky Sounds (Hack Read) A cyber criminal was heard scaring baby by hacking into the nanny cam — "Wake up, little boy, Daddy's looking for you"

Uber accounts more valuable to thieves than credit card info, report finds (KSL) Forget about credit card numbers. When it comes to identity theft, Uber, Netflix and PayPal accounts are the hottest commodities these days

10 Most Notorious Hacking Groups (Hack Read) Hacking has grown massively in the past few years. What merely started out as internet pranks on personal computers has now grown into a nexus of activities like holding large corporations to ransom over their critical data or shutting down the entire government and non-government organizations' services for long periods. Hacking is no more a skilled coder's hobby, for it has become a full-fledged profession

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Updates (US-CERT) Cisco has released security updates to address vulnerabilities in Modular Encoding Platform D9036 software, Unified Computing System (UCS) Manager software, and Firepower 9000 Series devices. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected device

Intel patches MiTM flaw in its Driver Update Utility (Help Net Security) Intel has fixed a remotely exploitable vulnerability (CVE-2016-1493) in the Intel Driver Update Utility which could be used by a man-in-the-middle attacker to corrupt transferred data, which could lead to information leak and ultimately even code execution

Potential vulnerability in the Intel® Driver Update Utility (Intel Security Center) This update to the Intel® Driver Update Utility mitigates the use of a non-SSL URL. Intel has released a new version of the software that provides mitigation of this issue

Facebook users get support for safe browsing with Tor on Androids (Naked Security) Facebook has added what it's calling "experimental support" for Android users to privately browse the world's largest social network through the anonymity service Tor, the company said on Tuesday

Oracle fixes 248 vulnerabilities in January patch update (Help Net Security) Oracle has published their Critical Patch Update (CPU) for January 2016. The Oracle CPU is quarterly and addresses the flaws in large Oracle's product line, including their core product the relational database, but also in a large number of acquisitions like Solaris, MySQL, Java and many of the end-user products, such as JDEdwards ERP, Peoplesoft and CRM

Apple kills 28 flaws in OS X, iOS and QuickTime (Help Net Security) If you use Apple's OS X El Capitan, iOS and QuickTime on any of your computers and devices, you might want to implement the latest updates pushed out on Tuesday

Update your iPhone to stop free Wi-Fi networks stealing your logins! (Naked Security) If you're an Apple user, you should have been notified of the latest updates to iOS and OS X

Cyber Trends

Cisco security report: Angler threat remains, but Adobe Flash threat declining (Computer Business Review) List: 5 issues identified in the annual Cisco security report, and one that might just be going away

Intel's Chris Young on why the US needs a Cyber National Guard (Christian Science Monitor Passcode) Chris Young of Intel Security and Chris Wysopal of Veracode join The Cybersecurity Podcast to talk about hacker culture, threats from the Internet of Things, and the suspected cyberattack on the Ukrainian power grid

Opinion: Schools fail to recognize privacy consequences of social media (Christian Science Monitor Passcode) More schools are using social media services such as Facebook and Twitter to reach out to students, parents, and local communities. But educators may not understand the privacy consequences that those accounts have for students and parents

Report: Cybersecurity pros losing confidence (CSO) Security professionals were less confident in their security infrastructure in 2015 than in 2014, according to a report released today by Cisco

Cyber security remains a top priority in difficult times (Oilweek) With about 40 per cent of all cyber-attacks targeting energy infrastructure, there is increasing evidence oil and gas companies are taking the threat as seriously as they do health and safety. And in many cases, they are using similar tactics in their defense against cyber crime and sabotage

Marketplace

IBM Reports $2 Billion In Annual Security Revenues (Forbes) International Business Machines Corp. announced its 2015 earnings yesterday. The financial figures around IBM's next generation technologies suggest that Ginni Rometty's bet on cloud computing, mobility, analytics, and security is working

FireEye Makes a Big Acquisition (Fortune) It's a cyber threat intelligence firm

More on FireEye: Company buys threat intelligence firm iSIGHT for $200M-$275M (Seeking Alpha) FireEye (NASDAQ:FEYE) has acquired iSIGHT Partners, a provider of subscription-based threat intelligence services, for $200M in cash up-front + up to $75M in "cash and equity upon the achievement of a threat intelligence bookings target on or before the end of FireEye's second quarter of 2018"

FireEye, Inc. (FEYE-$14.87*) Acquires iSIGHT Partners; December Results Better than Feared; Small Step in the Right Direction (FBRFlash) On January 20, FireEye announced the acquisition of iSIGHT Partners, a privately held threat intelligence player that fits with DeWalt's strategic view of the company's growth initiatives for 2016/2017. The deal includes $200M of cash plus a potential $75M in cash/equity upon achievement of booking targets

Overlooked Facts In FireEye (Seeking Alpha) CFO seems to be very bullish. Contract length factors into billings miss, has no bearing on revenue. Stock has fallen 34% in just ten trading days. Two CIO surveys contradict each other. Also, the number of Fortune 500 CIOs responding in surveys is unknown. Article explains why revenue and growth rate are much more relevant than operating losses

ForeScout Foresees IPO After $76 Million Round Led By Wellington Management (TechCrunch) ForeScout, a security company that helps firms detect devices on their networks they might not know about, announced a $76 million investment round today on a billion dollar valuation, making it a member of the vaunted unicorn club

Security Startup Malwarebytes Raises Another $50M From Fidelity (TechCrunch) Malwarebytes, a security company that started when its cofounder was still a teenager fixing his parents' infected computer, has come a long way from its bootstrapped roots. Today the startup's software is used by millions of consumers and some 70,000 businesses to protect from and clean up computer viruses, worms, trojan horses and more. And now, to grow further, it is announcing that it has raised $50 million from Fidelity Management and Research Company

FAA Extends Cyber Support Contract With CSRA Subsidiary, Plans to Solicit New Proposals in February (ExecutiveBiz) The Federal Aviation Administration has extended its contract with SRA International, a subsidiary of technology services contractor CSRA, to continue to provide support services for the FAA's security operations center

Cybersecurity Startup Expanding in Ballston (Bisnow) Cybersecurity firm Distil Networks is expanding its Arlington HQ by nearly 11k SF to accommodate company growth

Rising Area Cybersecurity Giants Expand Offices Ahead of Hiring Surge (DCInno) Columbia, Md.-based Tenable Network Security, who raised an astonishing $250 million Series B investment late last year, announced on Tuesday that it would expanding its office space for it's quickly growing arsenal of cybersecurity analysts, strategists and developers

5 things that top CSO candidates need on a resume (CSO) If all the recent IT hiring surveys are to be believed, chief security officers can expect a pretty sweet year in 2016. Job demand is up. Salaries are way up. And neither trend is expected to slow anytime soon

TalkTalk suffers customer exodus in wake of cyber attack (Financial Times) TalkTalk suffered a sharp drop in customers following a high-profile cyber attack that was thought to have exposed the personal and financial details of its users, according to market researchers

Products, Services, and Solutions

Twitter's Silence Deafening on State-Sponsored Attacks (Threatpost) Twitter's decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter's silence in terms of specifics about the attacks — whether by choice or gagged by a National Security Letter — has foisted some anxiety upon those who were notified

Iris ID Provides Biometrics Tech for CBP Pilot (ExecutiveBiz) Iris ID has deployed the company?s iris biometric technology for a Customs and Border Protection pilot intended to help identify non-U.S. citizens who pass through the U.S.-Mexico border, Planet Biometrics reported Wednesday

RiskIQ Expands Capability of PassiveTotal Threat Analysis Platform (VAR Guy) RiskIQ is expanding the capabilities of its threat analysis platform with the ability to identify "who" and "what" information associated with potential attacks thanks to the addition of Intel 471's cyber threat intelligence service

Palo Alto Networks (PANW), Proofpoint (PFPT) Announces Partnership to Extend Threat Prevention Capabilities (StreetInsider) Palo Alto Networks® (NYSE: PANW) and Proofpoint™ (NASDAQ: PFPT) today announced a partnership whereby the companies will team up to provide customers with extended protection from and intelligence into the sophisticated attacks targeting users, data and content via email and social media

Damballa Announces Failsafe Integration with Check Point Software (BusinessWire) Combined solution helps customers discover active infections and proactively establish policy-driven enforcement in response to threats

AttackIQ Emerges From Stealth With Industry's First Continuous Testing Platform to End the Security Guessing Game (Sys-Con Media) AttackIQ™ today unveiled their highly anticipated SaaS platform FireDrill™ purpose-built to hold security controls accountable through live remote testing

Catbird Achieves U.S. Army Network Enterprise Technology Command’s Certificate of Networthiness Certification (BusinessWire) Catbird, a leader in software-defined segmentation and security for the hybrid IT infrastructure, today announced that the U.S. Army Network Enterprise Technology Command (NETCOM) has issued a Certificate of Networthiness (CoN) that allows Catbird Secure security software to be used on the Army's network

Trend Micro leads server security market thanks to 'modern' approach (ChannelLife) Trend Micro is the market leader in the server security market, and puts this down to its modern approach to security, according to analyst firm IDC

Check out this new cybersecurity podcast (Technical.ly Baltimore) The CyberWire, which is published by CyberPoint International, is getting into podcasting

Technologies, Techniques, and Standards

Data Integrity (NCCoE) Current Status: Seeking Public Comments. We have released a white paper describing this project, including example scenarios and relevant standards. We want to know if the white paper accurately reflects your challenges and concerns around data integrity. Please submit your comments online. The deadline for comments is January 22, 2016

TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victim's to Recover their Files (Bleeping Computer) For a little over a month, researchers and previous victims have been quietly helping TeslaCrypt victims get their files back using a flaw in the TeslaCrypt's encryption key storage algorithm

Identity-Based Encryption from the Weil Pairing (SIAM Journal of Computing) We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems

In a first, cyberspace weapon system fully capable, Air Force says (FierceGovernmentIT) The Air Force Intranet Control Weapon System achieved full operational capability earlier this month — becoming the first cyberspace weapon system to reach FOC status

Why You Should Start Using Two-Factor Authentication Now (Heimdal) Imagine waking up on a splendid spring day, opening your laptop and realising that you can't access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions

Why written policies are vital to your cyber strategy (CSO) Can you name anything (in our society) that is not driven (at least in part) by emotion

6 Ways to Prioritize Your Cybersecurity Approach (Legaltech News) Legaltech News got in touch with experts to help firms arrange their priorities in the cybersecurity fight

Lurking in the Shadows: 5 Ways to Keep your Firm from Engaging in Shadow IT Practices (Legaltech News) HBR Consulting?s Steve Falkin outlines best practices to keep your firm?s data safe

When The Boss Is Your Biggest Security Risk (Dark Reading) No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?

HFSB: Hedge funds test response to cyber attack simulations (Value Walk) The HFSB held it first table top cyber-attack simulation exercise in London

Investing On Your Own? Step One: Protect Your Info Online (Forbes) These days savvy investors don't have to rove too far to be able to put their money into the market — in fact, they don't even have to get up from the couch. While this allots for more freedom, there are still risks — some that go beyond a bad trading day. Now, more than ever before, consumers run the risk of being hacked into and having their information pinched by a peeper (think: hackers and malware)

Android security: Nearly third of owners don't use a lockscreen passcode (ZDNet) Not only is Android patching a source of security concerns, Android owners are less inclined than iPhone owners to enable the lockscreen passcode

It's 2016 and idiots still use '123456' as their password (Register) Just think how many of this lot are your own users

Design and Innovation

IBM will bring Watson to security later this year (CSO) Cognitive computing may be the next big thing in cybersecurity

Zcash, an Untraceable Bitcoin Alternative, Launches in Alpha (Wired) Bitcoin may have become the currency of choice for the anonymity-loving Internet underground. But it's never been anonymous enough for Zooko Wilcox

Academia

UW Could Become Cyber Security Hub (University of Wyoming) To battle one of the most dangerous issues facing the nation today, Wyoming Gov. Matt Mead has requested state funding to develop a program at the University of Wyoming to become a center of excellence in cyber defense

Expert underlines social media safety to students (Rocky Mountain Outlook) Of all of Paul Davis' fake online accounts, the eight-year-old girl seems to slip through the cracks the most when he follows or sends a friend request to children

Raytheon funding STEM learning initiatives for Colorado Springs schools (Colorado Springs Gazette) Raytheon Company, a defense and cybersecurity contractor, is funding several new initiatives to advance science, technology, engineering and math learning in Colorado Springs

Legislation, Policy, and Regulation

Park Orders Preparations to Fight Non-Conventional Threats from North (KBS World Radio) President Park Geun-hye has called for swift and effective responses to possible cyber, drone and biological weapons attacks

Israeli official: Iran deal will unleash cyberattacks (The Hill) A senior Israeli military figure is predicting that cyberattacks will spike in 2016 because nation-state actors will have no incentive to "behave" in the wake of the nuclear agreement with Iran

US-Australia deepen cyber coordination (FierceGovernmentIT) The United States and Australia deepened their partnership in the area of cybersecurity during a meeting Jan. 19

British GCHQ's voice call encryption has a backdoor (Fudzilla) Nothing like giving Putin a helping hand

Senate Intel leaders worry encryption commission too slow (The Hill) Senate Intelligence Committee leaders want to move swiftly on encryption legislation and bypass a proposed national commission to study the topic first

Cisco Security Report: Dwell time and encryption security struggles (TechTarget) The Cisco Security Report for 2016 covered a lot of ground and adds to the encryption debate by noting that increased encryption creates more challenges for cybersecurity

The White House Asked Social Media Companies to Look for Terrorists. Here's Why They'd #Fail. (Intercept) The White House asked internet companies during a counterterrorism summit earlier this month to consider using their technology to help "detect and measure radicalization"

#TakeCTRL: Nationwide Privacy Push (ACLU) As technology advances at breakneck speed, it?s leaving our privacy laws in the dust

U.S. discloses zero-day exploitation practices (FCW) The federal government has confirmed that it uses undisclosed software bugs not only in espionage and intelligence gathering, but also in the course of law enforcement activities

Yet another bill seeks to weaken encryption-by-default on smartphones (Ars Technica) Asm. Jim Cooper: "Human trafficking trumps privacy, no ifs, ands, or buts about it"

Information minister 'may not understand' digitisation security (Antigua Observer) The minister responsible for Information Technology has responded to security concerns for the government's effort to digitise public records, but is doubted by the same IT specialist who raised the concerns

Under Secretary of Defense for Intelligence: Who Is Marcel Lettre? (AllGov) President Barack Obama on Aug. 5, 2015, nominated Marcel Lettre to be the under secretary of defense for intelligence, a job he is currently filling on an acting basis

Litigation, Investigation, and Law Enforcement

Guy Who Tried to Frame Me In Heroin Plot Pleads Guilty to Cybercrime Charges (KrebsOnSecurity) A Ukrainian man who tried to frame me for heroin possession has pleaded guilty to multiple cybercrime charges in U.S. federal court, including credit card theft and hacking into more than 13,000 computers

FBI stymied in hunt for San Bernardino terrorists' hard drive (Fox News) FBI investigators have been unable to find a missing hard drive or crack the encrypted codes of the jihadist couple behind last month's terror attacks in San Bernardino, Calif., sources told Fox News

The Lowdown on Freezing Your Kid's Credit (KrebsOnSecurity) A story in a national news source earlier this month about freezing your child's credit file to preempt ID thieves prompted many readers to erroneously conclude that all states allow this as of 2016

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2016 Cyber Security Division R&D Showcase and Technical Workshop (Washington, DC, USA, February 17 - 19, 2016) The cybersecurity threat continues to evolve and in order to keep ahead of the threat; new cutting-edge cybersecurity technologies are needed. The Cyber Security Division (CSD) within the Department of...

Upcoming Events

POPL 2016 (St. Petersburg, Florida, USA, January 20 - 22, 2016) The annual Symposium on Principles of Programming Languages is a forum for the discussion of all aspects of programming languages and programming systems. Both theoretical and experimental papers are welcome,...

Automotive Cyber Security Summit — Shanghai (Shanghai, China, January 21 - 22, 2016) The conference, which brings together automakers, suppliers, various connected-services providers and security specialists, will focus on government regulations, emerging automotive cyber security standards...

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security...

CyberTech 2016 (Tel Aviv, Israel, January 26 - 27, 2016) Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States. Cybertech provided attendees with a unique and special opportunity to get acquainted with...

Global Cybersecurity Innovation Summit (London, England, UK, January 26 - 27, 2016) SINET presents the Global Cybersecurity Innovation Summit, which focuses on providing thought leadership and building international public-private partnerships that will improve the protection of our respective...

Fort Meade IT & Cyber Day (Fort Meade, Maryland, USA, January 27, 2016) The Ft. Meade IT and Cyber Day is a one-day event held at the Officers' Club (Club Meade) on base. The event is held on-site, where industry vendors will have the opportunity to display their products...

ESA 2016 Leadership Summit (Chandler, Arizona, USA, January 31 - February 3, 2016) The electronic security industry is rapidly changing and continuously evolving. It's not enough to just survive. Businesses looking to thrive need to adapt to ensure their people, products, services and...

SANS Cyber Threat Intelligence Summit & Training 2016 (Alexandria, Virginia, USA, February 3 - 10, 2016) This Summit will focus on specific analysis techniques and capabilities that can be used to properly create and maintain Cyber Threat Intelligence in your organization. Attend this summit to learn and...

BSides Tampa 2016 (MV Royal Caribbean Brilliance of the Seas, Tampa to Mexico, February 4 - 8, 2016) BSides Tampa is an annual IT security/hacking conference featuring hands on training classes and lectures from some of the greatest minds in the industry and academia

The Law and Policy of Cybersecurity Symposium (Rockville, Maryland, USA, February 5, 2016) This one-day symposium will cover the critical legal and policy issues, challenges, and developments in cybersecurity. Legal professionals, professionals who develop cybersecurity strategies and policies,...

National Cybersecurity Center of Excellence to Celebrate Opening of Newly Remodeled Facility (Rockville, Maryland, USA, February 8, 2016) The National Cybersecurity Center of Excellence is celebrating its dedication on February 8, 2016 at the center's newly remodeled facility at 9700 Great Seneca Highway

Insider Threat Program Development Training — California (Carlsbad, California, USA, February 8 - 10, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

Secure Rail (Orlando, Florida, USA, February 9 - 10, 2016) The first conference to address physical and cyber rail security in North America

Cyber Security Breakdown: Dallas (Dallas, Texas, USA, February 10, 2016) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach...

Department of the Navy (DON) IT Conference, West Coast 2016 (San Deigo, California, USA, February 17 - 19, 2016) The purpose of the DON IT conference is to: (1) Explain the new and invigorated DUSN (M), DON/AA, and DON CIO organization and its business and IT transformation priorities. (2) Share information that...

ICISSP 2016 (Rome, Italy, February 19 - 21, 2016) The International Conference on Information Systems Security and Privacy aims at creating a meeting point for researchers and practitioners that address security and privacy challenges that concern information...

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

CISO Canada Summit (Montréal, Québec, Canada, February 21 - 23, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit will bring together C-level IT security executives, industry analysts and solution providers to discuss challenges...

cybergamut Tech Tuesday: Neuro Cyber Analytics: Understanding the Patterns of Human Cognition in the Cyber Domain (Elkridge, Maryland, Middletown, February 23, 2016) This presentation will discuss Neuro Cyber Analytics. Humans use context-specific neurocognitive patterns for receiving and processing internal and external sensory information. Stated differently, people...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.