skip navigation

More signal. Less noise.

Daily briefing.

Any of you work in the gig economy? Kaspersky says cyber criminals are phishing freelancers with bogus promises of work that take the victims to the legitimate AirDroid app, then sends them credentials for a test account. Taking the login bait infects the freelancer’s device.

Cymmetria reports finding a new threat group, “Patchwork,” active in South and Southwest Asia, that draws its attack code from sources its cut-and-pasted from the internet. Many observers demur that a cut-and-paste operation could count as an “advanced persistent threat” (skeptical emphasis on “advanced”) but Cymmetria finds Patchwork’s ability to penetrate relatively hard targets impressive.

Senrio researchers release details of a flaw in D-Link routers. Some 400,000 devices are vulnerable.

Yingmob, to whom the HummingBad adware campaign has been attributed, is joined in the click fraud rogues’ gallery by another marketing outfit: Cybereason says that a TargetingEdge employee wrote “Pirrit” adware.

In industry news, Avast buys AVG for $1.3 billion. Container security shop Twistlock raises $10 million.

Some observers see a lull in Iranian-US cyber operations against one another. Agreement reached between the two countries over Iran’s nuclear program is thought to have produced the irenic effect some believe they’re seeing.

ISIS bombings are seen by many as, fundamentally, a brutal form of information operations. There’s much revulsion among the victims, but recruits continue to find meaning in bloody jihad’s online echo chamber.

In the US, FBI Director Comey is explaining to the House Oversight Committee why the Bureau declined to recommend indicting Hillary Clinton.

Notes.

Today's issue includes events affecting Albania, Bangladesh, Belgium, Bulgaria, Canada, China, Croatia, Czech Republic, Denmark, Estonia, European Union, France, Germany, Greece, Hungary, Iceland, India, Iran, Iraq, Israel, Italy, Latvia, Lithuania, Luxembourg, NATO, Netherlands, Norway, Nigeria, Poland, Portugal, Romania, Russia, Saudi Arabia, Slovakia, Slovenia, Spain, Syria, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at the University of Maryland, as Jonathan Katz tells us about a Bitcoin-themed conference he recently attended, and outlines where and why blockchain technology is gaining interest beyond cryptocurrency. Our guest is Chris Key from Verodin, who'll offer insight on how to prepare recent graduates for jobs in cyber security. (Of course, we always invite reviews of our podcast. Share your thoughts at iTunes if you're so inclined.)

E8 Security at Cisco Live 2016 (Las Vegas, NV, USA, July 11 - 13, 2016) E8 Security - DETECT. HUNT. RESPOND. Cisco Live 2016

SINET Innovation Summit 2016 (New York, NY, USA, July 14, 2016) SINET Innovation Summit 2016 - Connecting Wall Street, Silicon Valley and the Beltway

Cyber Attacks, Threats, and Vulnerabilities

How nuclear deal has cooled Iran-US cyberwar (Al Monitor) Sitting in a brightly lit apartment in Brooklyn, an American hacker who asked Al-Monitor to call him Alex scribbled down a dizzying array of cyberstrikes between the United States/Israel and Iran since 2010. The page was fast being covered in Alex’s rushed handwriting, and his eyes glimmered with excitement

There’s a Machiavellian Method to the ISIS Madness (Daily Beast) Like communists of yore, the soldiers of the caliphate are seeking to ‘exacerbate the contradictions’ of those ranged against them

The Saudi Bombings And The Legacy Of Bin Laden (Radio Free Europe | Radio Liberty) Osama bin Laden may be dead but if the July 4 bombings in Saudi Arabia demonstrate anything to a global audience forcibly becoming, if not numbed, then wearily resigned to the horrors of jihadist violence, it’s that his playbook is still in full effect -- albeit with some major alterations

APT Group ‘Patchwork’ Cuts-and-Pastes a Potent Attack (Theatpost) An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web

Patchwork – Targeted Attack (APT) (Cymmetria) Patchwork is a targeted attack that has infected an estimated 2,500 targets since it was first observed in December 2015

Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? (SANS Internet Storm Center) The term "APT" often describes the methodology more than it does describe the actual exploit used to breach the target. Target selection and significant recognizance work to find the right "bait" to penetrate the target are often more important than the final vulnerability that is exploited. Traditional defenses like anti-malware systems and blacklists are not tuned to look for the vulnerability being exploited but are more looking for specific known exploits which can easily be obfuscated using commodity tools

D-Link vulnerability impacts 400,000 devices (CSO) Remote code execution flaw affects more than 120 models across several product lines

Meet Eleanor, the Mac malware that uses Tor to obtain full access to systems (Graham Cluley) "The possibilities are endless" with this malware, claim researchers

Author of potentially malicious OS X Pirrit adware discovered (Help Net Security) An unnamed web developer working for Israeli marketing and advertising company TargetingEdge is the creator of the Pirrit adware targeting Mac machines, Cybereason security researcher Amit Serper has discovered

Millions of Android Devices Were Infected by a Chinese Advertising Firm (Fortune) The gang juiced clicks to make about $300,000 per month in fraudulent revenue

New Locky variant – Zepto Ransomware Appears On The Scene (Security Affairs) New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware.

Six Banking Trojans Circulating Past Few Months (SPAMfighter) Six banker Trojans, each one a different sample, have been attacking Internauts in recent months. These Trojans are Kronos, Zeus, Dridex, Ursnif, Gootkit and Vawtrak. Apparently, fraudulent e-mails carrying malevolent web-links along with tainted Word files having malevolent macros as well as OLE objects is the key technique to spread the infections

Here's how secret voice commands could hijack your smartphone (CSO) A muffled voice buried in a YouTube video can take over your phone, researchers say

Several vulnerabilities discovered in OpenFire version 3.10.2 to 4.0.1 (Sysdream (le lab)) OpenFire is an opensource project under GNU GPL licence. It provides a Jabber/XMPP server fully develloped in Java. It's develloped by the Ignite realtime community. The actual version of the product is 4.0.2

How Your Smartwatch or Fitness Tracker Could Reveal Your ATM PIN (Tripwire: The State of Security) Quick question – are you right or left handed?

Facebook ‘fake friend’ phishing attack uncovered - here's how to spot it (Telegraph) A 'global' Facebook phishing scam has been uncovered, with the cyber attack spreading rapidly and initially claiming a new victim every 20 seconds, according to internet security experts

Out of the Office? Not Quite — Old Microsoft Vulnerabilities Still Wreaking Havoc (IBM Security Intelligence) Microsoft Office is huge. As noted by Windows Central, there are more than 1.2 billion users worldwide leveraging some version of Office. While big numbers are good for Microsoft and generally positive for consumers, there’s another group enjoying the benefit: attackers

UEFA Euro Fans At High Risk Of Online Threats, Study Shows (Dark Reading) A study by Allot and Kaspersky Lab during 2016 UEFA Euro matches shows significant spike in cybercriminal activities

Cybercriminals Are Fleecing Freelancers By Posing As Potential Clients (Lifehacker) We hear about sophisticated attacks using ransomware and other viruses, but cybercriminals often use relatively low-tech social engineering methods to do their dirty work as well. Kasperky Lab discussed a rise in attackers targeting freelance workers by posing as a potential client and then tricking them into surrendering control of their mobile devices through legitimate remote access apps. Here’s what you need to know

Why rogue employees may pose bigger threat to corporate data than hackers (Christian Science Monitor Passcode) As stolen company information is turning up for sale on the Dark Web, analysts say the insider threat is creating a security nightmare for companies with sensitive and proprietary data

Security Patches, Mitigations, and Software Updates

Google fixes over 100 flaws in Android, many in chipset drivers (CSO) Manufacturers can choose between two patch levels, one dedicated to device-specific fixes

Huge double boxset of Android patches lands after Qualcomm disk encryption blown open (Register) What a coincidence

US-CERT Issues Alert Over Severe Security Bugs In Symantec, Norton Products (Dark Reading) Newly discovered--and now patched--flaws in popular security software raises alarm

Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do (Register) Security patch for ridiculously bad bugs still weeks away

Microsoft: Here's how to fix the Group Policy mess caused by our security update (ZDNet) Microsoft has posted more details and guidance regarding its June security patch which broke Group Policy for a number of users

New security features make Windows 10 Anniversary Update a must (Tech Republic) Microsoft wants enterprises to upgrade to Windows 10--and the Anniversary Update drives that home with security features that can no longer be ignored

Cyber Trends

Merchants slow to migrate to EMV, see rising fraud costs (CSO) The deadline for switching to chip-based card readers was last October, but most merchants still have not upgraded and are now liable for point-of-sale payment card fraud

Finance, Healthcare,Tech Sectors Highest Users Of Encryption, Survey Says (Dark Reading) Ponemon/Thales survey shows highly regulated industries are catching on

Government IT pros overconfident in insider threat detection (Help Net Security) An extensive study conducted by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 103 participants from federal government organizations

3 of the Biggest Concerns About External Cyber Threats (Art of the Hack) The threat landscape presents an ever-changing and more complex set of challenges to IT security teams. A new report from SANS Institute found that malware continues to be the leading cause of reported breaches, but more than one-third of known attacks are advanced persistent threats (APTs) or multistage attacks, indicating increasingly sophisticated approaches to cybercrime

Marketplace

Avast to Buy AVG for $1.3 Billion to Add Security Software (Bloomberg Technology) Avast Software agreed to buy AVG Technologies NV for $1.3 billion in cash to add software to protect mobile phones from malware as it aims to tap into the growing number of physical devices connected to the internet

Antivirus merger: Avast offers $1.3 billion for AVG (CSO) The merger will give Avast control of 400 million network "endpoints" running the companies' software

Twistlock scoops up $10M to secure all the containers (Network World) One of the biggest barriers to enterprise adoption of containers has been the assessment that they're not secure. Twistlock scored some fuel to solve that problem

Gatecoin Raised $500,000 to Recover from Ethereum Cyber Hack (Finance Magnates) Hong Kong regulated Bitcoin and Ethereum exchange, Gatecoin, is expected to re-launch in early August

Darktrace bolsters machine learning-based security tools to automatically attack threats (Tech Republic) A UK cybersecurity startup called Darktrace recently raised $65 million in growth equity financing to continue its global growth and further deployments

After Falling 70%, Is FireEye Inc A Buy? (Pantagraph) Shares of FireEye (NASDAQ: FEYE) have plunged nearly 70% over the past 12 months due to the cybersecurity firm's slowing sales growth, rising competition, cash burn rate, and executive shakeup. FireEye recently bounced on news that it rejected several buyout offers, but that momentum has since faded

Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out (Forbes) Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it"

Silent Circle’s Blackphone revealed as a sales flop (TechCrunch) Encrypted comms company Silent Circle is being sued by its former joint venture hardware partner, Geeksphone, for not paying part of a previous agreed sale price for buying out the latter’s share in the joint venture — and lurking at the heart of the dispute are flopped sales of the Blackphone smartphone the pair developed

NSA Looks to IT Industry to Harden Vulnerable U.S. Nets (Enterprise Tech) U.S. intelligence agencies, including the National Security Agency, are increasingly turning to commercial solutions in their efforts to head off the alarming number of cyber attacks that culminated in last year's massive breach at the U.S. Office of Personnel Management

Engility to support Army intel (C4ISRNET) Engility has been awarded a $24 million Army intelligence contract. The company will support the Army's Tactical Exploitation of National Capabilities program

Army On Right Track With Next-Generation Intelligence System (Defense News) The U.S. Army's primary system for generating and disseminating intelligence, surveillance and reconnaissance information to military personnel about the threat, weather, and terrain, needs to be upgraded. Known as the Distributed Common Ground System – Army, or DCGS-A, it was used in the Iraq and Afghanistan conflicts to help soldiers track the improvised explosive device networks operated by insurgents as well as well as enemy activity. Since the outbreak of those two conflicts, DCGS-A has been expanded to provide critical information to both commanders and war-fighters on the battlefield

Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice (BusinessWire) Preeminent computer crime and security professional contributed to successful international prosecutions of high-profile hackers and criminals

FireEye appoints new northern Europe vice president (CRN) Appointment comes after security vendor changed its CEO last month

Webroot MD Robbie Upcroft departs (CRN) Webroot's Asia-Pacific managing director Robbie Upcroft has left the vendor after nearly 18 months

Products, Services, and Solutions

Minerva Labs Offers Breakthrough Approach To Tackling Ransomware (Yahoo! Finance) Minerva's new product ensures full protection from ransomware attacks & remediation for encrypted data

TMD Security schützt NCR SelfServ-Geldautomaten gegen „Long Bezel“-Skimming (Sys-Con Media) TMD Security, der weltweit führende Anbieter von Antiskimming-Lösungen für Geldautomaten (ATM) und SB-Terminals (SST), gab heute die Einführung seiner neuen Antiskimming-Lösung für NCR SelfServ-Geldautomaten bekannt. Der Kartenschutzkit (CPK) 6001s version 2016 schützt gegen „Long Bezel“ (LB)-Skimming-Geräte, eine neue Skimming-Technik, die auf NCR SelfServ-Geldautomaten mit Motorleser spezialisiert ist

Stormshield and Gemalto join forces to increase the protection of data exchanges for mobile devices (Yahoo! Finance) Stormshield Data Security for Mobility integrates Gemalto`s SafeNet MobilePKI to provide optimum end-to-end data security without deploying any additional infrastructure

Don’t have a canary: Why Silent Circle dropped its warrant warning page (Ars Technica) When you don’t keep customer data to begin with, the warrant canary is redundant

Technologies, Techniques, and Standards

Private Industry Concerned Over Clarity Of 2015 Cybersecurity Act (Homeland Security Today) Large scale data breaches—such as the Office of Personnel Management data hack in 2014 that exposed the sensitive personal information of over 22.1 million Americans—have demonstrated an increasing need for advances in cybersecurity. The adoption of the Cybersecurity Act of 2015 has pushed private sector businesses to follow guidelines for improved cybersecurity while participating in information sharing with government agencies

Government Should Publicly ID Cyberattackers, Ex-US Intel Chief Says (Dark Reading) Michael Rogers believes acknowledgement will help insurance companies defend against lawsuits

Do we need a Cyber Moonshot? (LinkedIn) Last week Vice President Biden, oncologists, researchers, and drug manufacturers convened in Washington to brainstorm on President Obama’s “Moonshot” initiative to cure cancer. A striking parallel emerged from the discussion of the top priorities to cure cancer and those of cyber security. Stated briefly, the top priority for cancer is creating a common framework for information sharing and interpreting results

The upside of overhyped security threats (InfoWorld) Check your Office 365 security settings before you cave in to (or blow off) security vendor FUD

Three quick tips for preventing ransomware (SC Magazine) The most effective strategy for stopping ransomware attacks relies on preventing them from entering your organization. As the number of applications and services used by businesses continue to increase, the result can be an increase in attack surface. Organizations must consider how to secure these new services across the network, SaaS-based applications and endpoints from the start. Threat actors continue to become more skilled, with new attacks deployed faster than legacy security approaches can put new protections into place, or patches can be implemented. Consequently, organizations need to start thinking holistically about their security platform

5 Cybersecurity Tips That Can Save Your Small Business (Small Business Computing) Just like Fortune 100 companies and other large enterprises, small businesses face a constant threat of cyber-attacks and data breaches from hackers all around the world. According to a 2014-2018 forecast report by the IDC research group, 71 percent of all security breaches target small business

4 ways government agencies can improve their cybersecurity fundamentals (Bloomberg Government) Just over a year ago the Office of Personnel Management revealed it had suffered two breaches that compromised the personnel records and security clearance information for approximately 22 million people, a group that not only included federal employees and contractors but their family and friends as well. Since then, sensitivity to cybersecurity incidents has been substantially higher across the federal landscape, with agencies looking to avoid enduring the loud and public criticism OPM still faces today

A Holistic Approach to Cybersecurity Wellness: 3 Strategies (CSO) Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data

Design and Innovation

Pairing cryptography in Rust (Z Cash) Pairing cryptography is an exciting area of research, and an essential component of Zcash's zkSNARKs — proofs that transactions are valid without requiring users to reveal private information. Earlier this year we also used zkSNARKs to make Bitcoin's first zero-knowledge contingent payment!

Consultancy Firm Advises Gulf Countries to Start Exploring Blockchain Tech (Coin Journal) Booz Allen Hamilton’s Middle East North Africa (MENA) regional office has released a new report advocating Gulf countries to start exploring blockchain technology for smart city development and digital finance, and urges them to consider incubating a startup ecosystem to drive economic growth

You're about to get the most skilled cyber-crime assistant you could wish for (SC Magazine) Mike Foreman says we're about to get some much-needed help ... smarter technology to save us from ourselves

Research and Development

Characterizing and Avoiding Routing Detours Through Surveillance States (arXiv) An increasing number of countries are passing laws that facilitate the mass surveillance of Internet traffic. In response, governments and citizens are increasingly paying attention to the countries that their Internet traffic traverses. In some cases, countries are taking extreme steps, such as building new Internet Exchange Points (IXPs), which allow networks to interconnect directly, and encouraging local interconnection to keep local traffic local

Have an idea to prevent ‘violent extremism’? You could be eligible for up to $2 million to make it happen. (Washington Post) Any school district, university, county government or nonprofit with an idea for how to counter “violent extremism” in America could be eligible for up to $2 million in federal grant money to make that idea a reality, the Department of Homeland Security said Wednesday

Academia

U.S. Cyber Challenge and Delaware Universities to Host Annual Cybersecurity Boot Camp & Competition (US Cyber Challenge) Next week, U.S. Cyber Challenge (USCC) will host the 7th annual State of Delaware Summer Cyber Camp program in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College (Delaware Tech) and the Delaware Department of Technology and Information (DTI) from July 11-15, 2016

Legislation, Policy, and Regulation

Integrated, Agile Intelligence Key To Combatting Dynamic Threats (Cipher Brief) The NATO Alliance faces an increasingly complex, diffuse threat environment. Consequently, we are always striving toward more integrated intelligence to stay a step ahead. NATO is positioned to take an important, integrative step in establishing the new Assistant Secretary General for Intelligence and Security. We fully endorse this, having firsthand experience in undertaking similar modernization efforts within the U.S. Intelligence Community

New rules aim to help EU member states tackle cyber attacks (Help Net Security) Firms supplying essential services, e.g. for energy, transport, banking and health, or digital ones, such as search engines and cloud services, will have to improve their ability to withstand cyber-attacks under the first EU-wide rules on cybersecurity, approved by MEPs on Wednesday

UK/US Cybersecurity Cooperation Will Thrive With or Without Brexit (IT Security Planet) The potential cybersecurity implications of Brexit has stirred much discussion and many visceral reactions. Analysts Frost and Sullivan surmised that “fundamentally, the UK could lose its footing as a technology powerhouse; said earlier this week that the UK’s role as a digital hub, acting as a gateway to US firms, could be under threat. Other reputable analysts have echoed the same theme

UK Govt Websites Switch to HTTPS Encryption (LIFARS) Come October, all Government Digital Services (GDS) websites will switch to mandatory HTTPS encryption. Some would say it’s about time too

Do not outsource Nigeria’s national security to foreigners – NCS tells FG (Today) The President of the Nigerian Computer Society, NCS, Prof. Sola Adorounmu, has warned the Federal Government not to outsource Nigeria’s national security to foreigners

Dems oppose data localization in draft platform (Cybersecurity Dojo) The Democratic National Committee carves out a stance against data localization requirements in the party’s draft platform, released Friday

DoD’s NSCSAR cyber program revs up (Federal News Radio) The Department of Defense (DoD) is undertaking a continuing review of the operational systems that ensure cybersecurity is spearheaded by the offices charged with maintaining information superiority

Air Force cyber and intel wings get new commanders (C4ISRNET) Several Air Force cyber and intelligence wings recently underwent key leadership changes. The 24th Air Force, or AFCYBER, late last month held a change of command ceremony at Joint Base San Antonio in Lackland, Texas, with Maj. Gen. Christopher Weggeman replacing outgoing commander Maj. Gen. Burke “Ed” Wilson

Litigation, Investigation, and Law Enforcement

House Oversight Committee grills Comey over Clinton e-mail findings (Ars Technica) Expect lots of exasperation over the decision not to prosecute

Clinton email decision seen as lifeline for those facing similar charges (Charlotte Observer) The FBI recommendation not to prosecute Hillary Clinton and her staff on charges of mishandling classified information will give those accused of flouting national security rules a new line of defense even as it highlights a dual standard in how senior government officials are treated, several experts said Wednesday

Email Case May Complicate Clinton Aides’ Pursuit of Security Clearance (New York Times) Questions raised by the F.B.I. about the State Department’s handling of Hillary Clinton’s emails have cast a cloud of doubt over the political futures of a number of her top advisers, including some expected to hold high-level jobs in her administration if she is elected president

Ryan calls for denying classified briefings to Clinton, Comey to testify before House committee (Washington Post) House Speaker Paul D. Ryan on Wednesday said he believes Hillary Clinton received preferential treatment from the FBI in its investigation of her email practices at the State Department and offered a series of next steps Republicans will take to push the case themselves

FBI Director James Comey’s must-watch testimony from 2007 (Washington Post) FBI Director James B. Comey announced Tuesday that he would not recommend any criminal charges against Hillary Clinton for her use of a private email server as secretary of state. That decision earned Comey a date with the House Oversight Committee, which just announced that Comey will testify before it on Thursday. (Attorney General Loretta E. Lynch will also appear before the House Judiciary Committee next week

The Weird Hedge Fund That Prepared James Comey for His Capitol Hill Hot Seat (Politico) House Republicans might want to think twice before taking on the FBI director over Hillary’s emails

Ex-special ops group blasts Clinton email decision (The Hill) A group of former special operations forces and CIA officials critical of the Obama administration blasted the FBI's announcement earlier this week that it would not recommend charges against Hillary Clinton over her private email server

U.S. defends warrantless spying in Christmas tree bomber case (Reuters) U.S. government lawyers on Wednesday defended the legality of a warrantless surveillance program challenged as unconstitutional in an Oregon court by a Somali-born American citizen convicted of attempting to detonate a bomb at a Christmas tree-lighting ceremony

Infidelity website Ashley Madison facing FTC probe, CEO apologizes (Reuters) The parent company of infidelity dating site Ashley Madison, hit by a devastating hack last year, is now the target of a U.S. Federal Trade Commission investigation, the new executives seeking to revive its credibility told Reuters

Indian-origin engineer guilty of revenge cyber attack (Tribune) An Indian origin network engineer has pleaded guilty to a revenge cyber attack on a network security company and its clients after he was fired, according to officials

StubHub fraud ringleader sentenced to state prison (Help Net Security) Vadim Polyakov was sentenced to 4-to-12 years in state prison for coordinating an international cybercrime and money laundering scheme that involved the theft of personal information from users of an e-ticket service operated by StubHub, and the resale of thousands illegally acquired e-tickets

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception,...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SINET Innovation Summit 2016 (New York, New York, USA, July 14, 2016) “Connecting Wall Street, Silicon Valley and the Beltway.“ SINET Innovation Summit connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, July 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East...

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.