skip navigation

More signal. Less noise.

Daily briefing.

Increasing pressure on the ground drives ISIS not only toward more dispersed attacks abroad, but also toward renewed aspirations for an aggressive online presence and cyber-attack capability. Police intelligence alerts over social media sadly failed to arrive in time to warn victims of the Bastille Day attack in Nice.

Three upgrades to familiar crimeware appear. Symantec observes that newer versions of the Android.Fakebank.B malware family (a family known to researchers since 2013) have picked up a call-blocking capability. The Trojan blocks calls to the customer service numbers of selected banks. Avira warns that Locky ransomware is now able to encrypt victims’ files without needing to connect to a command-and-control server. And FireEye notes that an IE exploit has been added to the Neutrino kit. It appears to have been reverse-engineered from a proof-of-concept researchers at Theori prepared in June.

Pokémon Go shows no signs of slowing popularity. Its security risks remain intensely debated. Whether privacy issues deriving from the extensive privileges the game initially assumed have been fully addressed or not, players are strongly cautioned to be alert for bogus apps and pirated versions. (And to look both ways in physical space before crossing streets.)

In industry news, SAP has fixed thirty-six vulnerabilities (two “high priority”) in its software. Cisco addresses security issues in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server, and Cisco Meeting Server. CyberGRX emerges from stealth with $9 million in Series A funding (led by Allegis Capital), and Delta Risk Cybersecurity Services acquires Allied InfoSecurity.

Notes.

Today's issue includes events affecting Australia, Azerbaijan, China, European Union, France, Germany, Iraq, Ireland, Kazakhstan, Kyrgyzstan, Russia, Saudi Arabia, South Africa, Syria, Taiwan, Tajikistan, Tunisia, Turkey, Turkmenistan, United Kingdom, United States, and Uzbekistan.

A note to our readers: we're back from New York, where we covered SINET's 2016 Innovation Summit. Next week we'll be in Detroit, for the first annual Billington Global Automotive Cybersecurity Summit, convening Friday the 22nd.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partners at the University of Maryland's Center for Health and Homeland Security are represented by Ben Yelin, who'll take us through a recent ruling on privacy, home computing, and the 4th Amendment. We'll also have as our guest Eli Sugarman of the William and Flora Hewlett Foundation. He'll describe the Foundation's Cyber Initiative. (And as always, if you listen to and like our podcast, consider giving it an iTunes review.)

E8 Security at Cisco Live 2016 (Las Vegas, NV, USA, July 11 - 13, 2016) E8 Security - DETECT. HUNT. RESPOND. Cisco Live 2016

SINET Innovation Summit 2016 (New York, NY, USA, July 14, 2016) — Register with promo code SINECYB for $100 of the price of admission.

Dateline SINET Innovation Summit 2016

Automated Indicator Sharing (AIS) (US-CERT) The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed. Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email (although they can also be much more complicated)

DHS/NPPD/PIA-029 Automated Indicator Sharing (US Department of Homeland Security) The Department of Homeland Security (DHS) National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities

Cyber Attacks, Threats, and Vulnerabilities

Is the Islamic State planning a cyber-caliphate? (Al Monitor) Judging from the Islamic State's (IS) losses of territory and revenue in Iraq and Syria, IS is coming under more pressure by the day. If the losses continue at this pace, many observers think 2016 could well be the final year of IS in these two countries

FBI director warns of terrorist exodus as ISIS 'caliphate' squeezed (Fox News) FBI Director James Comey predicted an exodus of Islamic State fighters spreading worldwide as they prepare for the potential fall of the so-called caliphate in Iraq and Syria, warning lawmakers Thursday that ISIS will become increasingly “desperate” to launch attacks elsewhere

Death of Islamic State's Shishani may damage foreign recruitment (Reuters) The death of Islamic State's "minister of war" may disrupt its operations, a senior U.S. military officer said on Thursday, and an Iraqi security expert said it could damage the group's important recruitment efforts in ex-Soviet republics

This Android Trojan blocks the victim from alerting banks (CSO) Symantec has noticed a “call-barring” function in a newer version of Android malware

Locky Ransomware Gets Offline Encryption Capabilities (SecurityWeek) Locky, one of the most used ransomware families during the first half of the year, is now able to encrypt files without connecting to a command and control (C&C) server, Avira researchers warn

IE Exploit Added to Neutrino After Experts Publish POC (SecurityXSpace) The developers of the Neutrino exploit kit have added a recently patched Internet Explorer vulnerability to their arsenal after researchers published a proof-of-concept (PoC) exploit

Fake apps on Google Play tricked users into paying instead of delivering promised followers (We Live Security) Many malicious developers try to trick users into downloading their apps by creating the illusion of a useful application. They accomplish it by creating a very interesting app name and adding a bogus description that does not match the functionality of the application

Blog: Does the Pokemon Go Craze Threaten Networks? (SIGNAL) Do you play Pokemon Go?

Pokémon GO-themed malicious apps lurk on Google Play (Help Net Security) Researchers have discovered three malicious apps taking advantage of Pokémon GO’s immense popularity, offered for download on Google Play

Does Pokemon Go really pose a security and privacy risk? (Live Mint) Security experts are divided, but one thing is certain, those who are using the pirated versions of Pokemon Go face a bigger risk

Pokémon Go und die Sicherheit (One to One) Manche Hypes sind zwar bemerkenswert, aber auch nicht überraschend: Pokémon war schon immer beliebt, aber die starke Verbreitung der neuen Mobile-App Pokémon Go ist auffällig. Derzeit entstehen offenbar auch erste Sorgen um die Sicherheit der Nutzer

Pokémon Go to go global ‘soon’ as hit game launches in three more countries (TechCrunch) Pokémon Go is already a phenomenon that has captured the attention of millions and added billions to Nintendo’s market cap, but the game itself remains limited to a handful of countries. There’s good news for wannabe players, then, with word that it most definitely harbors global expansion plans

Pokémon Go’s retention rates, average revenue per user are double the industry average (TechCrunch) New data released this morning on the mobile phenomenon Pokémon Go shows that the popular game isn’t only the biggest in U.S. history – it’s also breaking records when it comes to its ability to monetize and retain its users, as well. According to a report from SurveyMonkey, Pokémon Go is seeing retention rates at more than double the industry average, and is pulling in revenues at twice the average rate for casual games

Command Injection: A Deadly Needle in the Haystack (IBM Security Intelligence) Looking across the threat landscape at cybercriminals’ go-to attack vectors, we see SQL injection high on the list. But there’s another injection method that also poses a serious threat: command injection

NXP warns cryptographic keys can be hacked (Electronics Weekly) An encrypted key technology used to make hardware like mobile phones secure may not be as hackable as first thought

Crypto flaw made it easy for attackers to snoop on Juniper customers (Ars Technica) Networking gear maker kills bug that failed to catch self-signed certificates

Juniper Junos up to 16.1r1 Ipv6 Mac Address Ethernet Handler Flooding Denial of Service (vulbd) A vulnerability was found in Juniper Junos. It has been declared as problematic. This vulnerability affects an unknown function of the component IPv6 MAC Address Ethernet Handler. The manipulation with an unknown input leads to a denial of service vulnerability (flooding). As an impact it is known to affect availability

Hackers steal millions from ATMs without using a card (CNN Money) Taiwan is trying to figure out how hackers managed to trick a network of bank ATMs into spitting out millions

Why We Should Be a Little Paranoid About Hackers Messing With Robot Surgeons (Motherboard) A few weeks ago, my colleague Victoria Turk sat down in a surgical chair, slid her fingers into something that looked like pliers, wore a pair of 3D glasses, and tried to control a robotic surgeon remotely

Your website may be engaged in secret criminal activity (TechCrunch) Most of us think of website hacks as illicit activities aimed at siphoning critical information or disrupting the business of website owners. But what happens when your site becomes hacked, not for the purpose of harming you but rather to further the ends of other parties? Most likely, the attackers would manage to feed off your resources and reputation for months or years without being discovered, because it’s hard to take note of something that isn’t directly affecting you

Rise in brand impersonation exploits user trust (Help Net Security) A rise in brand impersonation means bad actors can exploit user trust by intercepting communication with rogue social media profiles and expose them to malware, ransomware or credential harvesting sites

Big Data and elections: The candidates know you – better than you know them (CSO) Most political campaigns emphasize providing information – carefully controlled information – about a candidate to voters. But in the era of Big Data, they are also collecting information about voters – with little or no control, consent or security

Security Patches, Mitigations, and Software Updates

SAP releases monthly patch update closing 36 vulnerabilities – two rated 'high priority' (Computing) Enterprise applications giant finally gets round to dealing with 'clickjacking' vulnerabilities

Cisco patches serious flaws in router and conferencing server software (CSO) The patches fix flaws in Cisco IOS, IOS XR, ASR 5000, WebEx Meetings Server and Cisco Meeting Server

Cisco Patches DoS Flaw in NCS 6000 Routers (Threatpost) Cisco Systems today released patches for two products, including one for a vulnerability rated a high criticality in Cisco IOS XR for the Cisco Network Convergence System series routers

Cyber Trends

Cybersecurity concern continues to rise (Help Net Security) A new Black Hat report reveals some critical concerns about the information security industry and emerging cyber risks faced by today’s enterprises

76% of companies believe IoT is critical to success (Help Net Security) Vodafone published its global survey of business sentiment regarding innovation and investment in the Internet of Things. The survey was conducted by Circle Research in April and May 2016 and involved more than 1,096 companies around the world

Companies failing to plan for many cyber dangers (CSO) Only 22 percent of companies have a comprehensive plan in place to deal with major security incidents

The Cyber-Security Industry Must Be More Realistic (Baseline) The reason post-attack incident response wasn’t a market until recently was blind optimism. Firms assumed that with enough resources, they could stop breaches

The damaging divide in application security (Help Net Security) It’s time to get serious about application security and the divisive reality of breaches

South Africa has crossed the cyber Rubicon (Enigineering News) The recent spate of well-publicised cyber-attacks on South African organisations should be a wake-up call to government and corporates indicating that the country is amongst those being targeted globally, says Evert Smith, Threat Intelligence Lead at Deloitte South Africa

Marketplace

CyberGRX Gets $9M to Manage Security Risks From Business Partners (Xconomy) An interesting cybersecurity startup emerged from stealth mode in Denver today. CyberGRX, which develops cyber risk management software, said it has closed $9 million in Series A funding, led by Allegis Capital

Delta Risk Cybersecurity Services Acquires Allied InfoSecurity, With Plans to Expand (Mergers & Acquisitions) The PE arm of ex-Homeland Security Secretary Michael Chertoff's Chertoff Group owns a majority stake in Delta Risk

Organization’s cyber security can have an effect on acquisition, says report (IT World Canada) There are three common reasons cyber security has to be among the top priorities for the C-suite: To maintain confidence of partners, customers and investors. Loss of confidence by any of those groups could undermine corporate revenues

Symantec fires up innovation engine after Veritas spin-off (Channelnomics) EMEA channel chief signals R&D investment

Symantec, Intel carve out diminishing slice of growing security market (Register) Oh dear, Big 5. Looks like the Others are growing

Cisco's Path To Relevancy (Seeking Alpha) Cisco has seen significant growth recently in its high-margin, innovative product divisions. There are several new opportunities, and Cisco is looking to take full advantage of them. Fundamentally, it does not get much better than this

Don’t Buy FireEye (InvestorGuide) Cyber security is a growing space, but that doesn’t mean every company is the sector is well positioned to benefit from it. Most companies in the industry are reporting terrific losses and FireEye (FEYE) is one of them. While bulls have often argued that FireEye is an acquisition target, buying it on the hopes of an acquisition is not good investing

CyberArk- The Employees Already Within The Firewall Are The Greatest Threat To Enterprise Cybersecurity (Seeking Alpha) CyberArk is a leading vendor of "within firewall" security solutions. It is a leader in its space although there are many competitors ranging from point vendors to large companies who offer identity management and pass word protection. The company, almost uniquely these days, has a license only revenue model that has had a major impact that has made this company highly profitable without much scale. The company is increasing spend on both R&D and on sales & marketing at high rates in order to take advantage of a host of unexploited opportunities. Over the 6 quarters that this company has been public, its estimates have proved to be far below actual attainment. It is likely that trend is still persisting

BitSight Increases Customers by over 60% in the First Half of 2016 (PRNewswire) Most experienced and trusted security ratings provider announces 410 customers, record sales and rapid global expansion

FAST 25: Rook Security (Indianapolis Business Journal) Needed service: Rook Security’s continued growth—it was a Fast 25 company in 2015, too—reflects the ever-increasing need for cyber security services. CEO and founder J.J. Thompson said the staff grew 35 percent and Rook doubled its client base. It’s now in the process of raising capital

Products, Services, and Solutions

Inky Delivers Encrypted, Secure Affordable Email Management (Inky) Inky, a leader in email management, today announced its new email service, which offers an easy way to encrypt, tag, and manage email on multiple accounts

Identify risks before they become threats. Identify threats before they become a crisis. (Haystax) Haystax developed Carbon for insider threat detection using our patented algorithms and sophisticated identity analytics. Our approach relies on model-based continuous threat monitoring and analysis as well as automated alerting, so that an organization’s personnel are not overloaded with noisy data

ThreatTrack Launches ThreatAnalyzer 6.1 (PRNewswire) Latest version of industry leading malware analysis sandbox better enables enterprises and government agencies to discover and respond to advanced malware

Bank boffins drop slick incident response tool for Mandiant mobs (Register) Plugs hundreds of endpoints into 'single pane of glass'

IBM Unveils New Cloud Blockchain Security Service (CoinDesk) IBM today unveiled a new service designed to help businesses test and run blockchain projects meant to handle private or sensitive data

Businesses should get proactive about identifying potential account breaches: Akamai (CSO) Use big-data security analytics tools to see if compromised customer or supplier accounts are being used as conduits for economic crime

Cymmetria Releases Free Community Version of Innovative Cyber Deception Solution for Hunting Attackers (Dark Reading) Cymmetria, which develops a cyber deception solution for hunting attackers in organizational networks, today released a free community edition of its MazeRunner platform. Cymmetria’s release of the community edition comes after two years of development and customer deployments, in addition to successfully capturing three targeted nation state attacks

HummingBad: 40,000 avoidable infections in Germany alone (Realwire) Blocking malware before it can do damage – with cloud-based security

Guidance Software Delivers Real-Time Continuous Monitoring (BusinessWire) EnCase® Endpoint Security enhances detection and improves incident response

CRN Exclusive: HPE To Start Selling Data Security Products Through Partners (CRN) Hewlett Packard Enterprise is undertaking a strategy to move more of its security products through partners, telling CRN that it is starting to open its data security portfolio to the channel, lines that had previously only been sold direct

Technologies, Techniques, and Standards

Digital Rights Advocates Call for Investigation Around W3C’s DRM Extension (Threatpost) Digital rights advocates are again pleading with the World Wide Web Consortium (W3C) to reconsider standardizing DRM in Encrypted Media Extensions, a draft specification that would ultimately feed into HTML 5

Evaluating a Cloud-Based Service (Security Infowatch) Cloud-based applications are the central focus of technology development in general, and are quickly becoming the primary experience and expectation of end-users. That’s why the future of your business will involve cloud-based applications

Is Full Packet Capture Worth the Investment? (IBM Security Intelligence) Let’s face it: Cybersecurity isn’t getting any easier as attacks become stealthier, more complex and harder to assess

Name All the Things! (SANS Internet Storm Center) With our more and more complex environments and processes, we have to handle a huge amount of information on a daily basis. To improve the communication with our colleagues, peers, it is mandatory to speak the same language and to avoid ambiguities while talking to them. A best practice is to apply a naming convention to everything that can be labeled. It applies to multiple domains and not only information security

Design and Innovation

Google offers 'New Hope' for cryptanalysis resistant public-key crypto (SC Magazine) Google has taken to its online security blog to announce it has started to experiment with cryptanalysis resistant public-key cryptography

Why AI could be the key to turning the tide in the fight against cybercrime (ZDNet) A lack of cybersecurity staff is well documented: could artificial intelligence be what makes life harder for hackers?

Research and Development

Clever Tool Shields Your Car From Hacks by Watching Its Internal Clocks (Wired) Car-hacking demonstrations tend to get all the glory in the security research community—remotely paralyzing a Jeep on the highway or cutting a Corvette’s brakes through its Internet-connected insurance dongle. But as the nascent automotive security field evolves, defensive tricks are getting cleverer, too. Now there’s a new prototype gadget that stops those vehicular attacks with an ingenious hack of its own

Meet The Teams In DARPA's All-Machine Hacking Tournament (Dark Reading) "Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities

Academia

Senator Carper & Federal CIO Tony Scott to Recognize U.S. Cyber Challenge Competitors (US Cyber Challenge) Tomorrow, the 7th annual U.S. Cyber Challenge camp in Delaware will host a Capture-the-Flag competition and award ceremony. A variety of government officials will be attending the award ceremony to speak to the country’s on-going workforce needs. The camp is hosted by US Cyber Challenge and in collaboration with the University of Delaware, Delaware State University, Wilmington University, Delaware Technical Community College and the Delaware Department of Technology and Information (DTI). [Update: CIO Snow was called away and proved unable to attend]

Legislation, Policy, and Regulation

Opinion: The triumph of Privacy Shield (Christian Science Monitor Passcode) The new data transfer pact between the US and European Union known as Privacy Shield opens the door to a new era of safe and secure digital commerce for Europeans

UK surveillance bill includes powers to limit end-to-end encryption (TechCrunch) The UK government has explicitly confirmed that a surveillance bill now making its way through the second chamber could be used to require a company to remove encryption. And even, in some circumstances, to force a comms service provider not to use end-to-end encryption to secure a future service they are developing. The details were revealed during debate of the Investigatory Powers Bill at a committee session in the House of Lords this week

Ex-NSA chief: Responding to cyberattacks is a government responsibility (FedScoop) Officials told Congress that outside of lives lost, drawing a red line is going to be difficult

Rogers: National Security Agency Becoming ‘FEMA of the Cyber World’ (UPDATED) (National Defense) Following major cybersecurity breaches nationwide, the National Security Agency is increasingly being called upon to advise both government offices and the private sector, said the head of the United States’ spy agency

NSA Boss Says U.S. Cyber Troops Are Nearly Ready (WBAA) The director of the National Security Agency says his first few dedicated cyber troops will be operational by early fall but the nation can't wait for the full unit to be ready

U.S. Army officials designate ARCYBER as an Army Service Component Command (Military Embedded Systems) U.S. Cyber Command (ARCYBER) has been designed as an Army Service Component Command (ASCC). The Secretary of the Army signed the Department of the Army General Order (DA GO 2016-11) on July, 11, 2016 designating ARCYBER as an ASCC

McCain Pushes Apple, Google On Encryption Standards in Cyber Hearing (USNI News) Sen. John McCain warned Google and Apple executives Thursday that the Senate Armed Services Committee “has subpoena power” that could compel them to testify on why their encryption systems on newer smartphones are not accessible to law enforcement operating under court orders

U.S. Privacy and Civil Liberty Watchdog Faces Limits in Congress (New York Times) A leading Democrat in Congress is pushing back against an effort to impose new constraints on a civil liberties watchdog agency that investigates the nation’s security programs

House Science Committee convinced fraud investigations stifle free speech (Ars Technica) To preserve the free speech of Exxon, Rep. Smith wants e-mails of others

Intelligence group wants to use wearables to assess agent recruits (Washington Post) Becoming an intelligence agent might get a lot harder

Congresswoman introduces revenge porn bill, setting max penalty at 5 years (Ars Technica) Rep. Jackie Speier: A person’s life can be shattered "with the click of a button"

Litigation, Investigation, and Law Enforcement

In Nice attack, government's official terror alert comes too late (CSO) Government officials used Twitter to encourage those affected to use Facebook to signal their safety

Police raid homes over Facebook hate speech (Naked Security) German police raided about 60 people’s houses on Wednesday, accusing most of the suspects of posting xenophobic, anti-Semitic or other extremist right-wing content to a private Facebook group

Microsoft wins appeal over U.S. email requests (USA Today) In a ruling that has important data security implications, a court ruled Thursday Microsoft can't be forced to give the government e-mails stored in Ireland that are part of a U.S. drug investigation

Microsoft ruling limits government access to data stored overseas (Christian Science Monitor Passcode) Tech advocates hailed the decision in a case over access to emails stored on data servers in Ireland as a boon for privacy rights in the Digital Age

Microsoft's overseas privacy battle may be far from over (CSO) Thursday's ruling says the U.S. can't force Microsoft to give up emails stored on a server in Ireland

Is it ethical to use malware when disrupting cyber-crime? (SC Magazine) As the FBI declares its malware-like software cannot be malware as it is used with non-malicious intent, we ponder the ethics of the good guys using the same tools as the bad guys

46-month sentence for businessman who helped Chinese military hackers (Washington Post) A businessman who admitted helping Chinese military officers as they hacked into the computer systems of U.S. defense contractors and stole significant information was sentenced Wednesday to three years and 10 months in prison, authorities said

Feds ask judge to toss case about Olympics snooping claim (12News) The National Security Agency asked a judge Thursday to dismiss a lawsuit from a former Salt Lake City mayor who says the agency conducted a mass warrantless surveillance program during the 2002 Winter Olympics

Serial hacker, doxxer, and swatter sentenced to two years in prison (Ars Technica) He and others "embarked on this digital crime spree to entertain themselves"

Sex offender arrested, accused of playing Pokémon Go with kids (Ars Technica) Probation agent saw offender playing game with kids outside agency's office

Indifference and ignorance: Delving deep into the Clinton e-mail saga (Ars Technica) Clinton wasn't alone in mishandling communications, classified data

'Gag' order: FBI confirms special secrecy agreements for agents in Clinton email probe (Fox News) The FBI has confirmed to a senior Republican senator that agents were sworn to secrecy -- and subject to lie detector tests -- in the Hillary Clinton email probe, an extensive measure one former agent said could have a "chilling effect"

The Strange Gaps in Hillary Clinton's Email Traffic (Politico) An analysis of the released emails raises questions about whether Clinton deleted a number of work-related emails--and if she did, why

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

cybergamut Technical Tuesday: The Importance of Managing Attribution Online by Dani Charles of Ntrepid Corporation (Elkridge and Calverton, Maryland, USA, July 19, 2016) cybergamut Technical Tuesday is for cyber professionals to exchange innovative ideas and discuss technical issues of mutual interest. We’ll have a Technical Tuesday event on 19 July 2016 (1600 – 1730 East...

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.