skip navigation

More signal. Less noise.

ThreatConnect


What Guccifer 2.0 and the Bears were up to, hacking the DNC, and why you should care (trust us—you should). Attend ThreatConnect’s webinar to find out.

Daily briefing.

A prominent ISIS web forum administrator (he runs the Shumukh al Islam, or “Glory of Islam” site) has had his online correspondence hacked and two years of it dumped on Pastebin, Motherboard reports. The content includes recruitment information and communication with forum members. A Forcepoint researcher observes that “the myth of a highly secure jihadi underground, is exactly that: It's a myth.”

This is consistent with ISIS operations in cyberspace serving inspiration as opposed to either hacking or command-and-control of terror operations. ISIS claims it inspired the Afghan teenager who attacked train passengers in Germany with an axe, and French authorities say the Nice murderer was inspired by the Orlando massacre (information about which he collected online).

The post mortem on whatever happened last weekend in Turkey concludes the coup plotters’ central error was failure to take down the Internet. How they might actually have done so analysts leave as an exercise for their readers—it’s easier said than done.

Distributed denial-of-service attacks might be one approach to Internet jamming. The Philippine government is sustaining such a campaign this week, probably, observers think, at the hands of Chinese services striking against a rival for South China Sea territory.

Other threat actors undertake DDoS attacks against a variety of targets, Pokémon GO prominent among them.

Symantec finds banking malware in Excel macros.

A researcher demonstrates how thieves could subvert the account-recovery and 2FA options various services make available to their customers. The theft would occur by diverting calls to premium numbers.

Notes.

Today's issue includes events affecting Australia, Austria, Brazil, Bulgaria, Canada, China, Czech Republic, France, Germany, Iceland, India, Iraq, Japan, Morocco, Nepal, Norway, Pakistan, Philippines, Poland, Russia, Spain, Syria, Switzerland, Taiwan, Turkey, United Kingdom, United States.

A note to our readers: This Friday we'll be in Detroit, for the first annual Billington Global Automotive Cybersecurity Summit. Watch for live-tweets from the event, and a full report published here next week. And for an early look at (actually, an early listen to) some of the conference's important themes, check our interview with Booz Allen Hamilton's Jon Allen. He discusses the Automotive ISAC and offers a preview of the conference.

The CyberWire Special Edition Podcast, "Quantifying Cyber Risk," is out. This Special Edition features discussions with experts in the security and insurance sectors about quantifying cyber risk: how you do it, what you do with the numbers once you've got them, and why it all matters.

And, of course, you'll be able to catch the CyberWire's regular daily Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today Joe Carrigan will again represent our partners at the Johns Hopkins University with some well-informed discussion of two-factor authentication. And we'll speak with Recorded Future expert Levi Gundert about their breaking news on the Cknife web shell. (As always, if you like our podcast, consider giving it an iTunes review. We appreciate the feedback.)

Cyber Attacks, Threats, and Vulnerabilities

'Prominent’ Admin of Top ISIS Forum Hacked (Motherboard) An administrator of a top-tier ISIS web forum, who one expert describes as a “prominent” member of the online jihadi community, has been hacked

ISIS Claims Responsibility for Ax Attack on German Train (New York Times) The Islamic State claimed responsibility on Tuesday after a 17-year-old Afghan who came to Germany as a migrant attacked passengers on a regional train with an ax before he was killed by the police, a development that is likely to intensify fears that the huge influx of migrants poses a security threat

Nice Attacker Was Inspired by Orlando Nightclub Attack (Time) The attacker searched for info about the attack on the Florida gay nightclub

Signs of Turkish Cyber Skirmish Follow Failed Coup, Cytegic Says (Bloomberg) Turkey is seeing the divisions that led to the failed coup move into the virtual arena with an outbreak of cyber attacks this week, Israeli cyber-security company Cytegic said

Turkish coup plotters’ cyber fail: Not turning off Internet (Ars Technica) Plotters, including an army cyber expert, got tripped up by social media

Philippines Government Websites Hit by Massive DDoS Attacks, China Suspected (Softpedia) Attacks came on the same day as a controversial decision regarding China's rights over islands near the Philippines

Massive DDoS cyber attack takes down Pokémon Go (Computer Business Review) Hacking group PoodleCorp has taken responsibility for the attack on Twitter, with further promises of a bigger attack coming soon

Pokemon Go hit by cyber attack: Industry reaction (IT Pro Portal) Following the news that the hugely popular mobile game Pokemon Go was taken offline by a DDoS attack over the weekend, various industry professionals have offered their thoughts and analysis

Pokémon GO: PoodleCorp threatens DDoS outage on August 1 (Naked Security) Are you a Pokémon GO fan? I can’t tell you whether I like it yet, because the darn thing won’t work on my Android

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification (CSO) Researchers from Akamai observed multiple attacks abusing DNSSEC-enabled domains for DDoS amplification

DDoS attacks continue to escalate in both size and frequency (Help Net Security) Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks

RNC braces for cyber attacks (TechCrunch) The Republican National Convention kicks off today in Cleveland and the event promises to be unusual. Donald Trump’s campaign has, of course, been controversial, and he’s putting his own strange spin on the event. Major GOP figures have declined to attend, so Trump has replaced them with the likes of Scott Baio and Peter Thiel

Malicious macros arrive in phishing emails, steal banking information (Symantec) Malicious macros made a comeback in 2015 to deliver malware. Now we’re seeing phishing emails use macros in Excel attachments to steal sensitive banking details

Criminals plant banking malware where victims least expect it (Ars Technica) Result was a highly effective means for distributing account-draining Trojan

Delilah malware secretly taps webcam, blackmails and recruits insider threat victims (Computerworld) Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company’s secrets

How to scam $750,000 out of Microsoft Office: Two-factor auth calls to premium-rate numbers (Register) Tech giants scramble to fix pricey loophole

Attackers could steal millions through online phone verification systems (CSO) Many systems can be tricked to call premium-rate numbers set up by attackers

How to steal money from Instagram, Google and Microsoft (Help Net Security) Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated

Software fraud claims billions of dollars but the industry finds it difficult to stop (Financial Times) Shailin Dhar began his career on the dark side of the online advertising industry. In 2013, aged 22, he started working for a New York-based entrepreneur who owned dozens of bogus websites. His job was to inflate the number of visits to the sites — thereby boosting advertising sales — by purchasing fake web traffic

After 7 Years, Enfal Keeps Changing Its Spots but the Danger Remains (Verint) The Enfal malware, first spotted in 2004, is more dangerous than ever given its ability to morph over time often enough to evade detection

Carbanak Gang Tied to Russian Security Firm? (KrebsOnSecurity) Among the more plunderous cybercrime gangs is a group known as “Carbanak,” Eastern European hackers blamed for stealing more than a billion dollars from banks. Today we’ll examine some compelling clues that point to a connection between the Carbanak gang’s staging grounds and a Russian security firm that claims to work with some of the world’s largest brands in cybersecurity

Mystery surrounds $2M ATM “jackpotting” attack in Taiwan (Naked Security) Mystery still surrounds a recent series of bank heists in Taipei, Taiwan

CGI Script Vulnerability ‘Httpoxy’ Allows Man-in-the-Middle Attacks (Threatpost) An old scripting vulnerability that impacts a large number of Linux distributions and programing languages allows for man-in-the-middle attacks that could compromise web servers. The vulnerability, which affects many PHP and CGI web-apps, was revealed Monday in tandem with the release of a bevy patches from impacted companies and platforms

No, SFG isn't Stuxnet 2.0 (IT News) Overhyped and underdone

Researchers Crack Furtim, SFG Malware Connection (Threatpost) New research is challenging what security researchers know about Furtim, a new malware strain that has been compared to Stuxnet because of its believed targeting of industrial controls in energy companies.

Inside the diabolical Ukrainian hack that put the U.S. grid on high alert (E&E News) Eastern Europe was blanketed in a heat wave last summer. In Kiev, Ukraine, a state of desperate resignation had set in as fighting intensified between pro-Russia rebels and Ukrainian forces to the east. Separatists closed highways and attacked ports. Meanwhile, a silent incursion had started to worm its way into the email accounts of employees at media outlets, national railroads and power distributors in the western half of the country

Critical infrastructure in Europe exposed to hackers (SC Magazine) Power stations in Germany, Italy and Israeli smart building could be accessed by criminal hackers

Critical infrastructure in the crosshairs (GCN) The security threat faced by government networks and computer systems should now be obvious to everyone, even if some of the efforts to protect against those threats have been tardy. Threats against critical infrastructure systems, which are just as important to all levels of government, are less well known

Stuxnet ushered in era of government hacking, say experts (Christian Science Monitor Passcode) In the new documentary "Zero Days," director Alex Gibney chronicles the rise of Stuxnet and the widespread use of cyberweapons that followed

'Zero Days' Director Alex Gibney On Making Stuxnet A Movie Star (New America and Christian Science Monitor Passcode) Filmmaker Alex Gibney is known for his awardwinning documenteries on topics that range from Enron to Wikileaks, but now he's taken on a tough challenge: Making a movie about a secret program that few people will publicly acknowledge. "Zero Days" focuses on the Stuxnet computer virus that's believed to be the world’s first digital weapon

How a healthcare hacker is pressuring victims to pay up (CSO) A hacker who claims to have stolen 10 million patient records is extorting victims for money

Cerber ransomware strain now targeting Office 365 users (SC Magazine) Researchers have discovered a new strain of the Cerber ransomware targeting Office 365 users. The variant, discovered by Trend Micro, is part of a trend of new ransomware that targets victims using cloud platforms

CuteRansomware using Google Docs as a launch platform (SC Magazine) Despite its benign nickname, a new strain of malware called cuteRansomware has been uncovered that uses a Google Doc generated by the cybercriminal to host the decryption key and command-and-control functionality, according to a blog post from Netskope

Ransomware Victims Rarely Pay The Full Ransom Price (Dark Reading) The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds

FireEye on Extortion: To Pay or Not to Pay? (BankInfo Security) Charles Carmakal on how to weigh response to the tough question

IAITAM: Pokémon Go Should Be Banned From Corporate-owned Phones, Tablets, As Well As Personal Phones Linked To Sensitive Business Data (PRNewswire) "Too many questions and too many risks" to allow gaming app to be used in business-related devices

Pokémon Go 'a nightmare' for IT departments (San Francisco Business Times) With Pokémon Go downloaded on millions of phones, some security experts are warning that the game could cause big problems for companies. And it’s not just the distraction factor of employees more focused on catching the digital creatures than doing work

3 Security Measures Before Playing Pokémon Go (Business2Community) Launched in USA on 6 July 2016, Pokémon Go is the new location-based augmented reality mobile game. Even though available in few countries, it is the new latest Internet sensation and according to TechCrunch, it is earning $1.6 million in daily revenue!

Fitness Bands Struggle With Privacy; Leave Data Exposed (Infosecurity Magazine) They may be one of the hottest gadgets around right now, but fitness bands and smartwatches may be a disaster waiting to happen from a security point of view, according to a new report. And considering the personal information held on many of them, the consequences of a breach could be disastrous

The First Cyber Espionage Attacks: How Operation Moonlight Maze made history (Medium) Newly declassified documents shed light on the original cyber cold-case

Security Patches, Mitigations, and Software Updates

Apple Fixes Vulnerabilities Across OS X, iOS, Safari (Threatpost) Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS

Cyber Trends

Failure to Secure: The 2016 State of Privileged Account Management Report (Thycotic) Benchmark global survey shows privileged account management a top security priority but failing in enforcement

Most CISOs and CIOs need better resources to mitigate threats (Help Net Security) Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study

Study: When It Comes to Cybersecurity, IT Is Too Obsessed with Malware (The VAR Guy) The Cyber Weapons Report 2016 details other threats we should be worried about

Ixia: Developers must improve security testing and nab those anomalies (Security Brief AU) Web developers are not catching all security weaknesses before their apps go to market, allowing cyber criminals to exploit the apps, says a new study from Ixia

Marketplace

Three Enigmas Facing Indian Banks: Reputation, Regulation and Resources (IBM Security Intelligence) According to professor Francis Amasa Walker’s definition for the function of money, “Money is what money does.” In modern times, especially for Indian banks, the function has changed: The money does what a banker allows it to do

Security in the M&A process: Have you done your technical due diligence? (Help Net Security) Company acquisitions are common in the cyber security market. Whether you are attempting to bolster your strategic position or looking to acquire the best talent, chances are if you’re company is growing, you’ll find yourself on a deal team at some point

Cyber Security: Is It Still The Place To Be For Venture Capitalists? (Market Mogul) People’s lives are tied in with the different online services. Among other things, people work, play and shop online. These are all such activities that people can misuse and take advantage of. In a time where it is possible for someone to access the personal email account of Hillary Clinton herself, it is clear that no one is safe in the online world

Skycure Secures $16.5 Million in Funding to Protect Enterprises from Mobile Threats (Yahoo! Finance) Award-winning mobile threat defense platform proactively protects against malware, network threats, and app/OS vulnerability exploits

Carbon Black Acquires Next-Gen AV Firm Confer (Infosecurity Magazine) Endpoint security firm Carbon Black has today announced its acquisition of Confer, a next-generation antivirus (NGAV) company

Has Palo Alto Networks Inc Stock Finally Hit Bottom? (Motley Fool) The data security upstart’s stock has taken a beating of late, but has the negative sentiment gone too far?

FireEye: The Ruby Or The Rhinestone Of Cybersecurity? (Seeking Alpha) FireEye is is best known as the leader in a cybersecurity space known as Advanced Intrusion Detection. Its shares have been mercilessly volatile and down by 2/3rds in the past year. The company is far away from non-GAAP profitability, and non-GAAP profitability is beyond the horizon. It is undergoing a significant financial transition from sales of on-premise appliances to sales of FireEye services. The company has been rumored to be a merger target. Its current compressed valuation makes such a transaction very feasible and at a significant premium

Gigamon Stock Soars To The Clouds As Analyst Sees Amazon Boost (Investor's Business Daily) Gigamon (GIMO) will get a boost from supporting Amazon Web Services, the cloud computing business of Amazon.com (AMZN), says Needham & Co., which upped its price target on Gigamon stock on Monday

Meet The Cyber Mercenaries Selling Spyware To Governments (Motherboard) On the night of March 5, 2011, at the height of the Egyptian revolution of 2011, a group of pro-democracy protesters stormed and ransacked the office of Egypt’s security service

Fortinet names Fujitsu, Missing Link and CDM as its top partners (CRN) Fortinet has revealed Fujitsu, CDM and The Missing Link Security as its Australian partners of the year

Covington Bulks Up Cybersecurity Practice With Ex-Mandiant Consultant (Law.com) Law firms that are hired to respond to data breaches can face a cultural and technical divide—between the lawyers on one side, and IT staff in the trenches trying to locate and stop the breach on the other

Forcepoint appoints three top executives for cybersecurity strength (Security Brief AU) Forcepoint has announced the appointment of Richard Ford, Krist Lamb and Brian Shirey to chief roles in the company as it hopes to expand its innovation capabilities

Products, Services, and Solutions

IBM Announces Blockchain Cloud Services on LinuxOne Server (Top Tech News) new cloud Relevant Products/Services environment for business-to-business networks announced by IBM last week will allow companies to test performance, privacy, and interoperability of their blockchain ecosystems within a secure environment, the company said. Based on IBM’s LinuxONE, a Linux-only server designed for high-security projects, the new cloud environment will let enterprises test and run blockchain projects that handle private data for their customers

Pulse Workspace certified by Google for use with Android for Work (Marketwired) Boosts mobile application productivity with Android for Work, simplifying secure access, policy enforcement and management for mobile and desktop users

Black Hat Selects Fortinet to Support Networking and Security at the World's Premier Information Security Conference (Yahoo! Finance) the global leader in high-performance cyber security solutions, has been chosen to work alongside Black Hat to provide networking and secutiy solutions and help support the infrastructure serving participants and staff during the 2016 U.S. Black Hat conference. Taking place in Las Vegas, July 30th through August 4th, Black Hat's team will lead a group of experts to build out the sophisticated networks needed to meet the evolving access, performance, and security requirements of the conference

Sophos Mobile Security arrives on iOS! (Sophos) As a security vendor, we’re often asked, “What about Sophos Antivirus for iPhones and iPads?”

Attivo Networks Completes Integration With Palo Alto Networks Firewall to Empower Automatic Blocking of Data Exfiltration (MarketWired) Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today an integration combining the Attivo Networks Deception Platform with the Palo Alto Networks® Next-Generation Firewall. The integration brings together prevention, detection, and incident response capabilities into a solution that can automatically block infected nodes from gaining Internet access and exfiltrating valuable company data

CyberInt Enhances Security Offerings Through Webroot Collective Threat Intelligence (Yahoo! Finance) Webroot, the market leader in next-generation endpoint security and cloud-based collective threat intelligence, today announced a partnership with CyberInt, a leader in targeted cyber threat intelligence. CyberInt will integrate Webroot BrightCloud® Threat Intelligence Services in its platform, providing additional predictive intelligence on URLs, IPs, files, and mobile apps for better protection from advanced cyberattacks

FireEye's latest security feature detects and protects from ransomware (Security Brief AU) FireEye have recently detected a cerber ransomware campaign with Exploit Guard, a new feature of FireEye Endpoint Security (HX)

ThreatMetrix Enhances Digital Security Platform (Find Biometrics) ThreatMetrix has announced a new update to its eponymous digital authentication and threat detection platform

SafeBreach Enables Enterprises to Weaponize Threat Intelligence (MarketWired) Integrates leading intelligence from FireEye iSIGHT Intelligence within continuous security validation platform

Radiant Logic Integration with CyberArk Delivers a Federated Identity Service with Enhanced Security and Governance (BusinessWire) Radiant Logic joins CyberArk-led C3 Alliance

Open source hardware cryptographic module offered for $800 (CSO) For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure

Technologies, Techniques, and Standards

Meet the hacker who tries to break Yahoo every day (ZDNet) No matter how strong a company's defenses, the red team should "always win"

How to improve your incident response plan (CSO) Incident response plans are, in many ways, like family relics. These written instructions, which detail how firms should adequately detect, respond and limit the effects of an information security incident, are highly valued by some, and yet all too often left gathering dust in the cupboard. To many, they remain untried and untested for years, and thus most are unfit for purpose when that untimely data breach becomes reality

Research and Development

Galois snags $6M DARPA contract to halt sophisticated cyberthreats (FedScoop) Under the contract, Galois will create ADAPT, a complex project that will detect attacks from elite-level hacking groups

Legislation, Policy, and Regulation

What Pokémon, Japanese Schoolgirl Punks, and Cocaine Have in Common (Foreign Policy) There wouldn’t be Pikachu without kawaii, Japan’s highly addictive cult of cuteness

What defines an armed cyberattack? It depends (C4ISRNET) The cyber domain, while declared an operational domain of warfare, has blurred the traditional lines established in the physical world. Lawmakers and policymakers have sought to address what cyber redlines are and what cyber acts of war merit a response within international law and self-defense

Strategic Competence Has Moral Dimension (Association of the United States Army) Every soldier and leader knows that moral principles govern our behavior in war. In combat, we are responsible for attending to the difference between combatants and noncombatants, using proportional force even in the pursuit of legitimate targets and objectives, providing due care to the innocent even if doing so requires risk to ourselves, and assuring that we limit collateral damage as much as possible. Application in combat is part of our tactical competence

Pre-Snowden Whistleblower Explains How NSA Got 'Unleashed' To Spy On Everyone (Motherboard) Thomas Drake was a 48-year-old decorated Air Force and Navy veteran, and a senior executive at the National Security Agency, the NSA, when he decided he had to speak up against what he considered the spy agency’s abuses

Update on ARCYBER’s HQ move (C4ISRNET) Army Cyber Command and Second Army are working to transition headquarters from Fort Belvoir, Virginia, to Fort Gordon, Georgia. The move is expected to happen in fiscal year 2020

Litigation, Investigation, and Law Enforcement

Bulk data collection only lawful for fighting serious crime, says Europe’s top court (TechCrunch) The European Court of Justice has issued a preliminary ruling on a data retention case brought by UK MPs and privacy rights groups seeking to challenge the government’s data retention regime under DRIPA

Governments Ramp Up User Data Requests to Google (Infosecurity Magazine) Google handed over data on users to the authorities in nearly two-thirds of cases in the second half of 2015, according to its latest Transparency Report

New York Times sues for Defense Secretary Ash Carter's emails (Politico) Attorneys for The New York Times and the Justice Department are due in federal court Tuesday as part of a lawsuit seeking to force the Pentagon to release full copies of more than a thousand pages of work-related emails Defense Secretary Ash Carter sent and received from his personal account

The FBI is using outdated IT to foil FOIA requests, lawsuit alleges (CSO) Its searches for documents often fail 'by design,' an MIT researcher says

Could Donald Trump Block Hillary Clinton's Campaign From Visiting His Website Via The CFAA? (Tech Dirt) From the who-the-hell-knows dept. In the past few weeks, we've written about two troubling rulings in the 9th Circuit appeals court concerning the CFAA, the Computer Fraud and Abuse Act

Former Cardinals exec sentenced to prison for hacking Astros (Chicago Tribune) A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs

Army Will Hold Off On DCGS-A Award As Palantir Lawsuit Plays Out (Defense News) The US Army has provided notice to the US Court of Federal Claims that it will not make a contract award for the next version of its intelligence analysis software suite before Sept. 1, as a lawsuit against the service plays out in court

How Protesters at the RNC Can Protect Themselves From Digital Surveillance (Slate) Activists at the political conventions should prepare themselves and their cellphones

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CANCELLED: Insider Threat Program Development Training (Cleveland, Ohio, USA, August 22 - 23, 2016) This event has been cancelled.

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

Upcoming Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

CyberSec 2016 (New York, New York, USA, July 19, 2016) Ask any bank CEO in the U.S. what keeps them up at night and cybersecurity is bound to be in the top five. Maybe even no. 1. And while the threat matrix is evolving rapidly, along with the regulatory demands,...

Nominations are now open: National Cyber Security Hall of Fame (Baltimore, Maryland, USA (nominations submitted online), July 20, 2016) The Cyber Security Hall of Fame "Respect the Past - Protect the Future" accepts nominations from companies and organizations that are engaged in, and committed to, the growth of the cyber security industry.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Billington Global Automotive Cybersecurity Summit (Detroit, Michigan, USA, July 22, 2016) Billington Cybersecurity, an independent conference company focused exclusively on cybersecurity seminars, announces the first global summit that brings together the most senior government and industry...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style...

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security...

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid...

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners...

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder!...

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with...

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot...

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create...

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great...

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber...

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.