skip navigation

More signal. Less noise.

ThreatConnect

​Security incidents happen at the seams, between tools and teams. Unite your people, processes, and technologies behind an intelligence-driven defense. Attend this ThreatConnect webinar to learn how.​

Daily briefing.

The hacker behind the handle “Tessa88” is offering Twitter credentials for sale in a dark web souk for ten Bitcoin (about $5800). Tessa88 is the same handle associated with the recent VK credential theft. Twitter has been tweeting that it’s confident it wasn’t breached, but evidently a lot of its users were. Many suspect a connection to the LinkedIn, MySpace, and Tumblr breaches.

Data from the LinkedIn breach are being exploited in an unusually specific spearphishing campaign in Europe.

Unconfirmed reports suggest a third-party data breach may have exposed seventy-seven-thousand State Farm accounts.

India continues to investigate the strongly suspected connection between the Danti espionage group and the Chinese government.

Rapid7’s Project Sonar finds more than fifteen million devices with exposed Telnet connections. Belgium is the leader in this vulnerability sweeps.

Researchers at Zscaler shed some light on how documents with malicious macros are incorporating new anti-VM and anti-sandboxing to evade defenses.

One of the older forms of ransomware, Zcrypt, is being upgraded for better evasiveness and more reliable delivery. Other researchers look at commodity ransomware SNSLocker (helped by careless malware coders). Ransomware remains cheap and low-risk cyber crime. The latest victim to pay up is the University of Calgary, which forked over $20,000 (Canadian, roughly $16,000 US) to regain its data.

NATO’s conference in Estonia considers ways of avoiding surprise and improving collaboration. Estonia points out that budget constraints can breed innovation.

The cyber sector welcomes its newest unicorn: Cylance’s Series D round puts its valuation above $1 billion.

Notes.

Today's issue includes events affecting Albania, Australia, Bangladesh, Belgium, Bulgaria, Denmark, Canada, China, Croatia, Czech Republic, Estonia, France, Germany, Greece, Hungary, Iceland, India, Iraq, Italy, Latvia, Lithuania, Luxembourg, NATO, Norway, Poland, Portugal, Netherlands, Romania, Russia, Samoa, Slovakia, Slovenia, South Africa, Spain, Tajikistan, Turkey, Ukraine, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. This afternoon Joe Carrigan of the Johns Hopkins University discusses backup strategies (particularly timely given recent ransomware incidents). And we'll learn about disposable browsers and security while traveling abroad from our guest, Authentic8's Scott Petry. (We always welcome reviews of our podcasts: you can provide an iTunes review here.)

Cyber Attacks, Threats, and Vulnerabilities

Passwords for 32M Twitter accounts may have been hacked and leaked (TechCrunch) There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached

32m Twitter login credentials stolen from users (Help Net Security) Leaked Source has added 32,888,300 records of Twitter users to its repository of leaked data. The source of the batch is a user who goes by the alias “Tessa88@exploit.im,” who’s been selling the data on a dark web marketplace for 10 bitcoins (around $5,800)

Malware harvesting stored credentials exposed 32 million Twitter accounts (CSO) Twitter wasn't hacked, but its users were

77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack (HackRead) DAC Group, a Toronto-based digital & content marketing agency has suffered a security breach on their server resulting in data theft of 93,000 customer accounts — In normal circumstances it would be just another security breach but what makes this breach exceptional is the 77,000 leaked accounts from Bloomington, Illinois-based State Farm, an American group of insurance and financial services companies in the United States

Chinese hackers may have stolen government info: Experts (Times of India) Chinese cyber espionage group Danti may have breached computers of top-ranking bureaucrats in Delhi and elsewhere, according to cyber security company Kaspersky Labs

Millions Of Systems Worldwide Found Exposed On The Public Internet (Dark Reading) New Project Sonar scans uncover unnecessarily open ports in systems worldwide: Australia, China, France, US, Russia, and UK, among nations most at risk

Over 15 Million Devices Offering Free Telnet Access Found Online (Softpedia) SSH adoption is gaining ground over Telnet

Belgium tops list of nations most vulnerable to hacking (Guardian) Tajikistan comes second, Samoa third and Australia fourth as new ‘heat map of the internet’ reveals which countries are most at risk due to exposed servers

Stolen LinkedIn data used in malware campaign hitting European users (Help Net Security) European LinkedIn users are being targeted with highly personalized malicious emails. It is more than likely that the attackers are misusing the compromised LinkedIn user data that has been recently offered for sale

Malicious Documents leveraging new Anti-VM & Anti-Sandbox techniques (Zscaler) Malicious documents with macros evading automated analysis systems

Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser (Talos) This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve arbitrary code execution on the victim’s system. The most effective attack vector is for the threat actor to place a malicious PDF file on a website and and then redirect victims to the website using either phishing emails or even malvertising

Fake gaming torrents download unwanted apps instead of popular games (Help Net Security) If you’re looking for torrents to download pirated copies of popular games, be extra careful not to be tricked into downloading malicious and unwanted software instead

Fast Flux Taken To The Next Level With Zbot Botnet (Dark Reading) Zbot's success rests largely on its makers' ability to take advantage of fast-flux network infrastructure

Vawtrak banking malware – know your enemy (Naked Security) In December 2014, SophosLabs published a paper entitled Vawtrak – International Crimeware-as-a-Service, explaining how cybercriminals have adopted the “Pay As You Go” model that has become so popular in the mainstream technology industry

Slicing Into a Point-of-Sale Botnet (KrebsOnSecurity) Last week, KrebsOnSecurity broke the news of an ongoing credit card breach involving CiCi’s Pizza, a restaurant chain in the United States with more than 500 locations. What follows is an exclusive look at a point-of-sale botnet that appears to have enslaved dozens of hacked payment terminals inside of CiCi’s locations that are being relieved of customer credit card data in real time

Zcrypt Ransomware: Old Wine In A New Bottle (Dark Reading) Malware authors have combined old and new approaches to try and sneak Zcrypt past defenses, Check Point says

Ransomware infector can now dodge Microsoft’s tool for stopping Flash attacks (CSO) A for-hire toolkit used to exploit popular software, such as Adobe’s Flash Player, and spread malware can now bypass a key line of defence that Microsoft offers to enterprise customers

Ransomware Leaves Server Credentials in its Code (Tirate un Ping) While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine or interface, its coarse and bland façade hid quite a surprise. After looking closer at its code, we discovered that thisransomware contains the credentials for the access of its own server

Deconstructing The Impact Of Ransomware On Healthcare’s IoT (Dark Reading) If ransomware targets medical devices, exactly how will an attacker deliver the ransom note to the victim?

InfoSec 2016: Malwarebytes – Beware The Growing Ransomware Risk (TechWeek Europe) 2016 is set to be “the year of the ransom” as threat continues to grow, Malwarebytes claims

University pays $20,000 in ransomware attack (Help Net Security) The ransomware plague has hit the University of Calgary, and the academic institution did what many victims do: they paid the ransom to get the encrypted files back

University pays almost $16,000 to recover crucial data held hostage (Ars Technica) "The last thing we want to do is lose someone’s life’s work," official says

U of C ransom payout better than battling hackers, expert says (CBC News) Ransomware schemes becoming more sophisticated while prevention lags

Cyberattacks like U of C ransomware case easy to launch, security expert warns (CBC News) Instructions on how to do ransomware attacks are readily available online

Cloud sharing puts companies' sensitive data at risk, survey says (Engineering & Technology) A new survey has revealed that employees regularly share sensitive company data via cloud-based applications such as Dropbox, Gmail or Facebook, offering hackers easy access to information which could be negatively exploited

The people you trust most could be planning the next big cyber attack on your company (Business Insider) The bigger problem is that most of these attacks are initiated by "insiders," such as employees, business partners, or third party contractors. This chart from Statista, based on data from the IBM report, shows that 60% of all cyber attacks in 2015 were an inside job, with 44.5% of them designed by "malicious insiders"

Protesters hack Iraqi parliament website: ‘Idiots are leading the country’ (Washington Post) First they ransacked parliament, sending the country's lawmakers fleeing for safety. Now, Iraqi protesters have taken their fight against government corruption online, hacking the parliament's website

The Islamic State's Leader in Bangladesh Is Probably Canadian (VICE) The leader of Bangladesh's brutal offshoot of the Islamic State who was recently profiled in IS' official magazine may be Tamim Chowdhury, a former Canadian resident

Hacker Selling Quarter Million State of Louisiana Drivers’ Licence Database (HackRead) Brief: he calls himself “NSA” and he’s selling driver’s licence database of a quarter million+ (290k+) people from the state of Louisiana, United States

No, Acunetix Website was NOT hacked (HackRead) Acunetix website was not hacked — the so-called hacker took advantage of server downtime and used the fake screenshot to prove his defacement

Miscreants breach NFL’s Twitter account, reveal its weak password (Ars Technica) Takeover comes a few days after hijacking of Mark Zuckerberg's Twitter account

NFL Tackles Twitter Account Hijack (Dark Reading) 'Peggle Crew' hacking group claims responsibility, says it stole password from email of social media employee

White hat shows how Better Business Bureau’s site leaked personal data (Ars Technica) Consumer group complains over “unauthorised test," but won't take it further

FTC’s chief technologist gets her mobile phone number hijacked by ID thief (Ars Technica) If it can happen to her, chances are it can happen to lots of people

Cyber Trends

IoT pushes IT security to the brink (CSO) The Internet of Things (IoT) offers many possible benefits for organizations and consumers—with unprecedented connectivity of countless products, appliances and assets that can share all sorts of information. IoT also presents a number of potential security threats that organizations need to address

2016 CIO Study Results: The Threat to Our Cybersecurity Foundation (Venafi) CIOs admit to wasting millions on cybersecurity that doesn’t work on half of attacks

So Far Not So Good For Internet And Security In 2016 (PYMNTS) The first quarter of 2016 has been an eventful one chock-full of cyberattacks and emerging threats

Infosec is a sham: The reality of IT security (Ars Technica) Op-ed. Infosec numbers don't add up: we need better training, standards, accountability

Enterprises Still Don't Base Vuln Remediation On Risk (Dark Reading) New White Hat study shows critical vulnerabilities aren't fixed any faster than other security flaws

The gaming industry can become the next big target of cybercrime (TechCrunch) Video-game-related crime is almost as old as the industry itself. But while illegal copies and pirated versions of games were the previous dominant form of illicit activities related to games, recent developments and trends in online gaming platforms have created new possibilities for cybercriminals to swindle huge amounts of money from an industry that is worth nearly $100 billion. And what’s worrisome is that publishers are not the only targets; the players themselves are becoming victims of this new form of crime

The journey of cyber defence (BizCommunity) Cybercrime has become a global epidemic from which Africa has not been spared, leaving companies counting losses which range from money to credibility. Corporates across the continent need to take urgent action to prevent these outcomes, but too few are yet making the management changes needed to ward off the threat

A fifth of companies don't tell us about data breaches (IT Pro) However, 74 per cent of companies think they're well protected against data breaches

Marketplace

Conference Board says 'translation gap' is compromising cyber security (News 1130) As cyber criminals continue to find creative ways to compromise your privacy, the Conference Board of Canada is pointing out there is a critical gap in security for many companies in this country and it has nothing to do with technology

Cyber Readiness Means First Building the Work Force (SIGNAL) The world needs at least 1.5 million cybersecurity professionals who do not exist—a labor shortage created by the increase in frequency and severity of cyber attacks and employers all fishing from the same pond, said Michael Cameron, vice president for business development, cyber and cybersecurity at Leidos, at the NITEC 2016 cyber conference

White House: Millennials Won’t Work For Us, So Our Tech Sucks (Vocativ) Report admits that millennial recruits are turned off by the fact that most government offices feature tech that is older than what they have at home

The State of the Bug Bounty: Bugcrowd’s second annual report on the current state of the bug bounty economy (Bugcrowd) What we’re witnessing right now is the maturation of a model that will fundamentally change the way we approach the security, trust and safety of the Internet. Bug bounty programs are moving from the realm of novelty towards becoming best practice. They provide an opportunity to level the cybersecurity playing field, strengthening the security of products as well as cultivating a mutually rewarding relationship with the security researcher community. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few

‘Super Hunters’ Emerge As More Companies Adopt Bug Bounties (Dark Reading) 'Super hunters' chase down vulnerabilities wherever there's a bug bounty payday...and they've become very popular with cybersecurity job recruiters, says Bugcrowd report

Cyber firms: Online peace deal with China hurt our business (FedScoop) Cybersecurity companies are weighing in on whether last year's landmark deal with China has hurt their bottom line. Several say it has

Deep Packet Inspection vendors looking to virtualisation, differentiation as hardware commoditisation takes hold (Vanilla+) Virtualisation and differentiation are the key themes currently dominating the deep packet inspection (DPI) market, says Shira Levine, research director, service enablement and subscriber intelligence, IHS Technology

Cyber-security start-up Cylance raises $100m (Financial Times) Cylance, a cyber-security start-up trying to upend the old world of antivirus software, has raised $100m from investors including private equity firm Blackstone and Insight Venture Partners

Cylance, fighting malicious hackers with AI, hits $1B valuation after raising $100M (TechCrunch) “If you can’t beat them, join them” may not sound like the most encouraging pitch for a cybersecurity company, but a startup called Cylance has created an artificial intelligence-powered brain that essentially does just that, and it has taken off — raising $100 million in a Series D round of funding and catapulting itself into the so-called ‘unicorn’ club of companies with $1 billion valuations

Another AI-Based Security Startup Gains Funding (Datanami) Advanced data analytics and AI techniques such as cognitive intelligence and deep machine learning are finding new applications in the drive to understand and respond to a growing range of cyber security threats as they unfold

Blue Coat IPO Causes Confusion for Analysts (The VAR Guy) Blue Coat could be the third tech company this year to go public, following the announcement that the network security company filed for an IPO last week

Zscaler Positioned as a Leader in Gartner Magic Quadrant for Secure Web Gateways for Sixth Consecutive Year (MarketWired) Zscaler is positioned the furthest for completeness of vision in the leaders quadrant

How the Great Recession helped these Chicago founders find success (Built in Chicago) Most people are familiar with the basic best practices for cybersecurity: use strong passwords with upper- and lowercase letters, symbols, and numbers and don’t use the same password for more than one site. But plenty of us settle for less-than-secure passwords, and how many people do you actually know who never, ever reuse them?

Finjan blasts off after settling with Proofpoint (Seeking Alpha) Finjan (FNJN +13.9%) has settled its infringement suit against security software firm Proofpoint (PFPT +1.6%). As part of the deal, Finjan will receive $10.9M in cash via three payments: A $4.3M up-front payment, a $3.3M payment due on or before Jan. 4, 2017, and a $3.3M payment due on or before Jan. 3, 2018. Other deal terms are confidential

Resilient CEO: IBM acquisition and how Watson can revolutionise cyber security incident response (Computer Business Review) C-level briefing: What IBM’s incident response acquisition tells us about its cyber security plans

Cisco Systems, Inc: Credit Suisse Shows Concern over Management Shuffle (Bidness Etc.) Changes in Cisco Systems’ internal management continue to be a concern, despite the reorganization efforts

Symantec Drives Into Automobile Security (Dark Reading) Automakers quietly begin testing cybersecurity features for connected cars

Tech firms want to save the auto industry—and the connected car—from itself (Ars Technica) We crash test cars, but we don't crash test the code they run

Securing your car from cyberattacks is becoming a big business (Computerworld via CSO) Last year, the auto industry got a warning shot when a Jeep Cherokee was remotely hacked and controlled

Bishop Fox Named "Top Company to Work" for Third Year in a Row (MarketWired) Company has grown into a leading global cybersecurity consulting firm with nearly 80 employees and four U.S. offices; meeting demand for high-level, customized solutions to businesses' most challenging cyber threats

Leidos to support Army with intel analytical sofware (C4ISR & Networks) Leidos has been awarded a slot on an Army contract, with a maximum value of $250 million, to develop analytical software for intelligence analysis

STG wins Cybersecurity contract with U.S. Army (GlobeNewswire) Cybersecurity and Information Assurance support will be provided to NETCOM Cybersecurity Directorate

USAF looks to secure aircraft systems from cyber attack (IHS Jane's 360) The US Air Force (USAF) is moving to enhance the security of aircraft systems in the cyber domain, issuing a broad agency announcement under its Avionics Vulnerability Assessment Mitigation and Protection (AVAMP) programme

Deloitte opens first African Cyber Intelligence Centre (ITWeb) South Africa has become the first country in Africa to host a Deloitte Cyber Intelligence Centre (CIC), which opened in Johannesburg on Wednesday

Products, Services, and Solutions

Nuix and Voci Partner to Deliver Fast, Accurate Speech Transcription and Voice Analytics (PRNewswire) Investigators and legal practitioners can transform audio files into highly accurate, ingestible text, eliminating the need to listen through and manually transcribe recordings

The Chrome extension that hides your screen in plain sight (Naked Securiy) Imagine you’re sitting on an airplane, using webmail to send your marketing plan to your boss, when you notice that the passenger sitting next to you has wandering eyes

Endace partnership with Plixer delivers enhanced deep-dive security forensics (PRNewswire) Integration between Plixer 's Scrutinizer and EndaceProbe network recorders lets analysts pivot from alerts direct to recorded packets for forensic analysis of security events

WatchDox by BlackBerry Email Protector will help businesses keep attachments secure (CrackBerry) BlackBerry has announced a new enterprise software product, WatchDox by BlackBerry Email Protector. It's been designed to help businesses secure files sent via email

Proofpoint Expands Partner Ecosystem with CyberArk and Imperva (GlobeNewswire) Seamless integrations protect privileged users faster, prevent data breaches

PhishMe Launches New ‘Active Threats' Phishing Simulations to Help Combat Ransomware (BusinessWire) Global leader in enterprise phishing defense and intelligence unveils highly anticipated update to help organizations resist Ransomware, Business Email Compromise (BEC) and other timely threats

HPE Unveils Converged Systems for IoT (eWeek) The Edgeline EL1000 and EL4000 systems are part of a larger series of announcements by HPE to address such IoT issues as security and management

Technologies, Techniques, and Standards

Government Framework Offers Cybersecurity (SIGNAL) A threat-centric approach allows networks to establish domains for key functions

HITRUST Pilot Project Advances Cyber Threat Information Sharing to Combat Ransomware, Other Cyber Attacks (Healthcare Informatics) The Health Information Trust Alliance (HITRUST) announced that it’s latest industry pilot project to improve the collection and sharing of cyber threat information is helping aid organizations in reducing their cyber risk

RSA: Organizations Need to Determine Their 'Cyber Risk Appetite' (PRNewswire) Report outlines new framework designed to create stronger cybersecurity objectives by calculating the impact risk has on an organization

The Identity Defined Security Alliance Releases New Integration Framework to Help CISOs Rapidly Build Identity-Centered Security Solutions; Welcomes Two New Technology Members (BusinessWire) Co-founding members Ping Identity and Optiv Security continue evolution of next generation identity and access management solutions

5 Tips for Setting Up A Security Advisory Board (Dark Reading) When a company needs to up its game in security, forming a security board can help

Maslow’s pyramid of cyber deception needs (Help Net Security) In 1943, psychologist Abraham Maslow published his theory of human motivation, which turned into a consensual method to analyze a person’s needs

What is a VPN and do you need one (VPNMentor) Discover how, with the help of VPN, you can watch movies that are blocked in your country, crack into websites that you don’t have access to, hide from the FBI when you download torrents and more

How to Talk to Millennial Travelers About Cybersecurity (Travel Agent Central) With mobile devices forming an integral part of the travel experience, we spoke with an expert on how travelers can stay safe on the road

Design and Innovation

Looking for trouble: How predictive analytics is transforming cybersecurity (Help Net Security) Leading organizations recognize that stringent cybersecurity processes and strong infrastructure, while essential, are not enough to eliminate today’s disparate and ubiquitous threats. So they aim to use predictive analytics to identify and stop potential threats before they can wreak havoc

Academia

Op-Ed: The Time Is Now to Prevent a Cybersecurity Workforce Crisis (US News and World Report) We must encourage early exposure to technology and cybersecurity careers within our educational systems

Pwnie Express and Norwich University Identify and Neutralize Cyber Threats at Super Bowl 50 (Marketwired) Pwnie Express, the leader in connected device threat detection, today revealed its successful partnership with Norwich University to identify and neutralize connected device threats during Super Bowl 50

Legislation, Policy, and Regulation

NATO Needs a Wake Up Call, Estonian General Shares at NITEC 2016 (SIGNAL) Europe is asleep at the wheel and needs an awakening before it crashes, warned Lt. Gen. Riho Terras, commander of Estonian Defense Forces

NATO to Invest Billions of Euros to Tap Industry Cybersecurity Know-How (SIGNAL) NATO is dangling roughly 3 billion euros in funding for future cyber-based initiatives to match—and then surpass—the increasingly sophisticated attacks against its 28-member alliance, officials announced Tuesday on the inaugural day of the NITEC 2016 conference

Small Budgets Compel Creative Cyber Solutions, Estonia Official Shares (SIGNAL) Small nation-state budgets aren’t always such a bad thing, offered Ingvar Parnamae, undersecretary for defense investments for the Estonian Ministry of Defense

German MOD Makes Sweeping Changes to Counter Cyberthreats (SIGNAL) NATO allies rely more heavily on industry for solutions to counter attacks on networks, infrastructure

The 'Secret Weapon' to Securing Cyber Could be Just Getting Along, Says DOD CIO (SIGNAL) The key to cybersecurity woes might be found in the relationships created between government and industry, the Defense Department’s chief information officer said

Netherlands cyber capabilities to be stressed at new training site (IHS Jane's International Defence Review) The Netherlands Defence Cyber Command will stress both its defensive and offensive capabilities in a new cyber security training and testing facility

US Homeland Security Could Get Its Own Cyber Defense Agency (Defense One) A panel of House lawmakers want to turn the existing National Protection and Programs Directorate into the Cybersecurity and Infrastructure Protection Agency

FBI wants email privacy act to allow warrantless access to browsing histories (Naked Security) Fixing a “typo” in a law governing domestic surveillance is the top priority for the bureau this year, FBI Director James B. Comey has said

Hacker Lexicon: What Is the Digital Millennium Copyright Act? (Wired) The call for copyright reform in America has grown so loud that Congress has finally heard it. Lawmakers have ordered a slate of studies to look into how to fix what has become a broken system, and activists are cautiously optimistic that this could be the first step toward reform. The source of the fracture? The Digital Millennium Copyright Act

Virginia governor signs budget, kicking off series of cybersecurity programs (StateScoop) Though Gov. Terry McAuliffe won't get all the money he hoped for, the state's new budget still includes millions to support a bevy of cyber-focused initiatives

Litigation, Investigation, and Law Enforcement

Experts: Clinton emails could have compromised CIA names (AP) The names of CIA personnel could have been compromised not only by the hackers who may have penetrated Hillary Clinton's private computer server or the State Department system, but also by the release itself of tens of thousands of her emails, security experts say

FBI claimed Petraeus shared ‘top secret’ info with reporters (Politico) Newly unsealed affidavit sheds light on a probe sometimes compared to that of Clinton emails

One year after OPM cybertheft hit 22 million: Are you safer now? (Washington Post) Are you safer now? That’s the question for the 22 million federal employees and others whose personal information was stolen by cyberthieves from the Office of Personnel Management (OPM) in a heist announced one year ago

FBI Alerted Banks About Hacks After Bangladesh Heist (Dark Reading) Authorities said cyber group that hit Bangladesh Bank was likely planning more attacks

Cyber criminals targeted by Darktrace and NCC alliance (Cambridge News) Darktrace and NCC have teamed up to combat targeted cyber-security threats

Morgan Stanley To Pay $1 Million SEC Fine For Security Lapse (Dark Reading) Wall Street bank penalized for violating Safeguards Rule leading to theft of customer data

Journalist convicted on hacking charges tries to stay out of prison during appeal (Ars Technica) Keys convicted of passing CMS login that resulted in brief defacement at LA Times

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

LegalSEC Summit 2016 (Baltimore, Maryland, USA, June 9 - 10, 2016) Whatever your role in security, there’s something here for you! Hear from experts who will share their experiences related to information security, and develop takeaways to use in your organization. The...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Cybersecurity and Financial Services: Understanding the Risks (San Diego, California, USA, June 9, 2016) Join San Diego's KCD PR for a conversation on a hot topic for every business operating in the Fintech and Financial Services space: Cybersecurity. The nature of cybersecurity breaches is continuously changing...

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first...

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...

Cyber Security Opportunities in Turkey Webinar (Online, June 14, 2016) As in other countries, Turkey is a target of high profile attacks in the public and private sectors. Instability from neighboring countries increases their risk. Since 2014 Turkey is working on a cyber security plan which includes not only government but private sector and NGOs as well. Per Cisco's 2014 Security Report, attacks occur in ICS-SCADA, web servers and malwares-6% respectively, applications-31%, infrastructure-18%, and end-users-9%.Topics include: industry drivers, trends, and key players. Open Q&A session at the conclusion of presentations. Confirmed speakers: Alper Cem Yilmaz, Founder, and Jade Y. Simsek, Mrktg Specialist, CrypTech. Learn about the Cyber Security Market in Turkey with the objective of finding sales opportunities. Turkey's Transportation, Maritime Affairs and Communications Ministry formed SOME (Cyber Incident Response Teams)for protection of cyber attacks. ...

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...

TECHEXPO Top Secret Hiring Event (Baltimore, Maryland, USA, June 15, 2016) Security-cleared professionals are invited to interview for new career opportunities on Wednesday, June 15 at the BWI Marriott in Baltimore, MD. Hot job opportunities are available in Cyber Security, Intelligence,...

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense,...

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.