skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

The Republic of Korea issues another complaint about North Korean cyber operations: an attempt to access South Korean railroad workers' email, apparently in an effort to compromise transportation control systems.

FireEye thinks that governments with advanced cyber capabilities have already built latent vulnerabilities into industrial control systems with a view to holding them in reserve for future exploitation. This is, it seems, a matter of a priori possibility as opposed to a conclusion based on specific evidence.

ISIS success at information operations seems strongly connected to close control of messaging and its reiterated claims to be in control of territory.

A Damballa study describes how cyber criminals are evading legacy detection techniques by adopting an agile approach to their infrastructure. The company's eight-month study of Pony Loader revealed that the malware's controllers "281 domains and more than 120 IPs spread across 100 different ISPs."

IBM mulls the significance of JavaScript-based ransomware: it's a cross-platform threat, and it's increasingly being offered as a service to criminals without strong technical skills.

In the US, phishing of companies for employee tax records continues as we approach the April 15th tax-filing deadline. The Internal Revenue Service, which sustained a major breach last year, has been forced to take its online PIN service offline—the remedial service has itself been compromised.

This week sees patches from Microsoft, Google, Adobe, Mozilla, Facebook, and SAP.

The Apple-FBI dispute in US courts continues, spooking the Silicon Valley companies the Defense Department hopes to win over with support for encryption (echoed by the UK's GCHQ).

Notes.

Today's issue includes events affecting Australia, European Union, France, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Syria, Turkey, Ukraine, United States..

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Dateline RSA 2016

Record numbers attend RSA Conference 2016 (OnWIndows) A record 40,000 attendees participated in the 25th RSA Conference, which took place at the Moscone Center in San Francisco, US from 29 February to 4 March

Hottest Topics To Come Out Of RSA Conference (Dark Reading) Encryption, bug bounties, and threat intel dominated the mindshare of the cybersecurity hive mind at RSAC last week

RSA Conference 2016: The infosec glass house? (Help Net Security) A couple of years late to the party, but I finally made it to San Francisco with a real sense of excitement to attend what was described to me as the “Super Bowl of the Security Industry"

Making sense of threat intelligence data in your IT environment (Help Net Security) Threat intelligence data has been growing at an exponential rate of 39% a month. Enterprise customers are looking at around 30,000 events going into their SIEM every second. Only a small percentage have the infrastructure able to handle that amount of data

Interview: Laura Galante, FireEye (Infosecurity Magazine) With another pivot into the threat intelligence space recently, FireEye continues to make strides in the services side of security

ThreatStream Changes Name To Anomali, Adds New Products (CRN) The security vendor formerly known as ThreatStream used the RSA conference in San Francisco as a launching platform for its new name, Anomali

How the tiny startup Phantom Cyber scored big at RSA (TechCrunch) By any measure, Phantom Cyber is a David in a world of security Goliaths

Cyber Attacks, Threats, and Vulnerabilities

Nations have injected malware into industrial control systems 'just in case' (V3) Developed nations are likely to have created and covertly deployed malware in industrial control systems (ICS) used in other countries in case it ever needs to be used in a conflict

North Korea tried to hack South's railway system: spy agency (Reuters) North Korea has tried to hack into email accounts of South Korean railway workers in an attempt to attack the transport system's control system, South Korea's spy agency said on Tuesday

Why ISIS is So Successful (Cipher Brief) The rise of the Islamic State has been accompanied by the increasing presence of the terror group on social media. ISIS’s message of a Muslim utopia is disseminated through various organizations and outlets, all coordinated through complex bureaucratic measures

Russia-linked malware group turns to Turkey (FierceGovernmentIT) A prolific malware group with suspected ties to Russia known as "Pawn Storm," has reportedly launched a cyber espionage campaign against the Turkish prime minister, Turkish parliament and one of the largest newspapers in Turkey

Ransomware Takes a Scary Turn Using JavaScript (IBM Security Intelligence Blog) Security researchers have uncovered a new twist on ransomware-as-a-service with the discovery of what is being called Ransom32

Polymorphic Malware on the Rise (Softpedia) Polymorphic techniques make malware harder to detect

Damballa Releases New State of Infections Report Highlighting How Cyber Criminals Move Their Infrastructure and Conceal Their Tracks to Avoid Detection (BusinessWire) Damballa, the experts in network security monitoring, today released its Q1 2016 State of Infections Report highlighting exactly how cyber criminals evade detection

Reactions to the KeRanger ransomware for Macs (Help Net Security) Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. The malware, dubbed KeRanger, has been found bundled into the Mac version of the open source Transmission BitTorrent client, and made available for download on the Transmission developers’ official website

The Half-Day Attack: From Compromise to Cash with Sentry MBA (Shape Security) Sentry MBA, an automated attack tool used to take over accounts on major websites, makes cybercrime accessible to legions of attackers across the globe

The IRS Has Taken its Failed ID Protection Service Offline, After a Hack (Government Executive) After last year’s massive data breach at the United States Internal Revenue Service, the agency gave secret codes to the taxpayers whose personal information had been compromised

Seagate 'whaling' delivers thousands of employee W-2s to identity thieves (FierceITSecurity) 'Tis the season to file taxes in the U.S., and scam artists are out in force to take full advantage of the situation

More companies snared by same type of phishing attack that hit Snapchat (Naked Security) It’s getting close to Tax Day in the US, and if you haven’t filed your taxes yet, you really should go ahead and do it before a cybercriminal does it for you

Rosen Hotel Chain Had a PoS Malware Infection for 17 Months (Softpedia) Rosen Hotels & Resorts Inc. (RH&R), a Florida-based US hotel chain, had some bad news for its customers during the past week after the company announced a malware infection that affected its credit card processing system for over 17 months

Cyber criminals getting more nimble, sophisticated (Business Insurance) Firms face a “broader and deeper landscape” with respect to cyber security risks, according to an analysis released Tuesday

Why cyber security is so important: 18 real-life hacks & cyber attacks that could disrupt your business (Computer Busiess Review) A look through Verizon's Data Breach Digest and the different cyber scenarios that could threaten your business

And the State that Sends the Most Email Spam Is … (Comodo Blog) It might come as a surprise to learn that Utah – with its beautiful terrain and picturesque views – could be a hive of activity for the origination of spam emails

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin Summary for March 2016 (Security TechCenter) This bulletin summary lists security bulletins released for March 2016

Microsoft Patches Critical Vulnerabilities in its Browsers (Threatpost) Microsoft released a baker’s dozen worth of security bulletins on Tuesday, including five rated critical and two rated important that could result in remote code execution attacks against compromised machines

Security update available for Adobe Digital Editions (Adobe Security Bulletin) Adobe has released a security update for Adobe Digital Editions 4.5.0 and earlier versions. This update resolves a critical memory corruption vulnerability that could lead to code execution

Security Updates Available for Adobe Acrobat and Reader (Adobe Security Bulletin) Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system

Mozilla Releases Security Updates (US-CERT) Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

Stable Channel Update (Chrome Releases) The stable channel has been updated to 49.0.2623.87 for Windows, Mac, and Linux...This update includes 3 security fixes that were contributed by external researchers. Please see the Chromium security page for more information

Google plugs 19 holes in newest Android security update (Help Net Security) In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical

Android Vulnerabilities Allow For Easy Root Access (TrendLabs Security Intelligence Blog) Qualcomm Snapdragon SoCs (systems on a chip) power a large percentage of smart devices in use today

Android security update once again addresses MMS malware flaws, but will your phone get fixed? (Hot for Security) Many Android users are running devices riddled with security holes, the most serious of which could allow a remote attacker to infect your smartphone with malware, simply by tricking you into opening an email, opening an MMS or browsing a website containing a boobytrapped media file

Facebook patches bug that let anyone hack any account (Graham Cluley) Facebook's poorly-secured beta site could be easily exploited in brute force attack

SAP Security Notes March 2016 – Review (ERPScan) SAP has released the monthly critical patch update for March 2016. This patch update closes 28 vulnerabilities in SAP products including 18 SAP Security Patch Day Notes and 10 Support Package Notes. 12 of all Notes were released after the second Tuesday of the previous month and before the second Tuesday of this month. 3 of all notes are updates to previous Security Notes

Patch insanity: Organizations are overwhelmed by vulnerability fixes (FierceITSecurity) While IT professionals know that patch management plays a critical role in maintaining an adequate cybersecurity profile, reality tends to bite: IT teams all too often struggle to keep up with, or find themselves completely overwhelmed by, the sheer volume of patches that need to be applied on a weekly, if not daily, basis in enterprise environments

Patch Management Still Plagues Enterprise (Dark Reading) Half of organizations don't even know difference between applying a patch and remediating a vulnerability

Cyber Trends

Data Security Trends: Shifting perceptions on data security (Dell: Future Ready Workforce) Business and IT decision makers are finally carrying the banner of data security, recognizing not only the safety it brings, but also the opportunity

3 in 5 Brits at risk from cyber attack through poor mobile security (Information Age) Millions of Brits are leaving their personal data exposed to cybercriminals – because they don’t know their own passwords

Is mobile the new squirrel? (CSO) Mobile is just the newest piece to the always changing puzzle of security

Security Professionals Sick of Stupid Users, Bromium Finds (IT Security Guru) Bromium, the micro-virtualisation specialists from California, have just released the results of a survey conducted at RSA 2016 with some surprising results. Users take note!

Cybersecurity by the Numbers: Inside 8 Recent Cyber Surveys (Legaltech News) These surveys cover both burgeoning areas of cybersecurity and companies’ cybersecurity reactions and plans

More Organizations to Deploy Encryption for Cyber Risks, Privacy Compliance, and Cloud (Legaltech News) More global organizations are adopting encryption citing major security and compliance concerns

Despite C-level buy-in, implementation hurdles plague security initiatives (FierceITSecurity) With headline after headline about data breaches and cyberthreats, data security has become a priority for C-suite executives—finally

IoT adoption is driving the use of Platform as a Service (Help Net Security) The widespread adoption of the Internet of Things (IoT) is driving platform as a service (PaaS) utilization. Gartner predicts that, by 2020, more than 50 percent of all new applications developed on PaaS will be IoT-centric, disrupting conventional architecture practices

Marketplace

Insurance helps protect against data breach fallout (Hotel News Now) Panelists at the 2016 Hospitality Law Conference explained the growing need for insurance and types of coverage that can protect against data breaches

Captive insurers seen as a good fit for cyber risk (Business Insurance) Although cyber attacks are occurring in almost every industry, an expert says just a fraction of clients are placing cyber liability in their captive insurer

FireEye higher as Piper upgrades following analyst day (Seeking Alpha) Piper's Andrew Nowinski, who smartly downgraded FireEye (NASDAQ:FEYE) to Neutral last October (shares were at $33.06 at the time), has upgraded to Overweight following yesterday's analyst day, and hiked his target by $9 to $24. Shares are up 4.6% premarket to $18.74

FireEye Is Starting To Shine (Seeking Alpha) FireEye's human and machine-based intelligence should allow the company to remain highly competitive in the rapidly evolving cybersecurity industry. It continues to improve its financial health, as evident in the company's Q4 results. FireEye's acquisition-heavy strategy could potentially backfire in an increasingly competitive cybersecurity industry

Did Akamai Partner With Microsoft, Alphabet? (Barron's) Based on management comments, Akamai may be working on accelerating and securing apps on Azure and Google Cloud

Is Microsoft Corporation Actually Getting Serious About Security? (Motley Fool) A new cloud-based security service rollout and a shiny new war room say yes

Is Morgan Stanley wrong about big Palantir valuation markdown? (Silicon Valley Business Journal) The recent downgrade of Palantir Technologies' valuation by Morgan Stanley was a surprise to many, since the secretive intelligence analytics company hasn't seemed to be losing any momentum

IBM Denies Layoff Size As Salesforce CEO Woos Talent (InformationWeek) IBM called reports that it is laying off a third of its workforce "outlandish and untrue." That's not stopping Salesforce CEO Marc Benioff from publicly inviting IBM employees to apply for open posts at his firm

Air Force awards cryptographic contract to Raytheon (C4ISR & Networks) Raytheon has been awarded a $7.7 million Air Force contract modification for a cryptographic contract

CrowdStrike expands into Europe after backing from Google (Channelnomics) US security vendor set to open UK offices

Cylance Receives FedRAMP Certification with Third Party Assessment Organization (3PAO) Classification (PRNewswire) One of Only 33 Organizations Worldwide to Achieve 3PAO Classification as an Inspection Body

Comcast transmits signal that it takes privacy seriously, hires Noopur Davis as privacy SVP (CSO) Davis joins Comcast from Intel Security, where she was VP of Global Quality

Products, Services, and Solutions

Google open sources vendor security review tool (Help Net Secuirty) Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture

Dell open sources DCEPT, a honeypot tool for detecting network intrusions (Help Net Security) Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody

Kaspersky launches IT Health Check to assess your cyber defences (IT Pro Portal) Yesterday, Kaspersky Lab announced the launch of its IT Health Check tool

US giant Lockheed-Martin releases Israeli-based cyber-security system (Times of Israel) The aerospace company is also a big cyber-security provider, and its product just got better thanks to Israel’s Cybereason

Cybersecurity Solutions Provider Comodo Announces Launch of Secure Web Platform (HostSearch) Cybersecurity solutions provider Comodo has announced the launch of Comodo Dome, a new cloud-based secure web platform

The Institute of World Politics’ new Cyber Intelligence Initiative announces strategic partnership with Duklaw Ventures (Institute of World Politics) New strategic partnership will help cyber innovation companies

ShadowDragon Announces Partnership with Proofpoint to Create MalNet (Virtual Strategy Magazine) MalNet visualizes and maps advanced malware threat intelligence from the Proofpoint in just seconds using ShadowDragon Maltego Transforms

DefCon Cyber on alert in Prince William, protecting critical assets (Potomac Local) The time from when a cyber attacker can access a company’s internal systems to the time the company responds is about 204 days or about seven months

eero: A Mesh WiFi Router Built for Security (KrebsOnSecurity) User-friendly and secure

Technologies, Techniques, and Standards

A Wall Against Cryptowall? Some Tips for Preventing Ransomware (Internet Storm Center) A lot of attention has been paid lately to the Cryptowall / Ransomware "family" (as in crime family) of malware. What I get asked a lot by clients is "how can I prepare / prevent an infection?"

Cisco security chief: How to beat back security system complexity (Network World via CSO) Cisco has aggressively bought up security vendors and worked on integrating their software protections into existing Cisco gear, making for a simpler, more secure and flexible network, says Cisco’s security chief

Cyber Storm exercise tests cyber defense strategies (Federal Times) To an unaware observer, Cyber Storm V would look pretty undramatic: A group of people in a room, using laptops to graze websites, occasionally fielding a phone call

5 Ways to Fix the Biggest Cybersecurity Issues Law Firms Face (Legaltech News) How do you protect your law firm from a seemingly indefensible threat?

Integrated security frameworks help mitigate risk (SecurityInfoWatch) There has been an increased push by security executives across various disciplines and vertical markets in recent years to transform the C-Suite’s perception of security departments as being reactive cost centers into proactive business enablers

How to calculate ROI and justify your cybersecurity budget (CSO) If you speak with management about money – speak their language and you will definitely get what you need

Two key tools for cyber security (UK Authority) DCLG deputy technology leader William Barker emphasises importance of 10 Steps documents and CiSP

Encryption project issues 1 million free digital certificates in three months (IDG via CSO) The EFF said the numbers show that websites were previously put off by cost and bureaucracy

Design and Innovation

DARPA as the model for military cyber innovation (SC Magazine) U.S. officials expect cooperation with the private sector will bear little resemblance to a traditional recruiting model

Academia

Northrop Grumman Foundation recognizes top teams advancing to CyberPatriot VIII national finals competition (Your Defense News) The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VIII, congratulates the top 25 high school and three middle school teams advancing to the national finals competition in Baltimore, April 12

Legislation, Policy, and Regulation

France votes to penalize companies for refusing to decrypt devices, messages (Ars Technica) But UN official warns: "Without encryption tools, lives may be endangered"

In Europe, You’ll Need a VPN to See Real Google Search Results (Wired) You've got a blind date tonight and you want to find out more about the person you’re meeting

GCHQ: Crypto's great, we're your mate, don't be like that and hate (Register) UK spymaster tells MIT that all must cooperate in response to crims' use of ciphers

Military hits snag in Silicon Valley recruitment (The Hill) The fight between the FBI and Apple over a locked iPhone is threatening to undermine the Pentagon’s attempt to recruit talent from Silicon Valley

Johnson: Recruit patriots to boost cybersecurity (Federal Times) A love of country should be the one characteristic the government focuses on to recruit cyber warriors, according to Homeland Security Secretary Jeh Johnson

Obama Says Google, Facebook, Microsoft, And Visa Will Provide Extra Layer Of Security To Americans (Forbes) President Barak Obama recently said “With the help of companies like Google GOOGL +0.15%, Facebook FB +0.20%, Microsoft MSFT +0.85%, and Visa V -1.83%, we’re going to empower Americans to be able to help themselves and make sure that they are safe online with an extra layer of security, like a fingerprint or a code sent to your cellphone"

Civil liberties groups ask White House for a seat at the table in discussions on countering violent extremism online (FierceGovernmentIT) Obama administration officials are reportedly engaging the tech community on how to counter the spread of violent extremism and propaganda through online platforms and social media, but civil liberties groups say they've been excluded from the conversation

Civil Society Input on Human Rights and Civil Liberties Protections Online (New America) The undersigned organizations recognize that the U.S. government faces complex security challenges, and we appreciate the role of a variety of stakeholders including technology companies

“Activism is not terrorism”: Rights groups call on Congress to investigate the FBI and DHS for surveillance of activists (Salon) On 45th anniversary of exposure of COINTELPRO, more than 60 orgs pen a letter to congressional judiciary committees

FBI adopts new rules for accessing NSA data: report (Washington Times) New policies adopted by the FBI reportedly affect the bureau’s access to intelligence gathered by the National Security Agency on U.S. citizens, but officials say they’re barred from explaining since the changes are classified

Mandatory data breach notification proposals will unleash compliance confusion (CSO) Companies will struggle to comply with the Federal Government’s mandatory data breach notification proposals unless detailed guidance is developed and consultation processes with the Privacy Commissioner are introduced, to help them determine whether they have a notification obligation, says an IT security expert from global consulting firm, Protiviti

Einstein, cyber workforce priorities for DHS chief (FCW) In what will likely be his last budget presentation before the Senate, Homeland Security Secretary Jeh Johnson said implementing the Einstein cybersecurity system across government, attracting capable cyber defenders and ensuring the success of the Department of Homeland Security's unified acquisition and management programs are among his top targets for the year and into the future

Q&A: Why Phyllis Schneck needs the country to trust her (FedScoop) Whether it's defending the .gov domain or protecting the private sector, the Department of Homeland Security’s deputy undersecretary for cyber says trust is crucial to her mission

Litigation, Investigation, and Law Enforcement

Feds Appeal Apple's iPhone Encryption Win In NY Case (InformationWeek) Apple may have hoped to "hang its hat" on a recent iPhone encryption win in a Brooklyn court, but the Justice Department has requested revisiting the judge's ruling

Apple to FBI: Weakening iPhone Security Could Make the Power Grid More Hackable (MIT Technology Review) Apple’s public assaults on the FBI’s demand that it help unlock an iPhone used in last year’s shootings in San Bernardino, California, keep getting louder

Snowden: FBI’s stance in Apple case is 'horses---' (The Hill) National Security Agency leaker Edward Snowden on Tuesday had harsh words regarding the FBI’s claim that only Apple can break into the iPhone used by one of the San Bernardino, Calif., terrorists

Fact checking the Hillary Clinton email controversy (Washington Post) It’s been one year since it was learned that Hillary Clinton had set up a private email system when she was secretary of state — a revelation that has dogged her campaign for the presidency

Home Depot settles consumer lawsuit over big 2014 data breach (Reuters) Home Depot Inc (HD.N) agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Upcoming Events

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Pwn2Own 2016 (Vancouver, British Columbia, Canada, March 16 - 17, 2016) Since its inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets,...

Insider Threat Symposium & Expo™ (San Antonio, Texas, USA, March 17, 2016) The Insider Threat Symposium & Expo was created in the wake of the recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach), and the continued damaging and costly insider threat incidents...

ICCWS 2016 (Boston, Massachusetts, USA, March 17 - 18, 2016) ICCWS 2016 will cover the complex but exciting aspects of international cyber warfare and security

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.