skip navigation

More signal. Less noise.

Recorded Future

Get threat intelligence on hackers and vulnerabilities FREE every day with the Recorded Future Cyber Daily. Sign up today.

Daily briefing.

The Russian cyber mob that impersonated FinCERT now has a name, "Buhtrap," and a tally sheet: thirteen banks hit since August, with their biggest single take being 600 million rubles ($8.65 million). Other banking threats remain active. Carbanak is back, and Dridex is, too.

Various outlets say that FireEye has given the Indian government a report detailing extensive cyber espionage campaigns by actors based in Pakistan. Whether state-run (or inspired), hacktivist or criminal, or some mix of all of these is unclear from media reports. The campaign is said to involve distribution of Seedor malware through email attachments. The targets are reported to be Indian military and government personnel as well as Pakistani dissidents.

Stagefright may prove realistically exploitable, according to NorthBit, which describes a proof-of-concept attack the security company says could readily work in the wild. Google closed Stagefright in response to Zimperium research, but unpatched devices remain vulnerable.

AceDeceiver may affect non-jailbroken iPhones, but Wired puts the issue into perspective with a quotation from security researcher Jonathan Zdziarski. “In its current form, this isn’t dangerous except to the exceptionally stupid.”

Rowhammer, another vulnerability from the past, may also be riskier than long thought. Third I/O research suggests that bitflipping might indeed work against dual in-line memory modules.

Ready availability of cheap Steam stealers drives a long-running uptick in Steam gaming account hijacking.

Observers think the FBI is more worried about precedent than a single iPhone's contents in the dispute with Apple.

Notes.

Today's issue includes events affecting Canada, China, Cuba, European Union, India, Iran, Iraq, Israel, Democratic Peoples Republic of Korea, Netherlands, Pakistan, Russia, Sudan, Syria, United Kingdom, United States.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Cyber security firm FireEye reveals Pak modus operandi against India (SIR) Hackers from Pakistan have been waging war against India in the virtual world, according to cyber security firm FireEye

Pakistan-based cyber espionage group allegedly targeting Indian military and government personnel since 2013: FireEye (GCONew) Security company FireEye has made a possibly damaging revelation today. A cyber espionage group possibly based out of Pakistan, has been targeting Indian military and government personnel, as well as, Pakistan dissidents since 2013. According to the company, the group sent emails about military issues and India-Pakistan relations that hid malware inside

New Russian Hacker Cell Hit 13 Banks Since August, Group-IB Says (Bloomberg) A newly discovered Russian-language hacker group known as Buhtrap has attacked 13 Russian banks since August using malware that infiltrates their gateway to the central bank, according to Moscow-based cybersecurity company Group-IB

Online Banking Threats in 2015: The Curious Case of DRIDEX’s Prevalence (TrendLabs Security Intelligence Blog) The thing about takedowns is that these do not necessarily wipe out cybercriminal operations

Trump's Social Security, phone numbers released by Anonymous hacker group (AOL News) Hacker group Anonymous released phone numbers and a Social Security number allegedly belonging to Republican presidential candidate Donald Trump on Thursday

Cyber espionage groups grow more insidious (FierceCIO) Symantec has issued the unsettling reminder that the code-signing certificates organizations use to secure their files and software might not be as safe as their IT teams think

Adult themed Android SMS Stealer Trojan (Zscaler Threat Lab) During our continued efforts to protect our customers against the latest mobile threats, we came across another malicious app that used pornography to attract users

Even for Companies that Don’t Pay, Ransomware Attacks Prove Costly: Survey (Legaltech News) Employees are usually locked out for days after an attack, and often the cleanup process means the loss of essential files

New Stagefright exploit threatens unpatched Android devices (Graham Cluley) One of Android's biggest security scares is back for an encore

Metaphor: A (real) real­life Stagefright exploit (NorthBit) In this paper, we present our research on properly exploiting one of Android’s most notorious vulnerabilities--Stagefright--a feat previously considered incredibly difficult to reliably perform

AceDeceiver Malware Can Infect Non-Jailbroken iOS Devices (Intego) I've said it before, and I'll no doubt say it again — if you care about your iPhone or iPad's security, then you won't resort to jailbreaking

Hack Brief: No Need to Freak Out Over That Chinese iPhone Malware (Wired) The security track record of Apple’s locked-down mobile operating system has been so spotless that any hairline fracture in its protections makes headlines

Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” (Ars Technica) New research finds "bitflipping" attacks may pose more risk than many admit

Spammers Abusing Trust in US .Gov Domains (KrebsOnSecurity) Spammers are abusing ill-configured U.S. dot-gov domains and link shorteners to promote spammy sites that are hidden behind short links ending in”usa.gov”

The FBI Warns That Car Hacking Is a Real Risk (Wired) It's been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee as I drove it down a St. Louis highway

Motor Vehicles Increasingly Vulnerable to Remote Exploits (IC3) As previously reported by the media in and after July 2015, security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles

Google, university team reveal the farce of 100% 'secure' HTTPS browsing (FierceCIO) In case you thought all the Web browsing your people do on the job is secure, please allow us to burst your bubble

McAfee uses web beacons that can be used to track and serve advertising to users (Help Net Security) A test of seven OEM laptops running Windows has shown consistent privacy and security issues, including an interesting revelation that the McAfee Antivirus running on six of them is using web beacons to serve ads and possibly even track users online

How your data is collected and commoditised via “free” online services (Troy Hunt) I get a lot of people popping up with data breaches for Have I been pwned (HIBP). There’s an interesting story in that itself actually, one I must get around to writing in the future as folks come from all sorts of different backgrounds and offer up data they’ve come across in various locations. Recently someone sent me a list of various data breaches they’d obtained, including this one

What your encrypted data says about you (Naked Security) You’ve probably heard of metadata, which is a fancy name for “data about data"

Boom in Steam account hijacking is due to cheap Steam Stealers (Help Net Security) With over 125 million active users, Valve’s Steam is the most popular online gaming platform in the world and, consequently, forms a huge pool of targets for cyber crooks and scammers

Where cyber space meets the Wild West (Financial Times) The baddies behind botnets have an endless supply of cheap guns while citizens have only barricades

Confidential Ohio medical records exposed (Newsnet5 Cleveland) Cuyahoga County man stumbles upon breach

Security Patches, Mitigations, and Software Updates

Symantec warns of serious security holes – in Symantec security kit (Register) Even the gatekeepers need patching

Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Security Issues (Symantec) Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client

Windows users getting unwanted prompts and upgrades to Windows 10 (FierceCIO) Reports of an excess of unwanted Windows 10 upgrades have popped up over the past week, an article at CIO noted. However, an analyst from IT consultancy Directions on Microsoft said users – not just Microsoft – can share the blame

Cyber Trends

IT is getting cloud storage security all wrong (CIO via CSO) Two recent reports confirm that your greatest security threat is your users, not outside hackers

Companies still lack adequate data privacy tools (Help Net Security) 93 percent of IT professionals agree that customer data privacy concerns are a critical issue at the C-level. Yet, only 9 percent percent believe current privacy and consent methods are adequate

Insight into critical data remains limited (Help Net Security) SANS surveyed 829 IT professionals with endpoints located around the globe to explore how IT professionals monitor, assess, protect and investigate their endpoints

Alarming gaps in cyber security identified by a new survey of Canadian energy companies (Oilweek) Only one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general

Third of UK universities victimised by cyber-attacks (SC Magazine) Over one-third (36 percent) of universities in the UK are hit by cyber-attacks every hour

Marketplace

Cyber-security ethics: the ex-hacker employment conundrum (SC Magazine) The hiring of a former Lulzsec hacker by a respected cyber-security company has raised some interesting questions as to the role of former black hats in the white hat's world

SINET targets Sydney debut to channel Australia's “hunger” for commercialising security innovation (CSO) The impending emergence of security incubator Security Innovation Network (SINET) in the Australian market will tap into what the multinational organisation's founder calls “a definite hunger for cybersecurity innovation” amongst Australian businesses keen to share ideas and build businesses in the fast-expanding global security market

Thales Closes $424M Buy of Vormetric in Cyber Market Push (GovConWire) Thales Group has closed its acquisition of San Jose, California-based data protection technology vendor Vormetric after the French conglomerate obtained regulatory clearance for the estimated $424 million transaction

CSC acquires UXC security partner Dalmatian Group (CRN) Australia’s largest IT services provider has just become a little bigger after completing its second acquisition in a month

LANDesk To Acquire AppSense (Dark Reading) LANDesk looks to expand endpoint protection across virtual, cloud, physical environments

Bernstein has 5 reasons for you to own Palo Alto (Seeking Alpha) Palo Alto Networks (NYSE:PANW) shares ended the day down slightly despite a bullish note from Bernstein analyst Pierre Ferragu which highlighted 5 reasons to own the shares

Mimecast Climbs Back From Post-IPO Swoon (Seeking Alpha) Revenue and cash flow are steadily growing. Mimecast is rolling out security suite extensions. Hedge fund has acquired 46% of share float

Cyber security is becoming a Dutch export (ComputerWeekly) IT security is about to rival cheese, tulips, windmills and flood defences as an export from the Netherlands

Hootsuite deal means big exposure for Baltimore's ZeroFOX (Baltimore Business Journal) A new partnership with social media management company Hootsuite will mean big exposure for Baltimore’s ZeroFOX

An airline disaster gave Stuart McClure the genesis for his Irvine cybersecurity company (Orange County Register) An airline disaster gave Stuart McClure the genesis for his Irvine cybersecurity company

With little time to react, staying ahead of threats is top-of-mind for C-level execs (CSO) As he settled into his seat, preparing for an hourslong flight, Stuart McClure made a seemingly insignificant decision that likely saved his life and those of his mother and little brother

Neustar hires security sales veteran from Cyphort (Telecompaper) Neustar said it has hired security sales veteran Denise Hayman, who will join the Neustar sales team to focus on the high-growth enterprise security market

Products, Services, and Solutions

Customer Authentication: Multi-factor security from iovation (Help Net Security) Customer AuthenticationWith most transactions now happening online, providing customers with a frictionless online experience that’s also highly secure is critical for today’s businesses

NTT, Microsoft to share info on cyberattacks (Nikkei) Japan's Nippon Telegraph & Telephone group and Microsoft will share information on threats to cybersecurity in an effort to better protect clients

Technologies, Techniques, and Standards

Mitre Takes on Critics, Set to Revamp CVE Vulnerability Reporting (Threatpost) Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures (CVE) in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of reported vulnerabilities to the organization

Considering Docker? Consider Security First (OpenDNS Blog) Containers started making a big splash in IT and dev operations starting in 2014. The benefits of flexibility and go-live times, among many others, are almost undeniable. But large enterprises considering using a container platform for development or IT operations should pause and consider security first

What is an SQL Injection Cheat Sheet? (Netsparker) An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability

A management guide to becoming cyber-attack resilient (South China Morning Post) Financial services firms need to step up their cyber-attack readiness plans

Does a smartphone make two-factor authentication? (CSO) Is a cell phone a suitable second factor for two-factor authentication? Several infosec pros had a lively debate about this topic on Twitter recently

Paranoid or Cautious? Protect Your Data Like Everyone’s Watching (Cause They Might Be) (Heimdal Security) Most of my friends think I’m paranoid because of my security measures

VIDEO: What is a VPN, and why should you be using one? (Graham Cluley) WTF are you doing not running a VPN?

Pwn2Own: Day 2 and Event Wrap-Up (Trend Micro: Simply Security) The second and final day of the 2016 Pwn2Own competition wrapped up today

Design and Innovation

Secure, user-controlled data (MIT News) Cryptographic system would allow users to decide which applications access which aspects of their data

Academia

New academy will train the cyber security experts of the future (Wales Online) A new academy that will train the cyber security experts of the future will be launched in Newport today

Legislation, Policy, and Regulation

Beyond Back Doors: Recalibrating The Encryption Policy Debate (Dark Reading) Three compelling reasons why access to back doors should not be the intelligence and law enforcement community's main policy thrust in the fight against terrorism

How the ‘wonks’ of public policy and the ‘geeks’ of tech can get together (TechCrunch) Technology innovates and disrupts, while public policy regulates and controls — at least according to conventional wisdom

Why You Can't Ignore Privacy Shield (Dark Reading) Trans-Atlantic transfer of Europeans' personal data might not have concerned you in the past, but here are eight things you need to know now

The Snoopers’ Charter – a tipping point (Data Center Dynamics) The government’s Investigatory Powers Bill, or “The Snoopers’ Charter” as it’s been dubbed in the press, has sparked debate over the balance between privacy concerns and national security.

India Looks to Establish Itself as an Influential Geopolitical Voice in Cyberspace (Cyveillance) As leading global powers seek to have a hand in influencing Internet governance, India is slowly emerging as a potential key player and ally

DHS begins sharing cyber threat data with businesses (The Hill) The Department of Homeland Security (DHS) has begun sharing cyber threat data with federal agencies and private companies in accordance with a major cybersecurity bill passed last year

Investments in Cyber Command reflect evolving nature of threats (Federal News Radio) Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency, told a congressional subcommittee that increased investments in cybersecurity are a reflection of the world we live in and the evolving nature of cyber threats

House committee rejects Obama cyber proposal (The Hill) The House Budget Committee late Wednesday voted down an amendment that would have funded the White House’s proposal for a $3 billion technology modernization initiative

FTC warns app developers against using audio monitoring software (IDG via CSO) A dozen developers appear to have packaged TV tracking software into their products, the agency says

Navy's Information Warfare Officers Get New Job Title (Military.com) The Navy's information warfare experts are taking on a new name. As of this month, information warfare officers responsible for signals intelligence, cyber operations and electronic warfare ops will be known as cryptologic warfare officers

Why large parts of the internet have suddenly vanished for millions of users (Quartz) For the past six weeks or so, internet users in Syria, Cuba, and Iran have seen blank pages when they access websites hosted by Softlayer, IBM’s cloud infrastructure unit

Litigation, Investigation, and Law Enforcement

The FBI has a big ulterior motive in its fight against Apple (Quartz) When a public interest group wants to create new legal precedent, its first step is to find a client with sympathetic facts

Tim Cook to Time: 'I feel like I'm in this bad dream' (MacWorld) Before the Apple-FBI fight gets its first day in court, Tim Cook recaps the struggle in a new interview

Sen. Cotton: Apple’s Brand Is Not Worth America’s Safety (Time) Apple CEO Tim Cook recently explained his decision to refuse a court order to unlock the iPhone of a deceased ISIS terrorist

Gov’t accidentally publishes target of Lavabit probe: It’s Snowden (Ars Technica) No surprise, "Ed_snowden@lavabit.com" was what investigators were after

NSA: Fallout From Snowden Leaks Isn't Over, But Info Is Getting Old (NPR) The fallout from Edward Snowden's 2013 spying revelations is not over yet, according to Richard Ledgett, who ran the National Security Agency's investigation into Snowden's leaks

NSA denied Hillary’s 2009 request for secure smartphone (AP via New York Post) Newly released emails show that a 2009 request to issue a secure government smartphone to then-Secretary of State Hillary Clinton was denied by the National Security Agency

This is the phone NSA suggested Clinton use: A $4,750 Windows CE PDA (Ars Technica) SME PED devices were only NSA-approved mobile phones for classified communications

Exclusive: DOJ probes allegations that Tiversa lied to FTC about data breaches (Reuters) Federal agents are investigating whether cyber-security firm Tiversa gave the government falsified information about data breaches at companies that declined to purchase its data protection services, according to three people with direct knowledge of the inquiry

Fearing no punishment, Denver cops abuse crime databases for personal gain (Ars Technica) A nurse complained she got a phone call from an officer at a hospital crime scene

F5 ordered to compensate Radware on patent violation (GLOBES) The jury's unanimous verdict awarded Radware $6.4 million in damages, which could rise to $19.2 million

New York state man gets longest-ever sentence for supporting Islamic State (Reuters) A New York state resident was sentenced on Thursday to 22-1/2 years in prison for trying to recruit fighters to join Islamic State in Syria - the longest prison term handed out yet to an American convicted of supporting the militant group

May I Attack the Attacker? Limitations in Israeli Law on Counteroffensive Cybersecurity (Lexology) Organizations are constantly exposed to cyber-attacks

PlayStation thief busted after keeping it connected to victim’s Wi-Fi (Naked Security) A US man in Madison, Tennessee got home after a vacation last week and found his apartment had been ransacked

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS 2016 (Orlando, Florida, USA, March 12 - 19, 2016) It is time we unite, join forces, and show that if we work together, we can make a measurable difference in security. It is our pleasure to announce that SANS 2016 is back in Orlando, Florida March 12-21 ...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

CISO Summit France (Paris, France, March 22, 2016) A forum for innovative IT thought leaders across France. Despite economic instability in the euro zone amid an on-going global financial crisis, IT spending worldwide is expected to increase in the coming...

cybergamut Tech Tuesday: Providing Consistent Security Across Virtual and Physical Workloads (Elkridge, MD, Calverton, March 22, 2016) Data centers today are being tasked with many more requirements. This has been increasing as companies leverage server virtualization in new ways. This has made the data center a rich source of information...

Risk Management Summit (New York, New York, USA, March 22 - 23, 2016) The Business Insurance Risk Management Summit is a unique two-day conference serving the information and networking needs of senior risk managers, benefits managers and related decision makers from the...

Artificial Intelligence and Autonomous Robotics (Clingendael, the Netherlands, March 23 - 24, 2016) Artificial Intelligence (AI) has been a feature of science fiction writing for almost a century, but it is only in more recent years that the prospect of truly autonomous robotics — even those that...

International Consortium of Minority Cybersecurity Professionals (ICMCP) Inaugural National Conference (Washington, DC, USA, March 23 - 24, 2016) The conference will focus on the public, private and academic imperatives necessary to closing the growing underrepresentation of women and minorities in cybersecurity through diversification of the workforce.

Commonwealth Cybersecurity Forum 2016 (London, England, UK, March 23 - 24, 2016) The Commonwealth, built on consensus and mutual support, is an ideal platform to build international cooperation on various aspects of cybersecurity. CTO's Commonwealth Cybersecurity Forum brings together...

Black Hat Asia 2016 (Singapore, March 29, 2016) Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days — two...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Summit (Monterey, California, USA, March 29 - 30, 2016) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

TU-Automotive Cybersecurity USA 2016 (Novi, Michigan, USA, March 29 - 30, 2016) TU-Automotive Cybersecurity dissects the real issues behind the headlines, helping you to apply technology and best practices to deliver robust security defenses and processes within a more secure ecosystem.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting...

QuBit Conference (Prague, the Czech Republic, April 12 - 14, 2016) QuBit offers you a unique chance to attend 2 selected Mandiant training courses, taught by some of the most experienced cyber security professionals in the business

CISO Dallas (Dallas, Texas, USA, April 14, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility...

CSO 50 Conference and Awards (Litchfield Park, Arizona, USA, April 18 - 20, 2016) We at CSO, the award-winning media brand, will bring you speakers from up to 50 organizations with outstanding security prowess. Over 2 ½ days, these distinguished executives and technologists will share...

Creech AFB–AFCEA Las Vegas Cyber Security, IT & Tactical Tech Day (Indian Springs, Nevada, USA, April 19, 2016) The Armed Forces Communications & Electronics Association (AFCEA) Las Vegas Chapter, with support from the 432d Wing, will host the 4th Annual Cyber Security, IT & Tactical Technology Day at Creech AFB...

Amsterdam 2016 FIRST Technical Colloquium (Amsterdam, the Netherlands, April 19 - 20, 2016) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

Security & Counter Terror Expo 2016 (London, England, UK, April 19 - 20, 2016) Security & Counter Terror Expo (formerly Counter Terror Expo) is the event for any professional tasked with protecting assets, business, people and nations from terrorism. It brings over 9000 attendees...

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

AFCEA Defensive Cyber Operations Symposium (Baltimore, Maryland, USA, May 5 - 7, 2015) The U.S. Defense Information Systems Agency's new operational role in the cyber domain as network defender creates a formal relationship between DISA, U.S. Cyber Command and the command's military service...

2016 Akamai Government Forum: Safeguarding a Dynamic Government — End–to–End Security for your Agency (Washington, DC, USA, April 21, 2016) Today's public demands a high performance — and safe — web experience from government and public organizations. And public IT leaders require flawless web protection to securely meet that demand. Join...

Army SIGINT (Fort Meade, Maryland, USA, April 25, 2016) Approximately 500 attendees will come together to discuss future technologies in Signals Intelligence (SIGINT), focusing on applications for the actual users in the field (the soldiers). Most attendees...

CISO San Francisco (San Francisco, California, USA, April 26, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions...

CISO Houston (Houston, Texas, USA, April 28, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.