skip navigation

More signal. Less noise.

Daily briefing.

As TeslaCrypt is retired, and superseded for the most part by CryptXXX, other strains of ransomware continue to circulate. CYBER.POLICE, puerile screen presentation and all, remains a problem for Android devices. More criminals are making use of a combined ransomware and DDoS attack. KnowBe4, Invincea, and FireEye are tracking this development, which strikes many observers as the new normal: such attacks are inexpensive to mount and promise a good payoff.

Paying ransom loses some of its meretricious luster. Kansas Heart Hospital, following the example of Hollywood Presbyterian, did pay recently, only to find that its attackers reneged on their promise to decrypt files. The criminals decrypted only a fraction of the affected files, then demanded additional payments. That was enough for Kansas Heart—they’re no longer paying.

Rogue hardware devices turn up in the wild: the US FBI warns against keyloggers disguised as USB charging devices.

Microsoft’s Azure Active Directory now blocks weak passwords that have shown up in breaches. (Like, the Register notes, “M!cr0$0ft.”)

In industry news, the next major security IPO is rumored to be Blue Coat, which could move as early as next week. And investors continue to look for buying opportunities in established companies.

In the crypto wars, some in law enforcement are coming around to the view, prevalent in the US IC, at least, that hacking, not backdoors, are the way to access systems. (Law enforcement adds “undercover work.”)

In the UK, the “snooper’s charter” will be subjected to a review before it clears Parliament.

Notes.

Today's issue includes events affecting Australia, Belgium, European Union, Iraq, Switzerland, Syria, United Arab Emirates, United Kingdom, United States.

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Markus Rauschecker, who'll consider whether Congress and the FCC are actually taking a hands-off approach to regulating the Internet-of-things. (If you feel so inclined, please give us an iTunes review.)

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Experienced government officials, general counsels, and cybersecurity practitioners offer insight into governance, preparedness, and resilience. Register Today, CyberWire readers receive a $100 DISCOUNT using code WIRE16.

Cyber Attacks, Threats, and Vulnerabilities

CYBER.POLICE Android Ransomware still on patrol… (Malwarebytes) Over the weekend we saw the following rogue Android APK being downloaded to mobile devices via a rogue advert. It claims to be an “Adult Player”, but is really a piece of Ransomware bearing the name “CYBER.POLICE” which has been doing the rounds for a while now

Bad guys jump ship to CryptXXX after TeslaCrypt authors release decryption key (SC Magazine) Cyber crooks look to capitalize on CryptXXX after the fall of TeslaCrypt. After TeslaCrypt's authors publicly released the ransomware's master decryption key last week, Trend Micro researchers spotted cyber crooks jumping to CryptXXX

Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS (Dark Reading) Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice

KnowBe4 CyberAlert: Double-Barrel Ransomware and DDos Attack in-one (PRWeb) Criminal developers have created a new evil way to monetize their operations by adding a DDoS component to ransomware payloads

Kansas Heart Hospital hit with ransomware, doesn't get its files decrypted after paying up (TechSpot) Yet another hospital has been hit with a ransomware attack. The target this time around was Kansas Heart Hospital in Wichita. But unlike other recent attacks, the hackers didn’t fully keep up their end of the deal after receiving their ransom, only partially restoring access to files and demanding more money to decrypt the remaining data

Consumers have no idea what ransomware is (Help Net Security) A new study reveals almost half (43%) of connected consumers today do not know what ransomware is, despite the recent aggressive spread of this type of cyber threat. In addition, a similar amount (44%) confessed that they did not know what data or information could be stolen in a ransomware attack

FBI warns about keyloggers disguised as USB device chargers (Help Net Security) A private industry notification issued by the FBI in late April may indicate that keyloggers disguised as USB device chargers have been fund being used in the wild

WPAD name collision bug opens door for MitM attackers (Help Net Security) A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to mount MitM attacks from anywhere on the Internet, US-CERT warns

5 active mobile threats spoofing enterprise apps (CSO) Common apps spoofed to trick users into downloading malware

Who’s tracking you online, and how? (Help Net Security) Armed with a tool that mimics a consumer browser but is actually bent on discovering all the ways websites are tracking visitors, Princeton University researchers have discovered several device fingerprinting techniques never before seen in the wild

Over 2,500 Twitter accounts hacked and linked to adult websites: Symantec (Times of India) More than 2,500 Twitter accounts have been compromised to tweet links to adult dating and sex websites, global cyber security leader Symantec said on Tuesday

​Why reusing your passwords is riskier than ever (CBS News) Do you use the same password for two, three, maybe dozens of websites?

Outdated systems placing maritime vessels at risk of cyber-attack, study suggests (Hellenic Shipping News) Vessels are under significant threat of cyber-attack because many are carrying outdated software and were not designed with cyber security in mind, according to new research

The Growing Threat of Cyber-Attacks on Critical Infrastructure (Huffpost Business) Despite the fact that cyber-attacks occur with greater frequency and intensity around the world, many either go unreported or are under-reported, leaving the public with a false sense of security about the threat they pose and the lives and property they impact

CNBC gets swift boot by money transfer group Swift (CNBC) A camera operator working for CNBC on Tuesday was ejected from a financial conference in Brussels before a speech on cybersecurity by the CEO of the group that runs the electronic financial messaging program that knits together the global financial system

Security Patches, Mitigations, and Software Updates

Microsoft bans common passwords that appear in breach lists (Register) Azure Active Directory no longer allows the likes of 'M!cr0$0ft' to gain entry

Microsoft criticised over 'deceitful' and 'nasty' Windows 10 upgrade (Independent) Microsoft have now labelled the update as 'recommended'

Cyber Trends

By the numbers: Cyber attack costs compared (CSO) Not all cyber attacks are created equal

4 Signs Security Craves More Collaboration (Dark Reading) New Intel Security report finds that companies look to work together across departmental lines to remediate security incidents

What Silicon Valley can do about cyber threats (Tech Crunch) Cyber security continues to infiltrate our daily news feeds and make headlines on a regular basis

Reputation damage and brand integrity: Top reasons for protecting data (Help Net Security) Vormetric announced the results of the European Edition of the 2016 Vormetric Data Threat Report. It focuses on responses from IT security leaders in European organisations, which detail IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances

Consumer password authentication dissatisfaction reaches tipping point (Biometric Update) Over half of consumers in the US and UK would prefer to get rid of their usernames and passwords altogether, and instead use biometrics and other modern authentication methods, according to survey results released by customer identity management company Gigya on Tuesday

Death of the Password (Gigya) Consumers now expect more trusted and personalized experiences in exchange for their personal information, but businesses are struggling to protect user privacy in light of growing global security and privacy concerns. Since tolerance is diminishing for username and password processes, today’s businesses must find new ways to secure users’ data while delivering better customer experiences

Most Swiss firms unprepared for cyberattacks (SwissInfo) More than half of Swiss firms are unprepared for cyberattacks on their networks as the so-called “Internet of Things” becomes a reality, a study has shown. Meanwhile, new information has come to light in the recent hack of the RUAG defence firm

Marketplace

A software company could be the next big step in the IPO market's comeback (Business Insider) Blue Coat Systems, the security-software company taken private six years ago, is close to kicking off an initial public offering, according to people familiar with the matter

HPE to spin out its huge services business, merge it with CSC (CIO) The tax-free deal will create a new company with $26 billion in annual revenue

3 Reasons Barracuda Networks, Inc. Stock Could Rise (Motley Fool) The growth of Office 365, a successful turnaround, or outright sale could reward shareholders

Cloud Security Solutions Drive Akamai’s Revenue (Market Realist) Akamai Technologies (AKAM) is a global leader in the content delivery network (or CDN) and has a market capitalization of $8.7 billion

Palo Alto Networks: Well Positioned In The Changing Cybersecurity Industry (Seeking Alpha) Palo Alto Networks' highly integrated approach will likely push the company to new heights in the changing cybersecurity realm. PANW's rapid increase in individual customer value and overall customer count is indicative of the company's growing brand appeal. While Palo Alto Networks is in a great position, the company is facing a growing number of competitive risks from peers such as Fortinet

Can Splunk, Inc. Keep Its Earnings Streak Alive? (Motley Fool) The operational intelligence company has beat expectations for five straight quarters

Digital Shadows at Level 39 hopes to continue its rapid expansion (Wharf) The IT security firm in Canary Wharf is keen to develop the technology it has to help companies defend themselves against cyber attacks

Navy official sounds alarm on cyber workforce shortage (FCW) The Navy is fighting a losing battle trying to keep cyber specialists in its workforce, according to Deputy CIO Janice Haith

GuidePoint Security Hires Former FireMon Executive, Brandy Peterson, as Principal of Technology Integration (BusinessWire) GuidePoint welcomes Brandy Peterson as new Principal to head up Engineering Unit

Apple rehires prominent security pro as encryption fight boils (Reuters) Apple Inc (AAPL.O), which has resisted pressure from U.S. law enforcement to unlock encrypted iPhones, this month rehired a top expert in practical cryptography to bring more powerful security features to a wide range of consumer products

Products, Services, and Solutions

(ISC)2 Partners with PivotPoint on Risk Assessment (Infosecurity Magazine) There is much talk about why CISOs need to translate cybersecurity into business terms rather than technical terms in order to get a seat at the board table. But no one has provided an answer as to how

CrowdStrike Advances Next-Generation Antivirus with Extended Ransomware Prevention as Part of Falcon Platform Spring Release (CrowdStrike) CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced enhanced next-generation antivirus (AV) capabilities to its CrowdStrike Falcon™ Platform to help customers identify and block popular ransomware families such as Locky, Cerber and Teerac, among others

CrowdStrike Launches Open Source Falcon Orchestrator With Spring Platform Release (CrowdStrike) Offers extendable enhanced workflow automation and executing real-time security forensics and remediation actions

CrowdStrike Launches Falcon Connect With Expanded APIs as Part of Spring Platform Release (CrowdStrike) Allows customer and partner enhanced use and integration of CrowdStrike Falcon™ platform

AppSense Announces Endpoint Security Suite for Simplified Configuration of Defenses against Ransomware and Malware (RealWire) AppSense, the leading provider of User Environment Management solutions for the secure endpoint, today announced at the annual Citrix Synergy Conference its Endpoint Security Suite with enhanced features for the prevention of Ransomware and Malware attacks. The solution combines new AppSense Application Manager application and privilege control with AppSense Insight for analysis of user activity and security privilege

Fast Lane Canada Announces Global IT Security Training Partnership with NotSoSecure (rushPRnews) Fast Lane Canada is proud to announce that they have been selected as the Global Authorized Training Partner for world-recognized IT security firm, NotSoSecure

DiData adds more cloud security capabilities (ITWeb) Rapid adoption of cloud applications means that the organisation needs to have tighter controls in the cloud, says DiData

AdaptiveMobile Now Protecting Mobile Networks against SS7 Threats on Three Continents (BusinessWIre) Company expands global Threat Intelligence Unit to handle increase in customer demand for SS7 Protection

The next wave of smart Data Loss Prevention solutions (Help Net Security) Data Loss Prevention has evolved beautifully in the last few years. The measure of control that DLP now provides is extremely powerful, and helps organizations from all sectors and of all sizes minimize the risk of data theft and loss, and protect their intellectual property as well as other type of sensitive data

5 unified threat management products to simplify your cyber security (Computer Business Review) Customers increasingly want solutions that combine different security capabilities

The Best Anti-Virus (PC Gamer) Nobody wants to pay for antivirus software, particularly savvy PC users who know that the best protection is still to practice smart computing habits. You are your best line of defense and if you avoid shady websites, use different passwords for each online account, and avoid clicking on links in email and instant messages, you might be fine to roll without protection. Then again, you might not be

Centrify launches new Developer Program to help developers simplify secure access (CSO) Centrify Developer Program makes identity and security available via APIs, so developers can use the features they need, with the look and feel they require

Gemalto Wins 2016 Cybersecurity Excellence Award for Best Multi-Factor Authentication Solution (Globe Newswire) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, announces that it has been named a winner in the 2016 Cybersecurity Excellence Awards. Gemalto's SafeNet Authentication Service was voted best Multi-Factor Authentication Service by the 300,000 member LinkedIn Information Security Community

Deloitte highlights blockchain’s core banking potential with Temenos and Ripple (IBS Intelligence) Deloitte has been showing off the core banking potential of blockchain by integrating it with Temenos’ T24 platform

SECUDE Announces Latest Version of Halocore, an SAP Data Protection Solution (MarketWired) Halocore helps SAP users ensure data security and prevention of data loss

Guidance Software Introduces EnCase Forensic 8 and New Tableau Forensic Products (BusinessWire) New and enhanced features bring greater efficiency and accuracy to investigations

Technologies, Techniques, and Standards

Ads are for humans, not bots, say advertisers (Naked Security) Someday this may change… but, in 2016, when advertisers pay for online advertising, they still want actual humans to see those ads. Not bots. Or, as the Trustworthy Accountability Group (TAG) puts it

Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program (IBM Security Intelligence) From the latest agile development tools to innovative delivery platforms such as containers, DevOps is changing how people and businesses work

Threat Intelligence - The Answer to Threats or Another Fad? (Infosecuriy Magazine) The threat landscape has been dynamic and ever changing, and the growth and rapid advancement in cyber-attacks against enterprises and individuals have rendered traditional cyber-security measures virtually obsolete

Actionable threat intelligence: Key to comprehensive security in the healthcare industry (Healthcare Innovation) Advances in healthcare technology across the world and in Asia-Pacific have resulted in improved patient care, more accurate diagnostics, faster turnaround times, and a host of other benefit

Studies Offer Insight Into Third-Party Risks, Security Best Practices (eWeek) This past week, a pair of separate research reports were released highlighting two different, yet complementary areas of security

Do we need vendor allies in the malware arms race? (Computerworld) The complexity of today’s SOC functions means you probably can’t hire and keep a staff with all the necessary training

Five myths about Web security (Datacenter Dynamics) Almost 3 terabytes of data stolen in the Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications, including its Client Information Portal. Actually, few hacking groups would spend money on expensive zero-days and complicated APTs, when the information can be easily stolen via insecure web applications. Moreover, even if your corporate website doesn’t contain a single byte of sensitive data, it’s still a perfect foothold to get into your corporate network

Here's proof your cybersecurity efforts might totally fail (HousingWIre) We can't stress it enough

A locked door beats the best alarm (re/code) What good is an alarm if it only goes off after a robber has broken into your house and stolen your stuff?

12 Tips to Convince Users Their IoT System Is Secure (Engineering) “The Internet of Things is only as strong as its weakest link,” cautions Adam Fingersh of Experian, a global information services company

Army to test cyber toolkit (C4ISR & Networks) The Army is about to enter pilot testing on a new software system to help commanders in the field respond more nimbly to rapid variations in cyber threats

Design and Innovation

Driving up Cost and Complexity for Adversaries (Recorded Future) What drives interest in threat intelligence in your community? The bad guys!

Can Google replace passwords by tracking you more thoroughly? (Naked Security) We’ve written many times about the latest and greatest new technology that says it will supplant the password

The Problem with Analytics (Beta News) There is a difference between knowledge and understanding. Knowledge typically comes down to knowing facts while understanding is the application of knowledge to the mastery of systems. You can know a lot while understanding very little

Research and Development

NAVAIR wants to build cyber resiliency into weapons systems (GCN) Recognizing the complexity of securing its weapons systems, the Naval Air Systems Command issued a broad agency announcement for research and development to support in technologies to make its systems more resilient to cyber warfare in an environment of connectivity

SailPoint Awarded Patent for Identity-as-a-Service Technology (BusinessWire) Patented technology maintains ‘zero knowledge’ of administrative credentials in cloud-based identity deployments

US Department of Homeland Security Science and Technology Directorate Awards Machine-to-Machine Intelligence Internet of Things Security Contract (PR Rocket) M2Mi to develop open source security and encryption suite based on NSA cryptography for IoT devices and platforms addressing #1 IoT challenge

Academia

Raytheon Partners with AU Kogod Cybersecurity Governance Center (Washington Executive) Raytheon Company announced May 19 that the company is partnering with American University’s Kogod Cybersecurity Governance Center to promote good governance in the preparation for, prevention and detection of, and response to cybersecurity breaches in cybersecurity research and education

Walsh College Opens Cyber Lab To Advance Student Progress In Cyber Defense And Information Technology (PRNewswire) Walsh College has created a custom learning space for training future cybersecurity professionals that offers realistic, hands-on opportunities to experience the physical security countermeasures faced in information technology environments

Legislation, Policy, and Regulation

UK surveillance bill’s controversial bulk powers to be reviewed (TechCrunch) The UK government has agreed to an independent review of so called “bulk collection” — aka mass surveillance — powers in proposed new surveillance legislation, one of the most controversial elements of the Investigatory Powers bill which is currently before parliament. It’s aiming to get the bill onto the statute books before the end of this year

Stop Saying We’re Dropping ‘Cyber Bombs’ On ISIS (Defense One) It is better to see cyber operations for what they are: changing spreadsheets, intercepting email, jamming comms, and a lot of deception

Here's how the US military is beating hackers at their own game (Tech Insider) There's an unseen world war that has been fought for years with no clear battle lines, few rules of engagement, and no end in sight

House passes policy bill for intelligence agencies (The Hill) The House easily passed legislation on Tuesday to authorize intelligence agency activities for the next year with provisions to prevent officials from manipulating reports on combating terrorism

Spymaster: Pentagon Needs Encryption to Defend Secrets (US News and World Report) Government needs strong encryption as the threat of data theft increases, says former head of CIA, NSA

Obama promised transparency. But his administration is one of the most secretive (Washington Post) Some things just aren’t cool. One of those, according to our no-drama president, is ignorance

Department of Defense opening new office in Cambridge (AP via Gazette) The Department of Defense is hoping to tap into the East Coast's cutting-edge technology by opening a new office in Cambridge

GSA May Offer Bug Bounty Program For Federal Agencies (Dark Reading) Researchers will be eligible for bounties of up to $3,500 for discovering bugs in federal agency systems

Litigation, Investigation, and Law Enforcement

Pressure Mounts on FBI To Reveal Tor Browser Exploit (Motherboard) Things are only getting more complicated for the FBI around its investigation into dark web child porn site Playpen

More hacking and undercover work: Police chiefs answer to strong encryption row (ZDNet) International police and cybersecurity agencies tackle the row over strong encryption -- but their answer is likely to cause almost as many headaches as government-ordered backdoors

Industry reactions to the EU General Data Protection Regulation (Help Net Security) As of today, businesses have just two years to become compliant to the EU General Data Protection Regulation (GDPR) or risk major fines. Businesses will need to take adequate measures to ensure the security of personal data, actively demonstrating that they comply with the GDPR and implement “privacy by design"

Man hacks highway sign to read “Drive Crazy Yall” (Naked Security) A Texas man has admitted to guessing at what must have been a forehead-slapper of an easy login for a highway sign, changing what should have been a “construction ahead” warning to “Drive Crazy Yall”

Facebook party invitation leads to teens barricaded in bedroom (Naked Security) A brother, believed to be 17, and his younger sister barricaded themselves into a bedroom along with some guests in a Melbourne suburb after a Facebook party invitation drew gatecrashers battering down the door to get in

Teen pleads not guilty to threat against military personnel (Fox News) A Pennsylvania teenager accused earlier of trying to assist the Islamic State group has pleaded not guilty to accusations he tweeted out the names and addresses of military personnel with threats of violence

Reports: Emirati teen convicted for joining IS in Syria (AP) State media in the UAE are reporting that an Emirati teenager who joined the Islamic State group in Syria and fought there has been sentenced to five years in priso

Facebook Facing Lawsuit for Scanning Users’ Private Messages for Likes (HackRead) According to reports, Facebook historically scanned private text messages of its users for identifying links to websites and treated them as Likes. We do know that Facebook often finds itself in hot water over its observation of user privacy but this time, the matter is far worse than what we may have presumed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems...

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth...

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC.

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity...

MCRCon 2016: Some Assembly Required (Ypsilanti, Michigan, USA, May 10, 2016) The annual conference focuses on hacking prevention, incident handling, forensics and post-event public relations, with presentations delivered by nationally-recognized experts, cybersecurity skills competitions,...

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role...

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research,...

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind...

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first...

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they...

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and...

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture...

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's...

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency...

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense,...

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle...

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more...

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.