skip navigation

More signal. Less noise.

Daily briefing.

A new strain of lawful intercept spyware appears to be targeting Android devices. The manufacturer is not HackingTeam, however: it's instead thought to be a different Italian company. Attribution, however, remains circumstantial and preliminary.

Synack points out that the Mac version of music-identifying tool Shazam keeps recording when it's switched off. It just stops processing. Shazam says this is benign behavior, but that, out of sensitivity to user concerns, it will update its software in a few days.

The Carbanak cyber gang, known for attacks on banks, has turned its attention to the hospitality sector. Trustwave has a rundown on the criminal campaign, which still begins with social engineering.

The tally from the AdultFriendFinder breach creeps up, reaching a reported 412 million.

Lots of cyber hoods have been crowing on the dark web for some time about the Tesco fraud—the crowing seems to have started long before the incident was disclosed.

In industry news, Arlington Capital (advised by the Chertoff Group) assembles a new cyber security firm, Polaris Alpha, from EOIR, Intelligent Software Solutions, and Proteus Technologies.

Germany's new cyber security strategy appears to exhibit familiar tensions: calls for public-private partnership (but without clarity about how such might be realized), a commitment to widely available strong encryption (and to the ability of security and legal agencies to access communications in cases of need). In the US, lobbyists are already approaching the incoming Administration to advocate strong encryption and limits on surveillance.

A British teen cops to the TalkTalk hack.

Notes.

Today's issue includes events affecting Australia, China, Estonia, Georgia, Germany, Ireland, Italy, NATO/OTAN, Romania, Russia, United Kingdom, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland, as Jonathan Katz gives us a report on how cryptography can make us of photonic technology. Our guest is Steven Grossman from Bay Dynamics, who offers a timely discussion of insider threats. If you enjoy the podcast, please consider giving it an iTunes review.

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

Dateline Chesapeake Regional Tech Council's Commercial Cyber Forum—Insider Threat

Developing an Insider Threat Program: Risk Mitigation and Compliance (The CyberWire) Wednesday, November 30, 2016, marks the deadline by which affected contractors must comply with new US Government insider threat mitigation requirements

National Industrial Security Program Operating Manual (US Department of Defense) This Manual: a. Is issued in accordance with the National Industrial Security Program (NISP). It prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information

ISL 2016-02 (US Department of Defense) On May 18, 2016, the Department of Defense published Change 2 to DoD 5220.22-M, “National Industrial Security Operating Manual (NISPOM)”

Insider Threat Program (ITP) for Industry (Defense Security Service, Center for Development of Security Excellence) I heard that NISPOM Change 2 requires me to establish an Insider Threat Program. I don't know where to begin

Insider Threat Toolkit (Defense Security Service, Center for Development of Security Excellence) Do you have a question about how to do something or need more information about a topic? This toolkit will quickly point you to the resources you need to help you perform your role in the Insider Threat field

NISPOM Change 2 (Tanager) On May 18th 2016 DoD 5220.22-M, “National Industrial Security Operating Manual (NISPOM) Change 2 was released by the US Government

Cyber Attacks, Threats, and Vulnerabilities

Kryptowire Discovered Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent Or Disclosure (PRNewswire) Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent

Shhh! Shazam is always listening – even when it's been switched 'off' (Register) But it's totally benign, say developers

Malware Hunters Catch New Android Spyware For Governments In The Wild (Motherboard) A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team

Dangerous Android threat points to Italian spyware maker (Help Net Security) A piece of Android spyware recently analyzed by researchers with the RedNaga Security team seemed to be yet another Hacking Team spying tool but, according to more recent revelations, another Italian company is its likely source

Carbanak Attacks Shift to Hospitality Sector (Threatpost) The Carbanak cybercrime gang, best known for allegedly stealing $1 billion from financial institutions worldwide, have shifted strategy and are targeting the hospitality and restaurant industries with new techniques and malware

New Carbanak / Anunak Attack Methodology (Trustwave SpiderLabs Blog) In the last month Trustwave was engaged by two separate hospitality clients, and one restaurant chain for investigations by an unknown attacker or attackers. The modus operandi for all three investigations were very similar and appear to be a new Carbanak gang attack methodology, focused on the hospitality industry

Ransomware Threatens to Expose Child Pornography (Infosecurity Magazine) Security researchers have discovered a new ransomware variant designed to harvest social and comms data and scan for evidence of child exploitation and pirated content in a bid to guarantee payment of the ransom

Malspam distributing Troldesh ransomware (SANS Internet Storm Center) Earlier this week on Monday 2016-11-14, I found an example of malicious spam (malspam) distributing Troldesh ransomware. Troldesh (also called Filecoder or Shade) was initially reported in 2015

Meet PoisonTap, the $5 tool that ransacks password-protected computers (Ars Technica) The perils of leaving computers unattended is about to get worse

Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems (Threatpost) A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data

Ramnit Trojan Resurgence Now Complete as v2 Targets UK Banks (WebImprints) Ramnit’s revival is now complete as security researchers are starting to see more coordinated attacks spreading the banking trojan’s latest version, with the vast majority of targets being banks from the UK

Cyber criminals boast on dark web about Tesco Bank breach (IT Pro) Hackers knew about data thefts months before Tesco Bank reported the attack

Tesco was warned before hack – claim cyber security firms (Computer Business Review) Reports say dark web chats described the bank as a cash machine

Privacy stripped bare as hackers breach 412 million Adult Friend Finder accounts (Naked Security) S[*]x and dating website Adult Friend Finder Network has reportedly suffered one of the largest – and potentially compromising – data breaches in internet history

Adult Friend Finder Hack Will Lead to 'Domino Effect' (Newsweek) A major data breach to the “s[*]x and swingers” website Adult Friend Finder could trigger a series of follow-on hacks, security researchers have warned

The Web-Shaking Mirai Botnet Is Splintering—But Also Evolving (Wired) Over the last few weeks, a series of powerful hacker attacks powered by the malware known as Mirai have used botnets created of internet-connected devices to clobber targets ranging from the internet backbone company Dyn to the French internet service provider OVH. And just when it seemed that Mirai might be losing steam, new evidence shows that it’s still dangerous—and even evolving

Zscaler traffic analysis finds IoT devices misbehaving (SC Magazine) In a two-month analysis of Internet of Things device traffic that was picked up on its cloud service, network and Internet security company Zscaler identified various IoT connected devices that were exhibiting potentially dangerous behaviors

Akamai: Look for IoT devices to attack during Thanksgiving, Christmas (CSO) DDoS threats including the Mirai botnet will likely surge

Deloitte and MAPI Study: Connected Devices, Industrial Control Systems Expose Manufacturers to Cyber Threats (PRNewswire) Intellectual property theft tops manufacturers' concerns; new report identifies measures to control cyber risks associated with advanced manufacturing

Cybercriminals – Who They Are and What They Do (Tech Featured) Cybercriminals are clever, organized in gangs, well-funded, and very tech savvy. The goal of these criminals is can be explained in two words: make money

More mobile operators in West Africa are targets of SS7 attacks than any other African Region, AdaptiveMobile reveals (BusinessWire) AdaptiveMobile finds Location Tracking and Information Harvesting among top attack types

Security Patches, Mitigations, and Software Updates

With Firefox 50, Mozilla plugs many security holes (Help Net Security) Firefox 50 is out, and it includes security fixes for 3 critical, 12 high, 10 moderate, and 2 low severity issues, as well as many usability improvements

VMware Patches VM Escape Vulnerability (Threatpost) VMware quickly turned around a patch for a critical code execution flaw that was worth $150,000 to the researchers who found it

Microsoft won't provide extended support for Office 2007 products beyond October 2017 deadline (ZDNet) IT administrators take note: Microsoft's Office 2007/Exchange 2007 wave of client and server software is set to exit support in October 2017, and extended custom support agreements are going away

Cyber Trends

The 2017 Forcepoint Security Predictions Report and Webcasts are Here! (Forcepoint) Get advanced knowledge on the most challenging threats we predict for next year with the 2017 Forcepoint Security Predictions Report, which is available now!

Experts Say Internet 'Mega' Attacks Are on the Rise (Fortune) It could be a long 2017

Akamai Releases Third Quarter 2016 State of the Internet / Security Report (PRNewswire) Q3 report highlights a 138 percent YoY increase in total DDoS attacks greater than 100 Gbps with two record DDoS attacks caused by the Mirai Botnet. Web application attacks decreased by 18 percent YoY; 20 percent of all web application attacks in Q3 originated from the United States

Bitglass Report: Cloud Adoption Hits All-Time High; O365 and G Suite Now Deployed in 59 Percent of Organizations Worldwide (Broadway World) Bitglass, the Total Data Protection company, today released its 2016 Cloud Adoption Report, its third annual Cloud Adoption report, which examines the cloud applications used in more than 120,000 organizations around the globe

Mobile pros are addicted to Wi-Fi, connectivity impacts their choices (Help Net Security) iPass surveyed more than 1,700 mobile professionals worldwide about their connectivity habits and preferences, highlighting the ever-increasing influence of Wi-Fi on our daily lives

Ireland 'is in the firing line for a major cyber attack' - security expert (Independent) Dublin Info Sec 2016 conference gets underway

Marketplace

Arlington Capital merges three companies to create $250M government tech contractor (Washington Business Journal) Arlington Capital Partners is at it again

Report: Symantec May Be Close To Spending $2B For LifeLock, An Identity Theft Protection Service (CRN) Following its blockbuster Blue Coat Systems acquisition this summer, Symantec may be looking to make another big buy, according to Bloomberg. Published reports say the security vendor is close to buying LifeLock in a deal that could be worth as much as $2 billion

Threat intelligence firm Apvera raises $1.7Mn from ACP and Spring Seeds Capital (The Tech Portal) Singapore-based Apvera was founded to transform the way organizations detect, prevent and predict real-time behavioural threat anomalies. Given the ever-increasing scope and tenacity of targeted cyber-attacks on businesses, organizations, and governments, it is remodeling the security industry through the application of user and entity behavior analytics, bringing real-time endpoint profiling and anomaly detection leveraging advances in machine learning. It simply diverges from the widely-accepted concept that advanced threat protection alone will be an important aid against advanced threats

Siemplify Closes $10 Million Financing to Accelerate Market Leadership in Security Operations and Incident Response (BusinessWire) Capitalizing on increased demand, ThreatNexus revolutionizes security operations for enterprise and MSSP customers

MACH37 Portfolio Company Atomicorp Raises $1 Million in Seed Funding (IT Business Net) The MACH37 Cyber Accelerator is pleased to announce that Atomicorp, Inc., a developer of industry leading solutions for the protection and support of cloud servers and Internet of Things devices, has closed a $1 million seed investment round led by Blu Venture Investors

Two Accomplished Security Entrepreneurs Invest In RiskRecon (PRNewswire) RiskRecon, an industry forerunner in providing continuous, comprehensive and actionable measurements of third-party security performance, today announced that two highly regarded security and technology experts are investing in the company. Mickey Boodaei and Rakesh Loonkar, serial entrepreneurs and investors with a proven track record of investing in successful security start-up ventures, will provide funding to the emerging leader in third party risk management

BRIEF-Secunet Security Networks increases FY 2016 forecast (Reuters) Secunet Security Networks AG: Has increased its forecast for fiscal year 2016, owing to company's sustainably good business performance, driven particularly by increased demand for products in Sina family in present Q4

Why Shares of FireEye (FEYE) Rallied in the Last 10 Days? (Nasdaq) It has been over 10 days since FireEye Inc. FEYE reported third-quarter 2016 results. Following the release, the stock has been on the rise

Fortinet: Headwinds Will Calm in 2017, Says Morgan Stanley (Barron's) As mentioned this morning, Morgan Stanley’s Melissa Gorham raised her rating on shares of security technology vendor Fortinet (FTNT) to Overweight from Equal Weight, with a $39 price target, up from $33, writing that security remains a top priority for enterprises and is also “a bipartisan priority for governments"

Fortinet, Proofpoint, Barracuda Rise On Upbeat Analyst Views (Investor's Business Daily) Shares in Proofpoint (PFPT), Fortinet (FTNT) and Barracuda Networks (CUDA) rose Tuesday on positive analyst views of the software security sector

Cybersecurity skills “chasm” widening as Trend Micro joins rush to stake its claim (CSO) More Australian cybersecurity job applicants are unqualified than ever before, ISACA figures show

IBM opens new Cambridge, MA security headquarters with massive cyber range (TechCrunch) It was a big day today for IBM today as it opened its shiny new security headquarters in Kendall Square in Cambridge, MA, complete with what the company is calling the first commercial cyber range

Unisys to add 400 new jobs as renovations near completion (WRDW) The IT Company supporting our military is getting ready to put hundreds more people to work. Unisys moved into its new home on Augusta's Riverwalk in February

Skyhigh Networks Recognized as a ‘Leader’ in Cloud Security Gateways by Independent Research Firm (BusinessWire) New report evaluates the Cloud Security Gateway/Cloud Access Security Broker market, citing Skyhigh’s “extensive application support”

eSentire Ranked Number 288 Fastest Growing Company in North America on Deloitte’s 2016 Technology Fast 500™ (eSentire) Attributes revenue growth to accelerated mid-market service demand

eSentire Named one of Deloitte’s Technology Fast 50™ Companies (eSentire) Back to back list ranking validates continued growth and cybersecurity fortes in the Canadian technology sector

Cyber security consultancy firm Dark Matter to expand operations (Gulf News) The company aims to become a major global player

LightCyber Forms Advisory Board of Security Industry Experts (BusinessWire) Former Deputy Director of FBI, SANS analyst and instructor and financial fraud tech executive join to advise company on market opportunities and directions

Products, Services, and Solutions

Best free antivirus software 2016/2017: protect your PCs and laptops (and Android devices) for free (PC Advisor) Here are the best free antivirus programs from companies you probably didn't even know offered security software for free

ThreatQuotient Delivers First Threat Intelligence Platform (TIP) for Threat Operations and Management (ThreatQuotient) ThreatQ v2 empowers security professionals with an open and extensible platform for threat intelligence customization, automation and integration

Versasec, DigiCert Establish Formal Working Relationship (Verasec) Government, manufacturing, healthcare and other joint customers requiring advanced authentication solutions to see significant benefits

Elbit Systems' Subsidiary, Cyberbit, Selected by Samsung SDS to Provide Advanced Cyber Security Solutions (PRNewswire) Cyberbit's SCADAShield solution will be delivered by Samsung SDS to protect its customers' industrial control networks

Cybric helps developers build more secure applications automatically (TechCrunch) These days, application development happens at increasing velocity, and security can be a victim of that speed. Cybric wants to address that issue that by providing an automated security check every time you update the build

TAG Unveils Anti-Malware Certification For Online Ad Industry (Dark Reading) As the ad industry continues its fight against malware, the Trustworthy Accountability Group launches a threat-sharing hub to provide intelligence on attacks

ImageWare Debuts First Ever Multimodal Biometric Authentication Solution for the Microsoft Ecosystem—GoVerifyID® Enterprise Suite (Imageware Systems) Cloud-based solution seamlessly integrates and is backward compatible with Windows 7, 8 and 10

Gemalto advances secure communications for Financial Services industry with Symphony Platform Integration (Gemalto) Gemalto SafeNet HSM delivers highest level of digital trust to secure sensitive communications through the Symphony platform

Ixia Delivers First Multi-Terabit Network Security Test Platform for Hyperscale Data Centers (Ixia) New CloudStorm evaluates reliability, security, and quality of experience at cloud scale

Extending Our Leading Data Protection with Secure, Resilient Gateway-delivered Structured Data Encryption (Netskope) We are pleased to announce that we are extending our industry-leading cloud data protection in the Netskope Active Platform by enhancing our structured data encryption delivered native in the application to also be delivered in a “gateway” model by our cloud access security broker (CASB), for both data at rest and en route to a variety of cloud services

VIPRE® Endpoint Security 9.5 Adds Cloud Services to Strengthen Malware Defense and Simplify Management (ThreatTrack) VIPRE combines cloud-based malware defenses and management services to make it even easier for businesses to deploy the industry’s top-rated endpoint security solution

Cyberbit Launches Channel Program to Create a Profitable Opportunity to Solve Customers' Most Critical Cyberthreats (Yahoo! Finance) Cyberbit, whose cybersecurity solutions protect the world's most sensitive systems, today announced the launch of its Channel Program for North American Partners: MSSPs, VARs, distributors and consultants, who play a critical role in helping companies defend themselves against evolving cyberthreats. The Cyberbit Channel Program will deliver enhanced margins to partners, by providing Cyberbit's suite of solutions, addressing today's most complex cyber security problems for customers

Comodo Launches New Full-lifecycle Digital Certificate Management Platform (PRNewswire) Comodo Certificate Manager automatically discovers all internal and external SSL/TLS certificates in the enterprise and organizes them into one central inventory to simplify SSL/PKI tracking and management

Privatoria Ensures Privacy for Web Users, Preventing Identity Tracking and Hacking (Hacked) With Internet privacy increasingly under attack, web users have to consider ways to ensure they won’t fall victim to a breach or have their online activity exposed to unwanted external parties

Alcatel-Lucent Enterprise Solution Brings Next-Gen UC&C to SMBs Through Simplified Hybrid Cloud Model (Technuter) ALE, operating under the Alcatel-Lucent Enterprise brand, today introduced a new generation of small-medium business (SMB) solutions providing access to advanced cloud services. These new solutions ‘make IT simple’ for SMBs to use and for the channel partners serving them

Lookout Expands Personal Security Offering with Launch of Breach Report and Identity Protection (PRNewswire) Over a third of Americans have had their identity stolen, according to Lookout research

ESET leading the way in anti-malware, report finds (Security Brief) ESET is enjoying a landmark score in the latest Home Anti-Malware Protection test from SE Labs, earing a AAA grade for the ESET Smart Security 9 offering, which garnered a 100% protection score

Avast App Triage Program Hunts for Bugs, Secures Your Apps for Free (PRNewswire) Amid high enterprise demand for mobile apps, Avast's App Triage Program provides a free security assessment on both the front-end and back-end of mobile apps, ensuring vulnerabilities are caught and corrected

New Cybersecurity Password Protection System Launches for Consumers & Businesses (PRNewswire) PasswordWrench™ launches the only truly secure password protector

Improved Cyber Hygiene, Topological Risk Reporting, and Agent Capabilities Now Included in AristotleInsight® (PRNewswire) Sergeant Laboratories is pleased to announce several new features in their core product, AristotleInsight®. AristotleInsight® is a Big Data Security Analytics Platform that implements Sergeant Laboratories' proprietary UDAPE™ Cyber Intelligence Service

Avnet Unveils Managed Security Offering To Help Partners Protect SMB, Midmarket Customers (CRN) Avnet launched a managed security service aimed at boosting partner margins and making solution providers stickier with end users in the health-care and retail verticals

Israeli Tech Last Line of Defense for Power Plant Cyber Attacks (Bloomberg) In Ocean’s Eleven, George Clooney’s gang inserts a recording into a casino security camera system so the guard sees only a video loop from the day before, camouflaging a heist from the safe

Malwarebytes 3.0 will finally replace your traditional antivirus (Neowin) Malwarebytes is a high performance anti-malware application that thoroughly removes even the most advanced malware and spyware

Brocade Ruckus’ Cloudpath launched to ease enterprise-grade security deployment (Voice & Data) NASDAQ-listed network security company Brocade has launched Ruckus Cloudpath ES 5.0 software. This new release by Brocade is expected to build on previous BYOD onboarding capabilities to create a complete integrated security and policy management platform. Cloudpath ES 5.0 software enables IT organizations of any size to easily establish secure, policy-based access for wired and wireless devices

Technologies, Techniques, and Standards

Root of Trust Definitions and Requirements (GlobalPlatform Security Task Force) The aim of this document is to provide definitions and requirements for the trusted computing concept of Root of Trust in the context of GlobalPlatform. The document then proceeds to relate these definitions to existing GlobalPlatform technologies, enabling third parties to better understand those technologies in trusted computing terms

How To Protect Yourself From The Malware Grinch That Wants To Steal Your Christmas (Forbes) The National Retail Federation predicts that 56.5% of American consumers will shop online this holiday season and Adobe predicts they will spend over $90 billion. Online retailers are getting ready to feast. So are online criminals

Will the Office Thermostat be the Achilles of the Internet of Things (IoT) Security Issues? (CSO) September 13, 2016 marked one of the largest attacks the Internet has ever seen. Analysis of the event showed that traffic was approximately 620 Gigabits per second. That volume far exceeds what can knock regular websites offline

Design and Innovation

If hackers cause a blackout, what happens next? (Christian Science Monitor Passcode) An effort is underway to map potential fallout from damaging cyberattacks on US critical infrastructure to aid first responders in the case of a major assault

How IBM's Watson will change cybersecurity (InfoWorld) IBM ventures into cognitive security, where AI systems learn to understand infosec terms and concepts well enough to reduce detection and response time

Academia

This Tandon Scholarship Wants You to Hack It Up (NYU News) To encourage NYU students to enter the world of cyber security, Tandon created a scholarship

Romania, the 2nd in the European Cyber Security Challenge (Act Media) Romania ranked 2nd in the European Cyber Security Challenge, which was organized in Dusseldorf, Germany, in the period 7-11 November 2016, according to the Romanian National Computer Security Incident Response Team (CERT-RO)

Legislation, Policy, and Regulation

Cybersicherheitsstrategie der Regierung: Widersprüchliche Verschlüsselungsdiskussion geht weiter (Netzpolitik) Eine neue Cybersicherheitsstrategie der Bundesregierung ist da. Unternehmen und Staat sollen bei der IT-Sicherheit zusammenarbeiten, die Bevölkerung soll weg von der „digitalen Sorglosigkeit“ und sichere Verschlüsselung nutzen. Sicherheitsbehörden sollen die wiederum knacken können. Ein Widerspruch, der sich nicht auflösen lässt

US Transparency Regarding International Law in Cyberspace (Just Security) Last Thursday, State Department Legal Adviser Brian Egan, delivered an important speech at Berkeley Law School on the relationship between international law and cyber activities

NSA Chief: ‘Uneven’ Cooperation Between Public, Private Sectors Impedes Cyber Defenses (Wall Street Journal) The head of the U.S. National Security Agency said “uneven” cooperation between the government and private sector has hampered the fight against a “literal onslaught” of cyber attacks from criminal and state-supported hackers

NSA Director asks American CEOs to prioritize cybersecurity (FedScoop) The NSA director’s public appearance is the first since President-elect Donald Trump bested his Democratic challenger Hillary Clinton

Lobbyists Press Trump to Support Strong Encryption, Surveillance Reform (Threatpost) A lobbying organization that includes some of the Internet’s most valuable entities made a plea to President-Elect Donald Trump to support the expansion of strong encryption and reform government surveillance activities

Cybercrime and the War on Digital Free Speech (Gregory Evans) The internet is increasingly a target for those who want to silence speech. An Oct. 21 cyberattack rendered social media sites like Twitter and Reddit and news sites like Fox News and CNN inaccessible to millions of users

Internet Of Things 'Pollutants' & The Case For A Cyber EPA (Dark Reading) Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?

Litigation, Investigation, and Law Enforcement

Teenage hacker admits £42m cyber attack on TalkTalk which affected 160,000 customers (Daily Record) The 17-year-old told his friend he was 'going to be f*****' and had done enough to go to prison on the day of the offence in October last year

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

Upcoming Events

Versus16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...

Commercial Cyber Forum: Insider Threat (Odenton, Maryland, USA, November 15, 2016) Please join us for a panelist discussion with insider threat experts on upcoming Federal rules, key elements of an insider threat program and privacy, due process, and human resource requirements.

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions ...

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...

CyberCon 2016 (Washington, DC, USA, November 16, 2016) CyberCon 2016 is the forum for dialogue on strategy and innovation to secure civilian and defense networks, as well as private-sector networks that hold their sensitive data. Cybersecurity will be the...

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

AlienVault USM Webcast (Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.