skip navigation

More signal. Less noise.

Daily briefing.

News that Czech authorities arrested a Russian national on charges related to hacking US targets was widely but incorrectly seen as marking the opening shot in the much-anticipated American response to Russia's recent cyber offensive. In fact the crimes alleged in the arrest have to do with 2012's LinkedIn hack. Credentials stolen in that incident could have been used in subsequent compromises, but that remains a matter of speculation. In any case, the gentleman now facing extradition proceedings in a Prague court isn't exactly Fancy Bear.

Observers think some set of stiff sanctions the likeliest form of US response to Russian election hacking. That hacking is thought unlikely in the extreme to directly control results of voting in November—the voting system is too disparate to make this likely—but analysts see two potential problem areas: disruptive "chaos" on Election Day itself (possibly produced by affecting the AP's poll-tracking and result projection service) and a general erosion of citizens' confidence in the US political system.

Ransomware and IoT botnet-driven DDoS remain the most widespread forms of cybercrime globally. (BankInfo Security's scorecard shows more than 200 ransomware strains now in circulation.) Standards bodies and regulators are working to evolve modes of defense and design, with US financial regulators in particular are promising new guidelines. The proliferation of Mirai source code continues to drive formation of Internet-of-things botnets. KrebsOnSecurity is tracking some firms it believes occupy some demi-monde between legitimate domain registrars and DDoS enablers.

Verizon's acquisition of Yahoo! remains in doubt.

Notes.

Today's issue includes events affecting Belgium, Canada, Czech Republic, European Union, France, Japan, Indonesia, Romania, Russia, Singapore, Syria, United States.

A note to our readers: We are of course at CyberMaryland, meeting this year at the Hilton Baltimore, across the street from Camden Yards in Baltimore's Inner Harbor. Watch for live coverage, podcasting, and a full report in upcoming issues.

Also, it's the third week of National Cyber Security Awareness Month. This week's theme is "Recognizing and Combating Cyber Crime."

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today our partners from Ben Gurion University are represented by Ran Yahalom, who discusses the "Bad USB" vulnerabilities. And since we'll be podcasting from CyberMaryland, we'll be catching various experts, influencers, and passersby as our guests. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Dateline CyberMaryland

CyberMaryland Conference kicks off Thursday (Baltimore Sun) CyberMaryland, a two-day conference that has become a staple for the state's cyber security industry, kicks off Thursday at the Baltimore Hilton Hotel

National Cyber Security Hall of Fame Announces 2016 Inductees (PRNewswire) The National Cyber Security Hall of Fame has released the names of seven visionaries who will be inducted into the Hall of Fame at a gala and inductee ceremony on Thursday, October 20, at the Hilton Baltimore in Inner Harbor Baltimore, Maryland

Cyber Attacks, Threats, and Vulnerabilities

No, Russia is not tapping into Syria's undersea internet cables (Register) A tale of the spy ship Yantar, tinfoil hats and that pesky bugger we call reality

Russian hacker group used phony Google login page to hack Clinton campaign (Network World) Secure Works says the same group might have attacked the DNC

EXCLUSIVE: Hundreds Of White House Staffer’s Emails Get Leaked (Daily Caller) DC Leaks has given The Daily Caller exclusive access Wednesday to hundreds of emails leaked from White House advance associate Zach Leighton’s personal account

Clinton blasts Russian cyber-attacks as bid to install Trump as a “puppet” (Ars Technica) "Will Donald Trump admit and condemn that the Russians are doing this?"

Media vulnerable to Election Night cyber attack (Politico) A hack on the AP and its results tally could have chaos-inducing consequences

Opinion: The real cost of election insecurity (Christian Science Monitor Passcode) Voter trust is on the line unless the US increases cybersecurity at the polls

Hayden: Russian email hack is 'honorable state espionage' (GCN) Michael Hayden, a former director of both the CIA and the National Security Agency, thinks Russia’s actions involving a Democratic party email leak were fair play

Clinton vs Trump: Here's How Symantec Simulated a Cyberattack on US Presidential Election (News 18) Can the upcoming US Presidential Election be hacked? According to cybersecurity firm Symantec, it is quite possible. Symantec simulated a cyberattack on the upcoming Clinton versus Trump election by just spending around $500, primary with a $15 Raspberry Pi-like device

Republican site rigged with credit card skimmer malware for 6 months (Naked Security) Have you plastered a #NeverHillary sticker onto your refrigerator? One you picked up in the past 6 months from an online store run by Senate Republicans?

Έλληνες εντοπίζουν Ευπάθεια zero-day στο CMS Joomla (SecNews) Το SecNews έλαβε κρίσιμη αναφορά σχετικά με αδυναμία 0-day που εντοπίστηκε από Έλληνες ερευνητές και αφορά τις ιστοσελίδες που χρησιμοποιούν το γνωστό CMS Joomla

FruityArmor APT Group Used Recently Patched Windows Zero Day (Threatpost) One of the four zero-day vulnerabilities Microsoft patched last week was being used by an APT group called FruityArmor to carry out targeted attacks, escape browser-based sandboxes, and execute malicious code in the wild

Researchers bypass ASLR by exploiting flaw in Intel chip (Help Net Security) Researchers have found a design flaw in the branch predictor, a component of Intel’s Haswell processor, and have exploited it to bypass ASLR (Address Space Layout Randomization)

Malspam delivers NanoCore RAT (SANS Internet Storm Centr) NanoCore is a Remote Access Tool (RAT) that's currently available for a $25 license [1]. However, like many other RATs, NanoCore has been used by criminal groups to take over Windows computers. Beta versions of NanoCore RAT have been available to criminals since 2013 [2], and a cracked full version was leaked last year in 2015

Netflix Urging Subscribers to Change Passwords to Mitigate Possible Threat (HackRead) Netflix is sending emails to its subscribers urging them to reset their passwords after discovering "some" Netflix email addresses and passwords listed on a breach at another company

Phishing: Reeling in Enterprises for Hefty Profits (Check Point) Can you believe that phishing, the scam that tricks users into giving away sensitive information like their credit card numbers and bank login credentials, is still with us after more than twenty years?

"JapanLocker": An Excavation to its Indonesian Roots (Fortinet) Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers

After Ransomware Attack, Clinic Faces More Woes (Healthcare Info Security) 'Vendor error' leads to data loss after attack

Ransomware Family Count Surpasses 200 (BankInfo Security) More police join battle, but ransom-loving criminals just won't quit

Hackers are increasingly targeting IoT Devices with Mirai DDoS Malware (HackRead) Since the developer of Mirai malware published its source code online, the Internet of Things (IoT) devices has become highly vulnerable to malware infections

Spreading the DDoS Disease and Selling the Cure (KrebsOnSecurity) Earlier this month a hacker released the source code for Mirai, a malware strain that was used to launch a historically large 620 Gbps denial-of-service attack against this site in September

Bastille Unveils List of Top 10 Internet of Radios Vulnerabilities (BusinessWire) List coincides with new poll that finds a significant gap between Internet of Things security awareness and preparedness in the enterprise

How the Grinch Stole IoT (Beyond Bandwidth) Level 3 Threat Research Labs has previously reported on a family of malware that exploits Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets. With a rapidly increasing market for these devices and little attention being paid to security, the threat from these botnets is growing. Level 3 Threat Research Labs has been continuously tracking these botnets as they wreak havoc on victims across the internet

Firmware Security Lags as IoT Devices Proliferate (Infosecurity Magazine) As the era of automation and the Internet of Things (IoT) continues to dawn, businesses are seeing a marked increase in connected devices as part of their hardware footprint. Yet most businesses don’t have comprehensive programs in place to address firmware vulnerabilities

Routers Branded 'Achilles Heel' of Home and Small Biz Security (Infosecurity Magazine) A worrying 15% of home routers are wide open to hackers through the use of default or easy-to-guess passwords, according to new research from Eset

MetaData Exposed – Cruise, Merchant and Gov. Vessels (Wapacklabs) Wapack Labs analyzed vital metadata which began through an instructional video explaining cyber concerns on cruise ships. The video revealed an Autonomous System Number (ASN), which subsequently identified a U.S. based telecommunication company

Muddy Waters Releases New Info About St. Jude Medical Device Flaws (Dark Reading) Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched: profitsoverpatients.com

Cyber attack: SBI to re-issue 6 lakh debit cards; Axis admits breach (Business Standard) Three financial institutions, including the BSE, have faced cyber attacks in the past three months

Electronic Arts (EA) servers are down; Users are angry (HackRead) Electronic Arts (EA) users in Europe and the US are reporting that they are facing connectivity issues that won’t let them sign in, connect to the server or play games

Cyber Trends

Smart cities face unique and escalating cyber threats (Help Net Security) Ninety-eight percent of respondents to a survey conducted by Dimensional Research consider smart cities at risk for cyber attacks. Smart cities use IT solutions to manage a wide range of city services, including smart grids, transportation, surveillance cameras, wastewater treatment and more

Identity Theft Hits Low- To Moderate-Income Victims Hardest (Dark Reading) In addition to government assistance, ID theft victims frequently seek financial support from friends, family, and faith-based organizations, according to a study by the Identity Theft Resource Center

Most would stop using digital payments if breached (Help Net Security) 88% of respondents to a survey conducted by Wakefield Research would stop using digital payments if they personally fell victim to cybercriminal activities as a result of a data breach

Marketplace

7 Regional Hotbeds For Cybersecurity Innovation (Dark Reading) These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity

'Kevin Durant Effect': What Skilled Cybersecurity Pros Want (Dark Reading) For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds

Nehemiah Security Announces Acquisition of Triumfant (Nehemiah Security) AtomicEye, the industry’s first endpoint solution to automatically detect and remediate exploits without signatures of any kind, plays a critical role in Nehemiah’s comprehensive cybersecurity approach

Security startup Malwarebytes acquires AdwCleaner to nip adware in the bud (TechCrunch) After raising $50 million earlier this year from Fidelity, security startup Malwarebytes said that it would use some of the funding for acquisitions, and today comes some related news. The company is acquiring a startup out of France called AdwCleaner, whose product specifically tackles and removes adware and has seen a total of 200 million downloads across Windows XP, Vista, 7, 8, 8.1, 10 in 32 and 64-bit platforms

Yahoo's Hacking Issues May Hinder Verizon Takeover (iTechPost) The recent disclosure of a huge data breach may affect Verizon Communication's acquisition of Yahoo for $4.8 billion

Here's What Analysts Are Saying About IBM's Latest Earnings (Fortune) IBM posted its 18th consecutive quarter of declining revenue

Cybersecurity: Peace of Mind Isn’t Priceless (Wall Street Journal) Fortinet’s recent warning is the latest sign that demand is moderating in the sector

Easy Solutions Listed as a Representative Vendor in Gartner’s 2016 Online Fraud Protection Market Guide (Sys-Con Media) Easy Solutions, the Total Fraud Protection® company, has been cited in Gartner's October 2016 Market Guide for Online Fraud Detection as a Representative Vendor. The Market Guide, authored by Jonathan Care, Avivah Litan, and Tricia Phillips, aims to help fraud managers choose the most appropriate products for projects within their environment. In this year’s report, Gartner stated that “online fraud detection markets have continued to evolve, responding to increasingly advanced attacks. A further wave of vendors has appeared with machine-learning offerings, but lack in-depth fraud expertise"

St. Jude Medical Plans Cybersecurity Advisory Panel (Dark Reading) The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety

Local cyber startup gears up for commercialization, hiring (Baltimore Business Journal) Cybersecurity company Efflux Analytics plans to bring its product to market in November, after winning $10,000 in a state pitch competition earlier this month

Cloud DDoS solutions providers eye Singapore as key security hub (Security Brief) Nexusguard and Clearmanage are bringing Distributed Denial of Service (DDoS) protection and cloud computing together, with the launch of a new solution that will be targeted directly to the Singapore and Asia Pacific market

Cylance expands international footprint, chases Asian expansion (ChannelLife) Cylance expands international footprint, chases Asian expansion

Products, Services, and Solutions

Easy Solutions Listed as a Representative Vendor in Gartner’s 2016 Online Fraud Protection Market Guide (BusinessWire) Report lists vendors with fraud detection capabilities used to meet evolving user needs

Oyoty is a chatbot designed to teach kids to be safe online (TechCrunch) Given there are apps for everything, it seems inevitable there will soon be bots trying to do everything, And while it remains to be seen which of these AI-powered chatbots will prove to have lasting utility, right now it’s all about the experimentation

Microsoft’s Nadella takes on privacy fears about LinkedIn, Cortana (CSO) Microsoft’s increasing role as a data aggregator gets attention at Gartner’s conference

Axis partners with technology firm to use security ratings to manage cyber-risk (Insurance Business) Axis partners with technology firm to use security ratings to manage cyber-risk Axis Capital recently announced its partnership with BitSight, a leading provider of cyber security ratings, to reduce computer related risks with the provision of the latter’s security ratings service, specifically through its professional lines division, Axis Pro

BUFFERZONE Receives Five-Star Product Review from SC Magazine's 2016 Endpoint Security Group Test (PRNewswire) BUFFERZONE scores five out of five rating, with review praising its simple deployment and effective endpoint protection approach

Who needs 84 security vendors? With new suite, Dell looks to consolidate your protection (ZDNet) Combining Dell Data Security Solutions, Mozy by Dell, RSA, and VMware AirWatch, Dell Technologies has released a new product suite focused on endpoint data security

Technologies, Techniques, and Standards

Malvertising Trends: Don’t Talk Ad Standards Without Ad Security (Dark Reading) How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly - and what online publishers and security leaders need to do about it

IoT: How Standards Would Help Security (CareersInfo Security) Wind River's Ramanna warns against treating security 'as an afterthought'

This Is Why We Still Can’t Vote Online (Motherboard) Online voting sounds like a dream: the 64 percent of citizens who own smartphones and the 84 percent of American adults with access to the internet would simply have to pull out their devices to cast a ballot. And Estonia—a northern European country bordering the Baltic Sea and the Gulf of Finland—has been voting online since 2005

The Surprising Impact the 1992 Presidential Election Had on the Modern Internet (Motherboard) The web wasn’t common in 1992, but presidential candidates notably took baby steps toward the internet that year—Ross Perot in a bigger way than most

Still More on Loud Cyber Weapons (Lawfare) In my first post on this subject, I quoted a news story in fedscoop saying that "The development of “loud” offensive cyber tools, [that could be definitively traced to the United States and thus] able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past." I then asked why such tools were needed, when one could accomplish the same thing by a phone call to the government of the target that described something that only the true attacker would know

Agent of Influence 2.0 (Medium) An agent of influence is a particular type of agent used by an agency to deliver information (or a narrative) they hope will sway public opinion. There are three types of agent of influence

The realities of WiFi troubleshooting (Help Net Security) WiFi continues to be the source of serious problems and confusion in enterprise K-12 and higher education. The most common issues reported were WiFi association and WiFi performance, followed by the vague category of unknown

Research and Development

BAE awarded $11.4M DARPA cyber contract (C4ISRNET) BAE has been awarded an $11.4 million Intelligence Advanced Research Projects Activity (IARPA) cybersecurity contract

Legislation, Policy, and Regulation

How Should US React to Alleged Hacks by Russia? (InfoRisk Today) Range of options isn't limited to a cyber response

Sky Views: Behind the US-Russia cyberwar (Sky News) Were you surprised by the wave of cyber-attacks on Hillary Clinton's presidential campaign? Shocked, perhaps, by reports of Russian hackers worming into Democratic Party servers then handing over 20,000 emails to the folks at Wikileaks?

Putin’s Boasting Hides His Fear of Sanctions (American Interest) Russian President Vladimir Putin was in Goa, India this weekend at the annual BRICS summit, where the big announcement was that Igor Sechin’s Rosneft had bought a controlling stake (49 percent) in the Indian Essar Oil company

War Goes Viral (Atlantic) How social media is being weaponized across the world

NSA: No zero days used in last two years (C4ISRNET) It is hard to believe that not one single zero-day exploit – or a previously undisclosed vulnerability – has been used against the United States in the last 24 months, and even harder that that fact could be viewed as a negative

The US Needs One Cyber Defense Agency—Not Three, a Top NSA Official Says (Defense One) With the job divided between NSA, FBI, and DHS, 'we need to rethink how we do cyber defense as a nation'

NSA Defense Chief Imagines a Cyber Response Without Borders (NextGov) The U.S. government ought to consider forging stronger ties between agencies that manage cybersecurity, including possibly unifying their cyber defense components in a single agency, the National Security Agency's top cyber defender said today

IoT insecurity: US govt starts bashing tech bosses' heads together (Register) Everyone agrees: our group has the best solution

Regulators look to strengthen banks' cyber defenses (Federal Times) Federal regulators are looking to set up new standards for big banks' planning and testing for possible cyberattacks. The aim is to bolster the banking industry's defenses amid concern over periodic security breaches at U.S. banks

Agencies Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards (US Officer of the Comptroller of the Currency) The three federal banking regulatory agencies today approved an advance notice of proposed rulemaking (ANPR) inviting comment on a set of potential enhanced cybersecurity risk-management and resilience standards that would apply to large and interconnected entities under their supervision. The standards would apply as well to services provided by third parties to these firms

If elected, Clinton would support an “Encryption Commission” to help feds (Ars Technica) Ars examines the two leading candidates' positions on crypto and Snowden

Yahoo calls for greater transparency from intelligence services (Yahoo!) More information needed on ways US uses legal authority to obtain private data

Singapore's Cybersecurity Blueprint: Does It Come Up Short? (InfoRisk Today) Critics say plan lacks practical insights on mitigating risks

Toronto’s Public Hearing on Bill C-51 Was Utterly Demoralizing (Motherboard) On Wednesday evening, the Canadian government held a public hearing in Toronto on reforming Bill C-51, a controversial set of laws that give Canada’s police and spy agencies broad powers. It began with a lackadaisical mood

Litigation, Investigation, and Law Enforcement

Feds catch hacker allegedly responsible for LinkedIn hack (ZDNet) The hacker, caught in Prague, may be extradited to the US

Czech authorities arrest Russian suspected of hacking U.S. (Politico) Czech Republic officials have arrested a Russian citizen suspected of hacking targets in the United States

Hacker je ve vazbě (Policie Česke Republiky) Rychlý zásah expertů na pátrání

Alleged Hacker Behind 2012 LinkedIn Breach Nabbed In Prague (Dark Reading) Czech judge to decide on US extradition request

East-West SpyWar Heats Up With Arrest of Russian Hacker in Prague (Observer) With FBI help, Czech authorities nabbed a Russian wanted for hacking against Americans—is he tied to cyber-attacks on Democrats?

EU court: Site operators can log visitors’ IP address for protection against attacks (Help Net Security) The Court of Justice of the European Union (CJEU) has ruled that the German government can collect and keep IP addresses of visitors to websites operated by German Federal institutions, in order to protect those sites against cyberattacks (e.g. denial-of-service attacks)

To beat crypto, feds have tried to force fingerprint unlocking in 2 cases (Ars Technica) Is being forced to press a finger on a phone in violation of the Fifth Amendment?

‘I need a favor’: FBI official at center of alleged Clinton email ‘quid pro quo’ speaks out (Washington Post) FBI official Brian McCauley had been trying for weeks to get his contact at the State Department to approve his request to put two bureau employees back in Baghdad

Report finds racial bias in facial recognition technology (Christian Science Monitor Passcode) More than 40 rights groups asked the Department of Justice to launch a probe examining whether systems used by police to investigate crimes disproportionately identify blacks as criminal suspects

Major international law enforcement operation targets airline ticket fraud (Help Net Security) 193 individuals suspected of traveling with airline tickets bought using stolen, compromised or fake credit card details have been detained in a major international law enforcement operation targeting airline fraud

3 things you might not realize are cybercrimes (Naked Security) Welcome to Week 3 of National Cyber Security Awareness Month! This week’s theme, brought to you courtesy of the National Cyber Security Alliance of US businesses and government agencies, is about recognizing and combating cybercrime

How Cops From Four Countries Busted a Dark Web Drug Ring (Motherboard) The dark web allows people to deal drugs from wherever they happen to be based. Although not necessarily a global phenomenon, the dark web drug trade is very much international in scope, with vendors on both sides of the Atlantic, and further afield, stocking digital shelves with cocaine, heroin, and a plethora of other drugs

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June...

Upcoming Events

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater...

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual...

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators...

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from ...

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in...

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping...

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional...

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing...

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private...

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter...

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate...

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions ...

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.