skip navigation

More signal. Less noise.

Daily briefing.

Hangzhou Xiongmai Technology, which produces components widely used in digital video recorders and networked security cameras, has acknowledged that vulnerabilities in its products were exploited in Friday's distributed denial-of-service attack on Dyn. Hangzhoul is recalling thousands of devices to aid remediation of the vulnerability.

Security cameras and SOHO routers formed the better part of the Mirai botnet herd that stampeded through Dyn at the end of last week. One IoT vendor, Will Price, founder of Simple Control, told CEPro that it's misleading to call this DDoS incident an Internet-of-things problem. He would rather understand it as a problem with vendors releasing products that aren't properly secured, an issue that's certainly not confined to the IoT. He's got a point, but the combination of widespread deployment, weak security, and user inattention do seem to make the IoT particularly vulnerable to this sort of exploitation.

Attribution of the Dyn attacks remains unclear. The Washington Free Beacon said that US Director of National Intelligence Clapper told it the incident was the work of "a multi-national hacker group." He didn't elaborate, but other sources suggested it was vandalism as opposed to a nation-state attack. (Contrast, however, the Koppel-Alexander dialogue at CyCon.) Anti-virus pioneer, security gadfly, and quandam (we think) presidential candidate John McAfee thinks he knows whodunit: North Korea. He bases this attribution on what he describes as dark web chatter.

One apparent patriotic hacktivist, "Jester," is convinced the Russians are coming. He sent them a message by defacing an old Foreign Ministry site.

Notes.

Today's issue includes events affecting Afghanistan, Australia, China, Czech Republic, Germany, Japan, Democratic Peoples Republic of Korea, New Zealand, Russia, Syria, United Arab Emirates, United Kingdom, United States.

A note to our readers: National Cyber Security Awareness Month is now in its' final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the Johns Hopkins University's Joe Carrigan on the security of IoT devices. Our guest is Malcolm Harkins from Cylance. We caught up with him at CyberMaryland last week, and he offered us his contrarian vies that breaches in fact aren't, and don't have to be, inevitable. As always, if you enjoy the podcast, please consider giving it an iTunes review.

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Dateline CyCon US 2016

The Logic of Deterrence in Cyberspace: a conversation between Ted Koppel and Keith Alexander (The CyberWIre) Ted Koppel interviewed former NSA Director General Keith Alexander (US Army, retired) about the current state of cyber conflict. Koppel opened their discussion (after some graceful words from Alexander complimenting Koppel's book on the cybersecurity of the electrical power infrastructure) with a question about attempts to influence the upcoming US elections

"An irresponsible breach of the rules of the playground": Kevin Mandia on the state of the threat. (The CyberWIre) Mandia offered five high-level observations about the current state of the cyber threat, including a shift in the adversary's rules of engagement--"an irresponsible breach of the rules of the playground"

The Decline in Chinese Cyberattacks: The Story Behind the Numbers (MIT Technology Review) The Obama administration has been touting a decrease in commercial espionage, but the reality for corporate America may be more complicated

Critical Infrastructure, Cyber Conflict, and Compliance Regimes (The CyberWire) A panel on cyber security policy offered both a take on the current state of the sector and advice for the next Administration and Congress. Panelists included Richard Harknett (Professor of Political Science at the University of Cincinnati, currently scholar-in-residence at US Cyber Command), Melissa Hathaway (President of Hathaway Global Strategies and senior adviser to Project MINERVA at the Harvard Kennedy School), Catherine Lotrionte (Director of the Institute for Law, Science and Global Security and Visiting Assistant Professor of Government and Foreign Service at Georgetown University), and Angela McKay (Director, Cybersecurity Policy and Strategy at Microsoft). Aaron Brantly (Assistant Professor in the Department of Social Sciences and the Army Cyber Institute, United States Military Academy) chaired the session

In cybersecurity contest, hackers target critical infrastructure (Christian Science Monitor Passcode) At the inaugural Passcode Cup capture the flag challenge, competitors raced through hacking challenges that ranged from password-cracking to compromising a mock water treatment facility

The Vulnerability Equities Process: Disputed Questions (The CyberWire) Stephanie Pell (Assistant Professor and Cyber Ethics Fellow at the Army Cyber Institute) moderated a panel discussion of the US Government's vulnerability disclosure practices. Panelists included Dave Aitel (Founder, President, and CEO of Immunity Inc.), Steven M. Bellovin (Professor of Computer Science, Columbia University), and Ari M. Schwartz (Managing Director, Cyber Security, at Venable). Pell set the discussion up by the going-dark/crypto wars debate. She described "Playpen," a court-approved use of malware to exploit a vulnerability that enabled law enforcement to identify customers who frequented a dark web child porn site. Mozilla filed a motion to compel the FBI to disclose the vulnerability so that Mozilla could patch it to protect Firefox users. This, she suggested, is the sort of issue the Government's Vulnerability Equities Process (VEP) was designed to address

Heartbleed: Understanding When We Disclose Cyber Vulnerabilities (The White House) For an agency whose acronym was once said to stand for “No Such Agency,” speaking out about Heartbleed was unusual but consistent with NSA’s efforts to appropriately inform the ongoing discussion related to how it conducts its missions

Government’s Role in Vulnerability Disclosure: Creating a Permanent and Accountable Vulnerability Equities Process (Belfer Center for Science and International Affairs) When government agencies discover or purchase zero day vulnerabilities, they confront a dilemma: should the government disclose such vulnerabilities, and thus allow them to be fixed, or should the government retain them for national security purposes?

Everything You Know About the Vulnerability Equities Process Is Wrong (Lawfare) The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities

Clinton’s encryption solution would require a ton of oversight (CyberScoop) Law enforcement taking advantage of zero day exploits is preferred to an overarching encryption “backdoor” law, a group of cryptography, security policy and digital privacy experts said Friday during a panel discussion at the 2016 CyCon U.S. cybersecurity conference

Warner: Procurement and personnel key for cyber (CyberScoop) Fixing the way the U.S. government buys technology and hires and deploys its workforce is the key to improving the nation’s cybersecurity defenses, not changing the way authorities and responsibilities are divided up between federal agencies, Sen. Mark Warner, D-Va., said Friday

CyCon U.S. (CCDCOE/Army Cyber Insititute) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater information exchange among industry, academia, and government entities at both the national and international levels. The issues to be covered include the future of international cooperation, imminent technical challenges and requirements, forthcoming conflicts in cyberspace, and the potential for new legal frameworks, standards, and regulations

Cyber Attacks, Threats, and Vulnerabilities

Chinese firm admits its hacked products were behind Friday's massive DDOS attack (CSO) Botnets created from the Mirai malware were involved in Friday's cyber attack

The DDoS Attack On Dyn – A Recap From Imperva (Information Security Buzz) DNS provider Dyn was knocked offline for much of the day, causing disruption to several well-known SaaS applications and internet sites, including Amazon, Twitter, GitHub and The Boston Globe. The company later that day confirmed that the cause was a large DDoS attack, and that it was an internet of things (IoT) attack using the newly-discovered Mirai botnet

Dyn’s Day ‘Out’ Highlights Malware Riding on IoT (Read It Quick) The attacks that plagued the Internet address lookup service provider Dyn on Friday, left its 1,200 domains in the lurch. The impacted sites, included Amazon, Etsy, GitHub, Shopify, Twitter and The New York Times, to name a few. Millions of users across the world lost access to these popular sites as attackers pounded Dyn’s servers with fake IP traffic till the site collapsed

Dyn DDoS attack exposes soft underbelly of the cloud (InfoWorld) The DDoS attack against Dyn affected numerous websites, but the biggest victims are the enterprises that rely on SaaS for critical business operations

Mirai, Mirai, on the wall – through the looking glass of the attack on Dyn (Naked Security) On Friday, one of the largest and most powerful distributed denial of service (DDoS) attacks in recent history hit DNS provider Dyn and its customers, impacting major services like Twitter, Reddit and Spotify

Dyn DDoS – what can we do right now to help prevent the next attack? (Naked Security) The digital dust has settled, for now at least, on last week’s Distributed Denial of Service (DDoS) attack against DNS service provider Dyn

Future mega web outages: Here's what the security experts have to say (TechRadar Pro) Last Friday’s big web outage is still a hot topic for discussion

Home Automation and Cryptography Expert on DDoS Attack: Don’t Blame IoT (CEPro) Blaming last week’s Internet outage on the rise of connected devices is just a convenient meme, says encryption expert Will Price, founder of the home automation provider Simple Control (Roomie Remote)

Here's One Strategy for Thwarting Denial of Service Cyberattacks (Fortune) Companies that used multiple servers saw less of an impact from last Friday’s attack

The Cyber Threat: Dyn Cyber Attack Highlights Internet of Things Hacking (Washington Free Beacon) Clapper says multi-national hacker group to blame

John McAfee: North Korea behind Dyn DDoS assault, larger attacks on the way (Techspot) Whenever a major security incident takes place in the tech world, you can be certain that John McAfee will weigh in with his opinion. The anti-virus pioneer has just revealed who he believes was behind Friday’s DDoS attacks on popular DNS provider Dyn

Jester defaces website but the Russian Government isn’t laughing (Naked Security) The Russian Ministry of Foreign Affairs’ website is normally a pretty sedate read

DNC Chair Claims Damning Leaked Emails Were ‘Doctored.’ A Cyber Security Expert Just Demolished Her Cop-Out (IJR Wildfire) In an interview with Megyn Kelly last week, DNC Chairman Donna Brazile was questioned about a Wikileaks email that revealed she received questions for the CNN debate before it even happened

How security flaws in voting machines could discredit election results (ZDNet) Security experts say voting machines are easy to tamper with, and in several key battleground states ballots will be nearly impossible to verify

CrowdStrike’s Shawn Henry on Cyberterrorists, Ransomware and Hacked Elections (Brink) When the Democratic National Committee discovered in June that’s its entire computer network had been hacked, it called on Shawn Henry, president of CrowdStrike and former head of the FBI’s cyber division, to ferret out the damage and ultimately identify the perpetrators, who were deemed to be agents of the Russian government

Military Warns Chinese Computer Gear Poses Cyber Spy Threat (Washington Free Beacon) Lenovo seeking access to classified Pentagon networks, J-2 report says

Researchers spot ransomware evolving into 'doxware' to scare victims into paying (SC Magazine) As companies grow aware of the threat of ransomware, threat actors are upping the ante with “doxware” by implementing features to ransomware that could leak a victim's data if ransoms aren't paid

Indegy CTO to Disclose Zero Day SCADA Vulnerability at the ICS Cyber Security Conference (BusinessWire) Session will explain how flaw in Schneider Electric software enables attackers to remotely control industrial processes

U.S. Commander: ISIS Attempting to Establish Caliphate in Afghanistan (NBC News) ISIS is trying to establish a caliphate inside Afghanistan, the country's top U.S. commander said

Hired experts back claims St. Jude heart devices can be hacked (Reuters) Short-selling firm Muddy Waters said in a legal filing on Monday that outside experts it hired validated its claims that St. Jude Medical Inc cardiac implants are vulnerable to potentially life-threatening cyber attacks

Indian banks use insecure ATM machines, still cling to outdated Windows XP: Report (India Today) There is still some time before we get a clear picture of the data breach that has affected over 32 lakh debit cards in India. But cyber security firm Kaspersky has done some quick analysis of it with a more detailed one still in the process. Although for now the company is neither denying nor confirming the State Bank of India debit cards breach, it is quite blunt in saying that the banking industry in India is very cavalier about the cyber security and that is not good for consumers

Security Patches, Mitigations, and Software Updates

Chinese Manufacturer Recalls IOT Gear Following Dyn DDoS (Threatpost) Hangzhou Xiongmai said that it will recall millions of cameras sold in the U.S. in response to Friday’s DDoS attack against DNS provider Dyn that kept a number of web-based services such as Twitter, Github and others offline for much of the day

Microsoft's New Patch Tuesday Model Comes With Benefits And Risks (Dark Reading) Microsoft has transitioned its Patch Tuesday update process to a cumulative rollup model. What businesses need to know about the new patching regimen

Cyber Trends

AT&T: Most Cyber Attacks Easily Prevented (Light Reading) New AT&T research in the latest AT&T Cybersecurity Insights report, “The CEO’s Guide to Navigating the Threat Landscape,” shows that most cyberattacks impacting today’s businesses are “known” or common threats

When Naming Cyber Threat Actors Does More Harm Than Good (Council on Foreign Relations) Cybersecurity firms, despite their increasing prominence in light of greater media attention at Russian and Chinese cyber operations, are often criticized for their biases when identifying advanced persistent threat actors (APT). Two critiques are most-often heard

In cyber, knowledge is a powerful weapon (C4ISRNET) The general notion is that much of the core understanding in cyber is in place. I would like to challenge that. There are still vast territories of the cyber domain that need to be researched, structured and understood

SMB security: The evolving role of SaaS and IT outsourcing (Help Net Security) SMBs need to bridge the gap between smaller IT security budgets and a shortage of expertise to face the very real and growing threat of cyber attacks, according to Kaspersky Lab

Why SOC Deployments Are Increasing in India (InfoRisk Today) Gartner's Kaur offers insights on trends, challenges

Marketplace

What Investors Need to Know After the Vera Bradley Security Breach (Motley Fool) The handbag company is the latest victim of hackers. Investors should brace for fallout

IBM issues apology after cyber-attack shuts down Australian national census (Tech 2) International Business Machines Corp apologized to Australia on Tuesday for what the government has described as a “malicious” cyber-attack that shut down a national census, but blamed two domestic internet providers for the security lapse

The Russian Expat Leading the Fight to Protect America (Esquire) In a war against hackers, Dmitri Alperovitch and CrowdStrike are our special forces (and Putin's worst nightmare)

DarkMatter, vArmour offer cybersecurity solutions to Middle Eastern businesses (Gulf News) DarkMatter recently announced a partnership with vArmour, which aims to offer customers of both companies cybersecurity solutions

Spies for Hire (Intercept) In July, Simone Margaritelli, an Italian security researcher, boarded a Boeing 777 in Rome headed for Dubai, a city now billing itself as a tech startup hub

UAE surveillance contractor is recruiting an army of foreign hackers to break into its citizens' devices (BoingBoing) The world's most sophisticated security experts have been bombarded with recruiting offers from UAE-based company Darkmatter, which bills itself as a major state security contractor -- but people who've taken the bait say they were then told that they were being hired to weaponize huge arsenals of zero-day vulnerabilities so that the UAE can subject its own population to fine-grained, continuous surveillance

Wynyard Group in voluntary administration (NewsHub) Local tech company Wynyard Group has been placed into voluntary administration

Short Ixia: Why Ixia Is No Longer Secure (Seeking Alpha) Ixia's uniquely unfavorable relationships with clients adds additional, unaccounted risk. Ixia will be unable to capture strong future growth trends within the cybersecurity industry. Ixia is currently trading at a premium given the current outlook of the company

Fortinet talks up benefits of new Frankfurt datacentre (Channelnomics) Security vendor makes cloud solutions available from German facility

Buying into the Blockchain: How Bitcoin and Blockchain Cryptography are Upending Traditional Ideas of Investing (NuWire Investor) One of the biggest buzzwords within the banking and financial technologies at the moment is blockchain. Blockchain is decentralized technology that is revolutionizing the way people all over

root9B Technologies Announces Results of 2016 Special Meeting of Stockholders (Yahoo! Finance) root9B Technologies, Inc. (RTNB) announced the results of its 2016 Special Meeting of Stockholders, held earlier today in New York City

Palo Alto Networks Appoints Mary Pat McCarthy to Board of Directors (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced the appointment of Mary Pat McCarthy to the company's board of directors. She also will be joining the board's audit committee

Former AOL Counsel, Big Data Expert Joins Venable as Partner in Privacy, Data Security Practice (Corporate Counsel) Law firm Venable recently announced the addition of former AOL Inc. chief counsel Charles D. Curran as a partner in its privacy and data security practice

Express Logic Hires Industry Security Expert to Drive IoT Embedded Security Solutions (BusinessWire) Express Logic, Inc., the worldwide leader in royalty-free real-time operating systems (RTOS) with more than 5.4 billion deployments, today introduced widely respected expert Tim Stapko, head of its recently established Security Products department

Aon just hired the FBI's top cybersecurity expert (Chicago Tribune) Aon has hired the FBI's top cybersecurity expert to its cyber risk team, hoping his expertise will help clients avoid being taken down by an internet attack like the massive one that brought down Twitter, Spotify and others on Friday

Products, Services, and Solutions

Centrify Bolsters MFA Everywhere Initiative to Stop Attacks Across Hybrid IT Infrastructures (BusinessWire) Centrify’s Multi-Factor Authentication solution now supports additional operating systems and authentication factors while extending MFA to additional privileged identity use cases

ThreatConnect and Symantec Collaborate to Provide Premium Threat Intelligence for Improved Threat Management (BusinessWire) ThreatConnect now utilizes Symantec DeepSight advanced IP and URL reputation feeds

ThetaRay Analytics Platform to Help Large Organizations Detect Unknown Threats and Opportunities (PRNewswire) THETA now implemented at several multinational banks and other businesses

TopSpin Security First to Combine Threat Intelligence and Advanced Asset Profiling in Intelligent Deception Solutions to Protect Assets from Cyber Attackers (Yahoo!) TopSpin Security, Inc., the leader in integrated deception and detection solutions, today at the 2016 FS-ISAC Fall Summit introduced the newest version of DECOYnet™, the industry's first deception and detection solution to combine threat intelligence and advanced asset profiling to help keep cyber attackers away from organizations' real assets

Jihadists' favorite messaging apps gain popularity in DC (Washington Times) Some of the same unhackable applications that have become the "favorite technologies" of the Islamic State and other terrorist groups have gained popularity in Washington, D.C., in part because the federal government is still struggling to find ways to protect government communications

Technologies, Techniques, and Standards

Cybersecurity experts call for ‘internet of things’ standards in wake of massive attack (San Jose Mercury News) Cybersecurity experts on Monday called for standardized security measures for connected webcams, printers and routers in the wake of a massive cyber attack spread by those devices

5 Tips For Preventing IoT Hacks (Dark Reading) The recent DDoS attack on Dyn was powered in part by a bot army of home devices. How not to let your webcam or other IoT system go rogue

The CEO's Guide to Navigating the Threat Landscape (AT&T) Increasingly, organizations of all sizes are facing a growing variety of cyberthreats. AT&T Cybersecurity Insights reports will help build your knowledge of enterprise security issues and equip you and other leaders within your organization to make better security decisions. Get informed, stay protected

Academia

Einaudi lecturer will link cybersecurity and national security (Cornell Chronicle) How serious a threat is cyberwarfare? Does it fundamentally change the nature of international conflict, or does it simply provide combatants with another set of tools and techniques?

Legislation, Policy, and Regulation

NATO member commanders outline cyber priorities (IHS Jane's International Defense Review) Senior military commanders from across NATO have described the practical challenges and opportunities facing the armed forces as developments in cyberspace continue to advance across the contemporary operating environment

US Cyber Command's DCOM outlines emerging threat environment (IHS Jane's 360) The effects of operations in cyberspace across '21st Century Warfare' is forcing militaries to rapidly develop concepts of operation and command structures to deal with emerging requirements, a senior US commander has announced

US Army keeping wary eye on Russia (The Hill) U.S. military leaders are increasingly leery of Russia, even as Republican presidential nominee Donald Trump talks about improving relations with the nation on the campaign trail

One team, one fight, one agency? (CyberScoop) A senior NSA official told the American Enterprise Institute last week that the U.S. should consider combining parts of the National Security Agency, Department of Homeland Security, and Federal Bureau of Investigation/Department of Justice into a single organization

Agencies turn attention to plugging cyber holes in software (Federal News Radio) Agencies are ramping up to take on the next major cybersecurity challenge —software assurance

Pentagon launches next round of ‘bug bounties,’ including cyber tests of sensitive systems (Federal News Radio) The Pentagon last week made contract awards in its promised expansion of federal government’s first-ever bug bounty — the “Hack the Pentagon” challenge which would up finding and closing 138 separate cybersecurity vulnerabilities in DoD’s public-facing websites earlier this year

For the Navy, its all about cyber resiliency, not cyber protection (C4ISRNET) The Navy is thinking differently about its approach to cybersecurity, according to a top official

Litigation, Investigation, and Law Enforcement

Distributing encryption software may break the law (Opensource) FOSS cryptography is a powerful tool but may carry some risk

German Terrorism Case Highlights Europe’s Security Challenges (New York Times) The warning came to the German security authorities in early September from “our best partners,” as they euphemistically refer to the American intelligence agencies: A terrorist assault might be in the works

Media watchdog slams Tokyo after journalist alleges U.S. military spying (Japan Times) The government is under fire for failing to protect press freedom following a Japan Times report by a British journalist revealing that the U.S. military has spied on him over his activities in Okinawa

Anonymous hacker charged with #opJustina DDoS attacks on hospitals (Naked Security) The Anonymous-affiliated hacker who admitted to cyberattacks on two hospitals in the #opJustina operation and fled the country while being investigated was indicted last week

Russian Hacker Behind LinkedIn Breach also Charged with Hacking Dropbox and Formspring (Hacker News) The alleged Russian hacker, who was arrested by the FBI in collaboration with the Czech police, was believed to be the one responsible for massive 2012 data breach at LinkedIn, according to a statement released by LinkedIn. Now, United States authorities have officially indicted Yevgeniy Aleksandrovich Nikulin, 29-years-old Russian national, for hacking not just LinkedIn, but also the online cloud storage platform Dropbox, and now-defunct social-networking company Formspring

Pulling back the covers on a critical IG report about Interior’s cyber efforts (Federal News Radio) There’s a problem with many reports from federal auditors that doesn’t get mentioned often enough in government. Many times these inspector general or Government Accountability Office reports are just snapshots in time and could be as much as 6-to-12 months old in terms of the actual state of the federal agency

Clinton State Department IT Official John Bentel Takes Fifth Amendment During Judicial Watch Deposition (Judicial Watch) Judicial Watch announced today that another witness in the Clinton email matter asserted his Fifth Amendment rights during a Judicial Watch deposition today. The deposition of John Bentel, the State Department’s former Director of Information Resource Management of the Executive Secretariat (“S/ES-IRM”), was ordered by U.S. District Court Judge Emmet G. Sullivan. S/ES-IRM is the office that handles information technology for the Office of the Secretary. Mr. Bentel answered over 90 questions with “On advice from my legal counsel, I decline to answer the question and I invoke my Fifth Amendment rights”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

Upcoming Events

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

18th Annual AT&T Cybersecurity Conference (New York, New York, USA, October 24 - 25, 2016) Countless cyberthreats circle your organization every second of every day. While your organization utilizes more mobile, IoT and emerging technologies, attackers simply focus on more ways to exploit them.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual...

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators...

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from ...

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in...

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping...

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional...

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing...

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private...

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter...

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate...

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions ...

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.