skip navigation

More signal. Less noise.

Daily briefing.

CyberHunta, thought to be Ukrainian hacktivists, dox Putin consigliere Vladislav Surkov, releasing emails that indicate Surkov's connections with Russian separatists fighting inside Ukraine. The Russian government has long denied such support, but vanishingly few observers believe those denials. President Putin says the emails are fabricated: "Surkov doesn't use electronic mail."

The French government looks at ongoing US experience with online political meddling (which the US has ascribed to Moscow) and warns its own candidates that they should expect to be on the receiving end of similar ministrations.

US intelligence sources say ISIS continues to seek to inspire attacks online from its Syrian headquarters in Raqqa. Vectra Networks says it's found an extensive cyber espionage campaign, "Moonlight," operated by Hamas against unnamed Middle Eastern targets.

Dyn offers more results of investigation into the distributed denial-of-service attack it sustained last week. It confirms that it was a Mirai botnet and that about 100 thousand devices were implicated (fewer than earlier estimates had put the number). The attackers used masked TCP and UDP traffic across Port 53; they also employed recursive DNS retry traffic. Investigation of the Dyn attacks is ongoing; Dyn won't speculate about attackers or their motives.

Analysts warn that more attacks like this can be expected; Singapore's StarHub already experienced them on Saturday and again on Monday. Correro reports observing exploitation of Lightweight Directory Access Protocol (LDAP) to amplify DDoS attack traffic over the weekend. The company warns that LDAP exploitation combined with a Mirai botnet could prove extremely serious.

Notes.

Today's issue includes events affecting Australia, China, France, Ireland, New Zealand, Russia, Singapore, Syria, Ukraine, United Kingdom, United States, and Vietnam.

A note to our readers: National Cyber Security Awareness Month is now in its final full week. The theme is "our continuously connected lives: what's your 'apptitude'?"

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from our partners at Ben Gurion University, whose Yisroel Mirsky will talk about machine learning. Our guest, Plixer's Thomas Pore, will discuss the Mirai botnet source code. As always, if you enjoy the podcast, please consider giving it an iTunes review.

TECHEXPO Cyber Security Hiring Event (McLean, VA, USA, November 2, 2016) Our professional hiring events have benefited nearly a million attendees since 1993. We look forward to helping you advance your career and saving you time in your job search by providing you the opportunity to meet face to face with the nation's leading companies.

Malware Detection: How to Spot Infections Early with AlienVault USM (Live Webcast, November 3, 2016) While malware has been a thorn in the side of IT pros for years, some of the recent variants observed by the AlienVault Labs security research team, like CoreBot, have the ability to modify themselves on the fly, making them nearly impossible to detect with traditional preventative security measures. Join us for a live demo to learn about the most common types of malware, and how you can detect infections quickly with AlienVault USM.

Cyber Attacks, Threats, and Vulnerabilities

Hakerzy ujawnili przestępcze plany Putina (FAKT24) Ukraińscy hakerzy przejęli tajne dokumenty Rosji dotyczące Ukrainy. Plany zostały wykradzione ze skrzynki mailowej doradcy samego Władimira Putina. Chodzi o Władisława Surkowa, który podpowiada Putinowi w kwestiach Abchazji, Osetii oraz Ukrainy. Autentyczność dokumentów potwierdziła Służba Bezpieczeństwa Ukrainy (SBU)

Kremlin Brushes Off E-Mail Leak Allegedly Showing Russian Hand In Ukraine Conflict (Radio Free Europe/Radio Liberty) The Kremlin has challenged the authenticity of leaked e-mails purportedly from the inbox of presidential aide Vladislav Surkov that appear to show the Russian government's coordination with separatists in eastern Ukraine

It's On: US Mulls Tricky Options for Retataliation Against Russian Hacks (NextGov) The decision by top intelligence and Homeland Security officials to attribute election-related data breaches to top Russian government officials earlier this month marked a sea change in cyber relations between the two former Cold War adversaries

Expert at USF cybersecurity conference rejects idea of hijacked Nov. 8 election (Tampa Bay Times) Despite a concerted effort by Russians to interfere with the Nov. 8 presidential election, and constant claims by Republican nominee Donald Trump that it is rigged, American voters should not fret, says a man who was once a top spook

France warns candidates on cyber risk after U.S. election hacks (Bloomberg via the Chicago Tribune) France's cyber-security watchdog is briefing the country's presidential candidates on hacking threats, drawing lessons from attacks that have disrupted the U.S. election campaign

DDoS attacks from webcams, routers hit Singapore's StarHub (CSO) The outage follows IoT-based DDoS attacks that knocked out internet access to many US sites

DDos On Dyn Used Malicious TCP, UDP Traffic (Dark Reading) Dyn confirms Mirai IoT botnet was 'primary source' of the attack, with some 100,000 infected devices sending the bogus traffic

DDoS attack overwhelmed Dyn despite mitigation efforts (CSO) Orders of magnitude fewer devices caused the service interruptions, Dyn says

What you need to know about the botnet that broke the internet (Christian Science Monitor Passcode) Why security experts are worried about Mirai – the software attackers use to create malicious networks out of ordinary connected devices – and how you can protect yourself

Mirai Aftermath: China's Xiongmai Details Webcam Recall (BankInfo Security) But true fix requires a more resilient Internet, experts warn

Chinese Firm Says It Did All It Could Ahead of Cyber-Attack (Gadgets 360) A Chinese electronics maker that has recalled products sold in the US said Tuesday it did all it could to prevent a massive cyber-attack that briefly blocked access to websites including Twitter and Netflix

Analysts fear even bigger cyber attacks are coming (San Diego Union-Tribune) Security experts fear the big cyberattack that debilitated Twitter, PayPal, Netflix, Airbnb and dozens of other companies last week could be a precursor to a larger assault that deeply impacts American society, possibly during the holiday shopping season

DHS official: DDoS attack triggered use of new cyber-response 'schema' (Inside Cybersecurity) Last week's distributed denial of service attack that temporarily shut down social media sites triggered use of the Department of Homeland Security's new “schema” for identifying and evaluating a cyber incident in order to determine the federal government's response, according to a DHS official

Attackers are now abusing exposed LDAP servers to amplify DDoS attacks (PC World) LDAP adds to the existing arsenal of DDoS reflection and amplification techniques that can generate massive attacks

Zero-day DDoS attack vector leverages LDAP to amplify malicious traffic (SC Magazine) Corero Network Security today disclosed a zero-day distributed denial of service attack (DDoS) technique, observed in the wild, that is capable of amplifying malicious traffic by a factor of as much as 55x

‘Moonlight’ Hackers Coordinating Targeted Attacks Against Entities In The Middle East (Information Security Buzz) Vectra Networks has uncovered a hacking group (code named Moonlight) conducting cyberespionage against targets in the Middle East. Vectra has identified over two hundred samples of malware generated by the group over the last two years

Islamic State continues to plot against the West, US military warns (Long War Journal) The US military warned today that the Islamic State continues to plot attacks against the West from its headquarters in Raqqa, Syria

CyberX Threat Intelligence Uncovers Critical Vulnerability in Industrial Control Systems (ICS) Firewall (PRNewswire) Cyberattackers can exploit vulnerability to impact safety and production in critical infrastructure sectors such as energy, chemicals, transportation and manufacturing

Major Security Flaw Targets Industrial Computer Systems (Voice of America) A major security vulnerability affecting one of the world’s largest manufacturers of computerized industrial control systems, Schneider Electric, has recently been identified, according to a leading cybersecurity firm

Pager Security Can Affect Critical Infrastructure (Security Intelligence) Pagers don’t get much attention in this era of smartphones and tablets. They are, however, still widely used in industrial control systems (ICS). Pagers are also good backup for everyday communication since they are functional in areas that have poor cellphone signals

4SICS: ICS threats are mostly unknown, industry needs more information sharing (SC Magazine) Opening his Keynote speech at the third edition of 4SICS in Stockholm, Robert M. Lee, CEO of ICS security company Dragos Inc., said that “ICS threats are currently mostly unknown"

Dirty COW bug leaves 5,000 servers in Vietnam vulnerable to attack: Bkav (Tuoi Tre News) More than 5,000 computer server systems powered by Linux operating system are vulnerable to hacker attacks as they suffer the serious Dirty COW bug, a local security company has warned

Personal Tracking Devices Expose Public Privacy Risk (eWeek) A study by Rapid7 finds multiple vulnerabilities in Bluetooth tracking technologies, leading to possible security breaches as IoT device use continues to rise

Fake Blue Screen of Death faux-freezes your system like the real McCoy (Naked Security) There’s a new fake support scam in town, hiding behind a file calling itself Microsoft Security Essentials, and it’s trying to trick victims into contacting bogus help centers

Vulnerability Spotlight: Iceni Argus Buffer Overflows (Talos) Talos has identified two stack-based buffer overflows (TALOS-2016-0200 & TALOS-2016-0202) in the Iceni Argus pdf content extraction software. This software is used to convert a pdf document into various tagged and xml-based formats (such as XHTML)

AdaptiveMobile Finds That Thousands of North American iCloud Users’ Accounts Are Still Being Hijacked to Send Spam (Businesswire) Hackers turn growing number of iMessage accounts into spam bots that target China

Can the phishing epidemic be stopped? (GCN) Researchers at Germany's Friedrich-Alexander University (FAU) recently conducted two spear-phishing studies. Before the experiment was underway, a questionnaire was sent to all participants asking them to “rate their own awareness of security.” Of the 1,700 participants, 78 percent claimed they were aware of the risks of clicking on unknown links

Your Bill Is Not Overdue today! (SANS Internet Storm Center) Just as little as yesterday's order that "proceeded." It Look like today's ransomware subject is "Your Bill is Overdue." But then again, don't bother blocking it. Block ZIP'ed visual basic scripts. This round of Locky makes blocking a tad harder by using "application/octet-stream" as a Content-Type instead of "application/zip"

Ransomware for sale on nonsensical dark web malware site (Graham Cluley) “Everyone knows Locky! Time has come, new ransomware is arrived. Goliath is sell here”

Stolen medical records available for sale from $0.03 per record (Help Net Security) The development of the market for stolen data and related hacking skills indicate that the business of cybercrime in the healthcare sector is growing, according to Intel Security

Malicious Insider Threat as Hackers Target Healthcare IP (Infosecurity Magazine) Financial records continue to be far more lucractive on the darkweb markets than medical information, although healthcare organizations must be alive to the dangers of exploit kits, malicious insiders and attacks targeting IP, according to Intel Security

ATMs Still a Weak Link for Bank Security (Infosecurity Magazine) More than physical distraction and rogue software applications on the ATM itself, the securing of the hole in the wall has become a priority in banking security

NFC – Friend or Foe (Wapack Labs) Wapack Labs has previously exposed the hazards of using near-field communication (NFC) devices in our support during the 2016 Summer Olympics in Rio De Janeiro and other collection and research projects

Security Patches, Mitigations, and Software Updates

Emergency Flash Player patch fixes zero-day critical flaw (CSO) Adobe warns that hackers are already exploiting the vulnerability in limited attacks

Adobe Patches Flash Zero Day Under Attack (Threatpost) Adobe today released an emergency Flash Player update that includes a patch for a vulnerability being exploited in targeted attacks

Security Notification – Unity Simulator (Schneider Electric) Schneider Electric has become aware of a vulnerability in the Unity PRO Software product

New SCADA Vulnerability Enabled Remote Control Of ICS Networks; Fix Quickly Issued (HS Today) Cyber security vendor Indegy disclosed a vulnerability in a Schneider Electric software application that can be used to remotely control industrial processes at the 2016 Industrial Control Systems Cyber Security Conference in Atlanta today

Cyber Trends

Just a Quarter of Orgs Share Threat Intelligence (Infosecurity Magazine) US company boards are getting more involved in cybersecurity, but information-sharing of threat intelligence across business communities still lags

Good Harbor's Richard Clarke talks about the impact of Yahoo’s massive data breach (FedScoop) Clarke shares insights on what the government needs to protect the voting and election process, as well

Marketplace

Security Orchestration Market Worth 1682.4 Million USD by 2021 (MarketWatch) According to a new market research report"Security Orchestration Market by Component (Solution and Service), Application (Threat Intelligence, Network Forensics, Ticketing Solutions, and Compliance Management), Deployment Mode, End User, and Vertical, Region - Global Forecast to 2021 " published by MarketsandMarkets, the market size is estimated to grow from USD 826.1 Million in 2016 to USD 1682.4 Million by 2021, at an estimated Compound Annual Growth Rate (CAGR) of 15.3%

Inside The Foggy, Shady Market For Zero-Day Bugs (Motherboard) Earlier this year, the FBI abruptly ended a months-long acronymous legal battle with Apple to unlock the iPhone of a dead terror suspect. The bureau hasn’t told anyone that much about how it finally got into the phone, but experts assume someone gave the feds a way in thanks to an unknown vulnerability, or “zero-day"

Verizon exec: Yahoo deal 'still makes sense' despite security breach (Seeking Alpha) Verizon's (VZ -0.4%) $4.83B deal to acquire the core of Yahoo (YHOO -1.3%) still makes sense even in light of Yahoo's massive security breach, says Verizon exec Marni Walden

Why Verizon's Due Diligence May Not Have Caught Yahoo's Massive Security Breach (Fast Company) Cyber due diligence typically looks at overall policies and broad risk rather than scouring networks from top to bottom, experts say

AT&T/Time Warner seems headed for FCC review, whether AT&T likes it or not (Ars Technica) Time Warner has dozens of licenses that could trigger a public interest review

AT&T Secret For-Profit Spy Program Rakes in Millions (Infosecurity Magazine) AT&T reportedly has been running a massive secret spying program—funded by tens of millions in taxpayer money—for state and local law enforcement agencies to conduct warrantless searches of trillions of call records and other customer metadata, such as precise physical location

Conspiracy or cockup? Google hid ProtonMail's encrypted email service from search results (Graham Cluley) The jury is out

Qualcomm to acquire NXP Semiconductor for $47 billion (TechCrunch) Qualcomm will acquire NXP Semiconductor in a deal worth around $47 billion in a cash deal. The two chip-making giants were said to have reached an agreement last week, but today’s announcement from Qualcomm makes it official

Tenable Network Security makes first acquisition (Baltimore Sun) Tenable Network Security Inc. has acquired FlawCheck, a small San Francisco firm, in a deal that will expand Tenable's security software offerings

Tenable Network Security Acquires Container Security Company FlawCheck (Yahoo! Finance) Tenable Network Security, Inc.®, a global leader transforming security technology for the business needs of tomorrow, announced today it has acquired FlawCheck, becoming the first vulnerability management company to provide security for Docker containers and support organizations’ modern DevOps processes

Enterprise Mobile Device Configuration and Deployment Software, Tachyon, Acquired by Samsung Electronics (PRWeb) Acquisition will completely automate the setup process for Samsung’s enterprise Android devices, thereby leading to faster, more secure and cost-effective, accurate and complete rollouts

‘We have many IoT customers’ says Huawei CTO (Register) Czech 'em out

Cyber Security: Five Firms Working to Squash Cyber Attacks (Wall St. Daily) Angry at a journalist for writing mean things about you? Trying to make ends meet and need a blackmail scheme? Get your own DDoS botnet on the internet today!

Is Palo Alto's Recent Drop an Opportunity to Buy? (GuruFocus) Company looks set to ride on the expected industry growth

Why Akamai Technologies, Inc. Jumped 16% Today (Motley Fool) Tuesday's third-quarter report showed the former network performance expert taking on a lucrative role in network security

Twitter lays off 9% of its workforce as it posts a desperately-needed positive Q3 (TechCrunch) With Twitter’s acquisition hopes essentially dead, the company now seems it’s on its own to fend for itself and needs to figure out a way to build a reasonable and profitable business

Q&A: Tanium CEO thinks staying private would be giving in to the 'evil' side of Silicon Valley (Silicon Valley Business Journal) At the company's first user conference, we caught up with Orion Hindawi, co-founder and CEO of Tanium. The Emeryville-based cybersecurity firm has evolved into a $3.5 billion powerhouse since 2007, when Hindawi co-founded the company with his father David. It has raised more than $300 million in funding from Silicon Valley investors who include Andreessen Horowitz and Institutional Venture Partners

Rapid7 Earns Spot on UK Government Digital Marketplace (Econo Times) Rapid7, Inc. (NASDAQ:RPD), a leading provider of security data and analytics solutions, announced today that its cloud–delivered security solutions have been added to the Crown Commercial Service (CCS) registry and are now accessible to public sector organisations

MacB to support US NAVAIR’s cyber warfighting capabilities initiative (Naval Technology) MacAulay-Brown (MacB) has secured a multi-year basic ordering agreement (BOA) to support the naval air systems command (NAVAIR) cyber warfare detachment (CWD) initiative

Small Businesses Slow to Take Up Cyber Insurance (Scoop) New Zealand small businesses slow to take up cyber insurance despite cyber attacks

Lunarline Inc., Enters into Partnership with Carnegie Mellon University's Software Engineering Institute (Yahoo! Finance) Lunarline, Inc., an Arlington-based leader in cybersecurity consulting, services and training, added yet another important capability by signing on as a partner with the CERT® Program at Carnegie Mellon University's Software Engineering Institute (SEI). The partnership enables Lunarline to leverage SEI's world-renown body of research, frameworks and models to improve organizations' ability to manage cybersecurity and operational resilience programs from the board room to the server room

Cylance to open offices on Cork city's South Mall (Irish Examiner) An international anti-virus and cybersecurity company, Cylance, is to open offices on Cork city’s South Mall: a formal jobs announcement and commitment is due within days. It’s one of several new office moves on the South Mall, with Irish Life Health also taking space on the street from next week

Products, Services, and Solutions

This is how Microsoft is preventing hackers from hijacking IoT devices (Business Insider) Last week, a massive cyberattack knocked out many major websites across the internet, including Amazon, Netflix, Github, and Spotify

Trend Micro announces availability of XGen endpoint security (Technuter) Trend Micro Incorporated has announced the availability of XGen endpoint security. This new offering is powered by the XGen blend of cross-generational threat defense techniques that intelligently applies the right technology at the right time, resulting in more effective and efficient protection against a full range of threats

Brocade Ruckus Cloudpath ES 5.0 simplifies security and policy management (eCampus News) New release enables any IT organization to easily secure all network connections with identity-based policies

ESET unveils ESET Internet Security 10, ESET Smart Security Premium (Beta News) ESET has released two new products for home users, ESET Internet Security 10 ($59.99) and ESET Smart Security Premium 10 ($79.99)

Comodo Offers Free Forensic Analysis to Uncover Zero-day Malware Lurking on Enterprise Endpoints and Networks (PRNewswire) Zero-day malware – new malware that has never been seen before – continues to plague businesses of all sizes. Millions of these unknown files are being crafted or modified each year. They cannot be detected by existing security systems; they hide on endpoints and networks and remain among the most important and effective tools hackers use

There’s a new way to take down drones, and it doesn’t involve shotguns (Ars Technica) The advent of inexpensive consumer drones has generated a novel predicament for firefighters, law-enforcement officers, and ordinary citizens who encounter crafts they believe are interfering with their safety or privacy

MSPAlliance Launches Monthly Payment Option for Audit and Examination Program (Cleveland 19 News) MSP/Cloud Verify Program offers flexible payment options for improved cash flow and budgeting; enhances MSP/Cloud Verify community with new Slack channel

Technologies, Techniques, and Standards

Roundtable: Former Deputy Director of NSA Talks Insider Threats (Infosecurity Magazine) When you picture the typical venue for a cybersecurity discussion, the British Museum probably isn’t the first place that would spring to mind. However, yesterday, it played host to a press roundtable with Chris Inglis, former deputy director of the National Security Agency (NSA), and other representatives of security intelligence platform provider Securonix to explore the ever-evolving landscape of the insider threat

20 Endpoint Security Questions You Never Thought to Ask (Dark Reading) The endpoint detection and response market is exploding! Here's how to make sense of the options, dig deeper, and separate vendor fact from fiction

How to Easily Deny Denial of Service (SIGNAL) Some simple steps could prevent 99 percent of these types of cyber onslaughts

Opinion: How to fix an internet of broken things (Christian Science Monitor Passcode) The recent cyberattack that crippled much of the web last week took advantage of vulnerabilities in home products connected to the internet. Fixing those flaws is possible but it requires public action and industry cooperation

Let’s Clean Up The Internet By Taking Responsibility For Our Actions (Dark Reading) Imagine an Internet with multiple levels of security that users need to earn

Blog: Simple Steps for Social Media Security (SIGNAL) According to a recent report by cybersecurity developer Forcepoint, millennials might pose as serious a cybersecurity risk to enterprise networks as cyber criminals. The research found that the baby boomer generation, those aged 51 to 69, are more cautious online while the younger work force is more likely to abandon caution in exchange for digital convenience

Cyber Defense in an Imperfect World, a New Approach (Brink News) Cybersecurity has become a persistent topic in the nation’s boardrooms and C-suites, and it’s a complex problem that is often oversimplified and misunderstood

Debit Card Compromise: A Call to Action (InfoRisk Today) Experts outline immediate recommendations for bank CISOs, long-term ideas for industry

Solution to cyber skills shortage: Federal cyber range (Federal Times) In a recent blog on cybersecurity, we discussed the widespread labor shortage in the cybersecurity workforce. We believe that it’s not just a labor shortage but a skills shortage, and with the number of threats increasing daily, the way we train and vet cybersecurity analysts must change

Legislation, Policy, and Regulation

U.S. To Issue IoT Principles After Internet Cyberattack by Chase Martin, Yesterday, 9:06 AM (MediaPost) A recent large-scale series of cyber attacks brought down multiple major websites in the U.S. and now the Department of Homeland Security (DHS) acknowledges IoT device security to be a factor

Singapore Launches New Cybersecurity Strategy (Conventus Law) Singapore will embark on a new cybersecurity strategy which aims to establish a resilient cyber environment for the country. This was announced by Singapore Prime Minister Lee Hsien Loong at the opening of the inaugural Singapore International Cyber Week

Cyberwarfare: The Next President’s Most Pressing Battleground (VAR Guy) Many security providers in the channel that are well-acquainted with the myriad of security risks and vulnerabilities in businesses' networks think the issue of cyberwarfare should be front and center of this year's presidential debates. Instead, it's been a tangential issue for both candidates, despite recent massive breaches and clear threats to U.S. infrastructure from nation states like Russia

Cyber Mandates for Big Banks Would Build on Earlier Guidance (BankInfo Security) Regulators' proposed standards would ensure institutions are taking necessary steps

Feds Propose Voluntary Automotive Cybersecurity Standards (GovInfo Security) 2 Senators say guidelines don't go far enough, seek regulations

Cyber Command’s teams reach initial operating capability; Clapper says it’s time to separate them from NSA (Federal News Radio) The time has come to split U.S. Cyber Command from the National Security Agency and assign separate leaders to each organization, the nation’s top intelligence official said Tuesday

OMB reveals proposed guidance on federal IT modernization (Federal News Radio) The Office of Management and Budget has played it close to the vest when it comes to guidance on IT modernization, but it’s finally showing some of its cards

New HHS CIO on Emerging Threats, Top Priorities (GovInfo Security) Beth Anne Killoran discusses agency's cybersecurity efforts

Litigation, Investigation, and Law Enforcement

“He’s not Edward Snowden,” lawyers for accused NSA contractor tell judge (Ars Technica) Is Hal Martin a “serious risk to the public" as a magistrate judge found?

Privacy group shoots legal arrow at Privacy Shield (CSO) Digital Rights Ireland is said to have filed suit to annul a European Commission decision implementing Privacy Shield

IBM Blames Contractors for Aussie e-Census Stumble (GovInfo Security) As chief contractor, IBM is now in compensation discussions

Arrested LinkedIn Hacker Accused of Hacking DropBox, Stealing Bitcoins (HackRead) Turns out the Russian hacker accused of LinkedIn hack is a bigger fish than expected—the indictment made by Justice Department shows he was also behind Dropbox and Formspring hacks

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Focusing On The Future: Prioritizing Security in the Digital Economy (Washington, DC, USA, November 18, 2016) In today's digital economy, developing and prioritizing a cyber strategy is critical to address diverse and evolving threats, foster trust in the technology we use, and define a path forward where security...

Upcoming Events

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

14th Annual EWF National Conference (Scottsdale, Arizona, USA, October 25 - 27, 2016) Balancing risk and opportunity: transforming cybersecuity; risk and privacy beyond the enterprise. The Executive Women's Forum (EWF) Annual Conference provides an exclusive opportunity to personally interact...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Security By Design (McLean, Virginia, USA, October 28, 2016) The essential security conference for all who desire to build trustworthy software. Developers, DevOps Engineers, Software Architects, Security Software Engineers, Designers and more.

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Inside Dark Web (Washington, DC, USA, November 1 - 2, 2016) Individuals, organizations, corporations, and governments use the Dark Web to protect themselves and their users, employees, customers, and citizens seeking a more accessible and secure Internet experience.

National Institute for Cybersecurity Education 2016 Conference and Expo (Kansas City, Missouri, USA, November 1 - 2, 2016) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

GTEC (Ottawa, Ontario, Canada, November 1 - 3, 2016) For the public sector and business, count on GTEC to help you keep up with the changing landscape of technology and service delivery in Canada. With our nationally recognized awards program and annual...

Black Hat Europe 2016 (London, England, UK, November 1 - 4, 2016) Black Hat is returning to Europe again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days...

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

SINET Showcase 2016: Highlighting and Advancing Innovation (Washington, DC, USA, November 2 - 3, 2016) SINET Showcase provides a platform to identify and highlight “best-of-class" security companies that are addressing industry and government’s most pressing needs and requirements. The chosen SINET 16 Innovators...

3rd Annual Journal of Law and Cyber Warfare Conference (New York, New York, USA, November 3, 2016) The 2016 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from ...

Security of Things World USA (San Diego, California, USA, November 3 - 4, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World USA in...

2nd Annual Summit: Global Cyber Security Leaders (Berlin, Germany, November 7 - 8, 2016) The Global Cyber Security Leaders 2016 is designed to provide unrivaled access to peers from across the globe, and encourage participants to discuss the current challenges and explore the ideas shaping...

IAPP Europe Data Protection Congress 2016 (Brussels, Belgium, November 7 - 10, 2016) The GDPR is finalised, the Data Protection Congress is returning to Brussels and you have a great deal of work ahead. Begin at the Congress, where you’ll find thought leadership, a thriving professional...

SANS Miami 2016 (Coconut Grove, Florida, USA, November 7 - 12, 2016) Attend our new SANS Miami 2016 event, November 7-12 and choose from five hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. Attackers are targeting you with increasing...

Federal IT Security Conference (Columbia, Maryland, USA, November 8, 2016) The Federal IT Security Institute in partnership with PhoenixTS in Columbia, MD is hosting the first annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as well as private...

11th Annual API Cybersecurity Conference & Expo (Houston, Texas, USA, November 9 - 10, 2016) Join us at the 11th Annual API Cybersecurity Conference & Expo and discover methods for thwarting the bad guys, what the scene looks like over the horizon and how the latest technologies can help you counter...

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Institute for Critical Infrastructure Technology Annual Gala and Benefit (Washington, DC, USA, November 10, 2016) The Annual ICIT Gala and Benefit is the year’s most prestigious gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This intimate...

Israel HLS and Cyber 2016 (Tel Aviv, Israel, November 14 - 17, 2016) Where physical and cyber security meet. Topics include intelligence, cyber crime, and counter-terrorism, defending critical infrastructures, a smart global world, mass events--the integrative approach,...

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Infosec 2016 (Dublin, Ireland, November 15, 2016) Infosec 2016 conference addresses the critically important issues that threaten businesses in the information age By any measure, the digital threats that businesses and organisations of all sizes face...

Kaspersky Academy Talent Lab (Online, then Prague, Czech Republic, November 15, 2016) Kaspersky Academy Talent Lab is an international cyber-world competition for young researchers and professionals aged 18-30 who are interested in the cybersecurity challenges facing the world. 50 finalists...

CISO Charlotte (Charlotte, North Carolina, USA, November 15, 2016) The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions ...

Pharma Blockchain Bootcamp (Edison, New Jersey, USA, November 16, 2016) Blockchain technology has gained recognition as one of the most disruptive technologies in the industrial world with the potential of redefining how businesses operate similarly the internet changed it...

Cybercon 2016 (Washington, DC, USA, November 16, 2016) The forum for dialogue on strategy and innovation to secure defense and government networks, as well as private-sector networks that hold their sensitive data.

Versus 16 (San Francisco, California, USA, November 17, 2016) Versus is not an ordinary event. Versus is not about pitching products or preaching to the choir. Versus is about challenging what you think you know about cybersecurity, about technology, about doing...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.