skip navigation

More signal. Less noise.

Daily briefing.

As concerns about alleged (and apparent) Russian attempts to influence US elections continue, the Secretary of Homeland Security seeks to reassure voters that the election will be conducted without the vote being hacked. Both Presidential candidates say cyber security will be important to their prospective administrations.

There's controversy in Israel as it's reported that that country's government gave NSO Group permission to export the Pegasus tools found on an Emirati dissident's iPhone.

Rapid7 reports discovering a new threat to Network Management Systems (NMSs)—they can be exploited using the Simple Network Management Protocol (SNMP). Both cross-site scripting and SQL injection attacks are possible.

Kaspersky describes "Mokes," a backdoor built for Macs.

Honor among thieves grows more threadbare, at least in the ransomware racket. Increasingly, you don't get your data back after you pay the ransom, which suggest that this particular black market may be killing its own business model. In the meantime, back up your data.

More Pokémon-themed nasties are circulating in social media. Catch 'em all with caution.

Google is turning its marketing prowess toward information operations. The company is working on, and believes it has, a promising approach to reaching and turning youths undergoing radicalization.

In industry news, St. Jude Medical is suing both Muddy Waters and MedSec over device bug allegations. Intel spins off its cybersecurity unit, McAfee. Dell completes its acquisition of RSA. Investors look askance at the founder's resignation from FireEye's board.

Observers continue to assess the Congressional report on the OPM breach. It's ugly.

Notes.

Today's issue includes events affecting Austria, Germany, Ireland, Israel, NATO/OTAN, New Zealand, Russia, Turkey, United Arab Emirates, United Kingdom, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we'll hear from the University of Maryland's Jonathan Katz on a potential weakness in homomorphic encryption. Our guest is Amos Stern from Siemplify, who'll talk to us about next-generation security operations centers. If you enjoy the podcast, please consider giving it an iTunes review.

New York Cyber Security Summit (New York, NY, USA, September 21, 2016) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Arbor Networks, IBM and more. Register with promo code cyberwire50 for half off your admission (Regular price $250)

Dateline Intelligence & National Security Summit

Jim Clapper: Ave atque Vale (The CyberWire) US Director of National Intelligence James Clapper opened the Intelligence and National Security Summit with a keynote that served also as a kind of valediction delivered as he nears the end of his tenure as DNI

Clapper: Spy agencies doing 'pretty well' on acquisition reform (FedScoop) "People are really starting to see the virtue of ICITE. It's actually not about an IT upgrade, it's a fundamental change in the way we do our business," he said

Blog: DNI Warns of Continued Troubled Cyber Wars (SIGNAL) Cybersecurity will remain as much of a challenge for the next administration as it has been for the current White House, especially in light of the constant barrage of cyber attacks from nation states, Director of National Intelligence James Clapper said Wednesday

Transcript Director of National Intelligence James Clapper (Intelligence and National Security Summit) CLAPPER: When I was president of SASA, the predecessor to INSA in the 1990s, I tried to promote a combined symposium with AFCEA, but I could never pull it off. This event now marks the third year in a row for this joint summit. So I want to congratulate everyone who is involved in both organizations, AFCEA and INSA, in putting these things on, and now they're becoming a custom

Managing Cyber Risk (The CyberWire) A panel with representation from both Government and industry offered their perspective on cyber risk. In sum, as the moderator put it, it's time to stop chasing the latest threat vector and to start setting priorities within a sound risk framework

Cyber Deterrence: Attribution and Ambiguity (and Certainty, too) (The CyberWire) Cyber deterrence is still in its infancy, roughly where nuclear deterrence was in 1950. That said, while there may be some instructive analogies with nuclear deterrence, those analogies may be imperfect at best

Cyber commander: U.S. not drawing 'red lines' in cyberspace (FedScoop) With so much ambiguity, the cyber domain becomes a dangerous space into which conflicts can overflow, and from which conflicts can quickly escalate, because the rules of engagement are unclear

The Intelligence and National Security Summit (INSA and AFCEA) The third annual Intelligence & National Security Summit will be held September 7 - 8, 2016, at the Walter E. Washington Convention Center in Washington, D.C. Hosted by the two leading professional associations – AFCEA International (AFCEA) and the Intelligence and National Security Alliance (INSA) – this is the premier gathering of senior decision makers from government, military, industry and academia. In its first two years the summit drew more than 3,000 attendees, exhibitors and journalists

Cyber Attacks, Threats, and Vulnerabilities

Israeli government okayed sale of spyware that exploits iPhones (Times of Israel) Permission granted to tech firm to sell product used to track a prominent UAE rights activist; officials slam move

Half of network management systems vulnerable to injection attacks (CSO) 50% of NMS may be vulnerable to XSS and SQLi attacks

Managed to Mangled: SNMP Exploits for Network Management Systems (Rapid7) This Rapid7 report explores attacking Network Management Systems (NMSs) over the Simple Network Management Protocol (SNMP), a protocol used extensively by NMSs to manage and monitor a wide variety of networked devices. Three distinct attack vectors are explored

Sophisticated Mokes backdoor targets Mac users (Help Net Security) A new malware targeting Macs has been discovered: the Mokes backdoor

Stealing login credentials from a locked PC or Mac just got easier (Ars Technica) 20 seconds of physical access with a $50 device is all it takes

Yes, you can hack cell phones like on Mr. Robot—just not the way they did (Ars Technica) While plausible, Elliot's "crackSIM" hack took some artistic license with technology

Look The Other Way: DDoS Attacks As Diversions (Dark Reading) Joe Loveless of Neustar talks about how DDoS attacks are shifting from simple disruption to more sinister continuous threats, and advises on what the new intents are. For example, the bad guys are even now using DDoS as diversions for other attacks such as malware insertions. What should you do about it?

Katcr.to, so-called Kickass Torrents Mirror Stealing Credit Card Data (HackRead) Kickass Torrents' shut down has been a blessing for scammers — after Kat.am scamming users here's Katcr.to doing the same

All About (Concealed) Data Leakage for Users Like You and Me (Heimdal Security) Drip, drip, drip…The sound of the leaking faucet called for my attention

When you've paid the ransom but you don't get your data back (Register) Oh, British firms... you're not alone – 1 in 3 pwned firms agree

Robert Herjavec Warns of Ransomware Attacks On Hospitals And Health Care Providers (The Street) Herjavec Group CEO Robert Herjavec warned of increased ransomware attacks on hospitals that use outdated technology in an appearance on CNBC

FBI Official Explains What To Do In A Ransomware Attack (Dark Reading) Feds say even basic information can advance the agency's investigation

Can you trust Tor’s hidden service directories? (Naked Security) Researchers recently revealed a new vulnerability in the design of Tor, the world’s favourite weapons-grade privacy tool

The Limits of SMS for 2-Factor Authentication (KrebsOnSecurity) A recent ping from a reader reminded me that I’ve been meaning to blog about the security limitations of using cell phone text messages for two-factor authentication online

Record Rambler Breach Highlights Password Flaws (Infosecurity Magazine) Security experts have called once again for an end to password-based authentication systems after nearly 100 million records were leaked online from Russian online portal Rambler.ru

Shipping must not underestimate physical risk posed by cyber-attack (Hellenic Shipping News) The London P&I Club says the physical risk to ships from cyber-attack may not be as well understood by ship owners as those threats posed to traditional back-office functions such as accounting, payments and banking

Malware Fears as Pokémon Threats Go Social (Infosecurity Magazine) Cybercriminals are jumping on the huge popularity of AR app Pokemon Go to spread malware via social media scams, according to Proofpoint

Security Patches, Mitigations, and Software Updates

WordPress 4.6.1 upgrades security, fixes 15 bugs (Help Net Security) WordPress 4.6.1 is now available. This is a security release for all previous versions and all users are strongly encouraged to update their sites immediately

Sweet Security Nuggets in Android Nougat (Digital Guardian) Google has released the long-awaited 7.0 version of Android, known as Nougat, and along with the usual performance and feature improvements, this release also is chock full of security improvements, both for users and developers

Google Safe Browsing gives more details to compromised website owners (CSO) The Google Search Console will now show tailored recommendations for dealing with security issues detected by Safe Browsing

Cyber Trends

Machine learning cybercrime experts tip Monero to join Bitcoin for darknet ransomware (International Business Times) Security experts Webroot predicts Bitcoin may be replaced by privacy-centric cryptocurrency Monero

Swift admits attack is “here to stay” – so what can banks do? (Banking Technology) There’s a cultural misconception that security equals lockdown in the financial sector; disclosure runs counter to that perception. Banks are less inclined to share intimate details of attacks because they don’t want to damage market confidence and that makes cyber security a major challenge for the sector

Top network security and data privacy concerns among businesses (Help Net Secuirty) With network security top of mind, businesses are nearly two times more concerned with losing private data (47 percent) than hackers disrupting their systems (26 percent), according to a new study by Wells Fargo Insurance. Misuse of technology among employees also emerged as a new, growing threat (seven percent), while network viruses and disruption of operations fell slightly to less than 10 percent from 2015

Concerns With Application and Data Security (DZone) It’s bad and it’s going to get worse before it gets better for a number of reasons

Why quantum computing has the cybersecurity world white-knuckled (PCWorld) 'There is a pending lethal attack, and the clock is ticking,' a new report warns

Marketplace

Intel to spin out security unit, sell stake in business to TPG (Reuters) Intel Corp (INTC.O) said it would spin out its cyber security division, formerly known as McAfee, and sell a majority stake in it to investment firm TPG for $3.1 billion in cash

Intel Adds to its Artificial Intelligence Portfolio with Movidius Acquisition (Electronics 360) Intel Corp. has acquired another company in the realm of deep learning in order to continue its push into artificial intelligence, with its RealSense technology

Dell Gets Bigger and Hewlett Packard Gets Smaller in Separate Deals (New York Times) Michael Dell and Meg Whitman may be business competitors, but they can each claim a technology industry superlative. One has overseen one of the largest mergers in the tech industry. The other has engineered its biggest breakup

As expected, Hewlett-Packard Enterprise sold its software business in an $8.8 billion deal (Business Insider) The rumored sale of Hewlett-Packard's Enterprise's software unit was officially announced today

Micro Focus merger with HPE’s Software Business Segment worth $8.8 billion (Help Net Security) Micro Focus announced today its intent to merge with HPE’s Software Business Segment in a transaction valued at approximately $8.8 billion. The merger is subject to customary closing conditions, including anti-trust clearances and shareholder approval and is expected to close in Q3 2017

A New Beginning (RSA) Today is a new beginning for RSA as we are now a part of the collective team of Dell Technologies, the world’s largest privately controlled tech company

LogRhythm talks next-gen security, fighting ransomware and more (IT Wire) At the recent Gartner Security and Risk Management Summit, I caught up with the company’s CMO, Mike Regan, to talk about LogRhythm’s latest security solutions

SonicWALL Partner Calms Customers Amid M&A Turbulence (MSP Mentor) When cybersecurity vendor SonicWALL was acquired by Dell in the late spring of 2012, the folks at partner Stronghold Data scrambled to reassure clients that the merger would ultimately be in their best interests

Partners Concerned About Future As FireEye Founder Resigns From Board Of Directors (CRN) FireEye founder and technical visionary Ashar Aziz has resigned from the security vendor, a move one partner called “extremely disconcerting”

Better Buy: FireEye Inc vs. Fortinet (Madison.com) Judging by their relative stock price performances, there's little question in investors' minds that Fortinet (NASDAQ: FTNT) has a brighter future than FireEye (NASDAQ: FEYE) in the cybersecurity market. Its shares are down 12% in the last year compared to a near-60% dive for FireEye

Why SecureWorks Is a Little-Noticed Buy (The Street) The computer information security firm will be a secure bet for the next 18 to 24 months

BAE Co-Hosts UK National Cyber Forensics Competition; Chris Clinton Comments (Executive Biz) BAE Systems, Cyber Security Challenge UK and Her Majesty’s Government Communications Centre have partnered to facilitate a competition that challenged participants to analyze a simulated attack on a fictional payment application site

Cybersecurity firm Kaspersky to create 50 jobs at new Dublin office (RTE News) Cybersecurity firm Kaspersky Lab is to create 50 jobs through the opening of its first European research and development centre in Dublin

Leidos Nabs $395 Million DHS Cyber Support Contract (Defense Daily) The Department of Homeland Security (DHS) has awarded Leidos [LDOS] a potential seven-year, $395 million contract to provide cyber security support services to the department’s Security Operations Center (SOC).DHS posted the award notice on Wednesday

Tech Forbes Cloud 100: Meet The Private Companies Leading Cloud Computing In 2016 (Forbes) From messaging to security and accounting to construction, cloud computing is transforming how companies do business and leaving new billion-dollar categories in its wake

New Cybersecurity Alliance Continues Trend of Industry Collaboration (Xconomy) For the cybersecurity industry, 2016 is shaping up to be the year of alliances

FireMon grabs Blue Coat man to head global channels (ChannelBiz) The security vendor has seen a 100 percent increase in channel bookings

Products, Services, and Solutions

Congressional Report Concludes CylancePROTECT Played a Pivotal Role in Discovering, Stopping and Remediating Malware that Caused OPM Data Breach (BusinessWire) Report shows artificial intelligence-based security software was key to halting data breach in progress

Trusona Releases Cloud Identity Suite and Launches the #NoPasswords Revolution (MarketWired) Trusona Essential is free and designed to eliminate passwords to create a safer Internet

LIFARS Partners with BlackRidge Technology to Bring a New Level of Cybersecurity Protection and Strategic Services to Enterprise Clients (Benzinga) Partnership addresses need to adopt new cyber defense technologies and response services to address today's cyber security threats

New Connected Security Alliance Aims to Address Entire Kill Chain (VAR Guy) SecureAuth leads initiative to integrate multiple solutions from different vendors at the product level

Panda Security Announces New Multiplatform Cloud-Based Security Solutions (Broadway World) Panda security, the world's leading provider of cloud-based security solutions, today announced new range of products compatible with Windows 10 Anniversary, Android, iOs and Mac

NBN Co beefs up cyber security offense (IT News) Ramp up of rollout leads to fresh capabilities

Lloyd’s Register, QinetiQ and GasLog to collaborate on maritime cyber security (Splash 24/7) “It’s not a matter of if, it’s a matter of when.” That was the stark warning on the likelihood of ships being hacked given by Luis Benito today at the SMM fair in Hamburg. Benito, global strategic marketing manager for Lloyd’s Register (LR) was speaking as the UK classification society announced a collaboration with QinetiQ and GasLog to increase the level of security of cyber-enabled ships

Balabit's Shell Control Box Now Available in Microsoft Azure Marketplace -- Removes Key Barrier to Cloud Adoption (Finance) Balabit Inc., a leading provider of contextual security technologies, has announced that its privileged user monitoring solution, Shell Control Box (SCB), is now available in the Microsoft Azure Marketplace

Sophos is a Magic Quadrant Leader in Unified Threat Management for the fifth year running (Sophos Blog) We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management* is out, and Sophos is positioned in the Leaders Quadrant for the fifth year running

Global Technical Systems granted status as a National Security Agency Trusted Integrator for Commercial Solutions for Classified Programs (PRNewswire) Global Technical Systems (GTS), headquartered in Virginia Beach, VA., has been granted status as a National Security Agency (NSA) Trusted Integrator for Commercial Solutions for Classified (CSfC) Programs

Swift Programmers Using Checkmarx Can Now Detect Security and Code Flaws (App Developer Magazine) Since launching publicly at Apple’s WWDC in 2014, Swift has soared in popularity amongst programmers and has caught the attention of other major technology players in the process. Google is now even considering implementing Swift as a “first class” language for Android

GenDyn to supply U.S. Air Force with new cryptographic module (UPI) The KIV-78 updates Air Identification Friend or Foe system for identifying friendly vehicles

Technologies, Techniques, and Standards

The evolution of data breach prevention practices (Help Net Security) Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention

Trend Micro advises firms to sandbox employees (V3) Let employees learn and make mistakes in a safe environment, says security firm

Cybersecurity expert says 'almost everything can be hacked' and endpoint protection is not enough (Healthcare IT News) Healthcare organizations need to implement high-end network monitoring and network anomaly detection, according to Core Security general manager Chris Sullivan

Design and Innovation

How Google aims to disrupt the Islamic State propaganda machine (Christian Science Monitor Passcode) A pilot program launched by Google’s technology incubator created software that pairs searches for the militant's slogans and recruitment material with antiextremist messages

Google’s Clever Plan to Stop Aspiring ISIS Recruits (Wired) Google has built a half-trillion-dollar business out of divining what people want based on a few words they type into a search field. In the process, it’s stumbled on a powerful tool for getting inside the minds of some of the least understood and most dangerous people on the Internet: potential ISIS recruits. Now one subsidiary of Google is trying not just to understand those would-be jihadis’ intentions, but to change them

Academia

Back to school: How cyber security can learn from academia (Computer Business Review) Is it time cyber security drew from fields such as psychology and social science?

High honour for head of Waikato's cyber security lab (Voxy) Head of the University of Waikato’s Cyber Security Lab Dr Ryan Ko is one of 22 people who have been made Research Fellows by the Cloud Security Alliance (CSA)

NSA Designates Forsyth Tech a Cybersecurity Regional Resource Center (Stokes News) College tapped to help address predicted global digital security workforce shortfall of 1.5 million by 2020

Legislation, Policy, and Regulation

NATO opens flagship cyber event with vision for the future (NATO Communications and Information Agency) Top NATO officials and industry representatives are discussing how to join forces and efforts to combat ever more sophisticated cyber threats at the Alliance's annual two-day cyber security conference NIAS 16 in Mons, Belgium

Ash Carter: Russia has a 'clear ambition' to degrade world order with military, cyber campaigns (Business Insider) US Defense Secretary Ash Carter is strongly criticizing Russia for what he says is Moscow's "clear ambition to erode the principled international order" through coercion and aggression

DHS chief has 'a lot of confidence' in security of US electoral infrastructure (Fox News) Homeland Security Secretary Jeh Johnson said Wednesday he has “a lot of confidence” in the security of America’s electoral infrastructure despite concerns about intrusions by cybercriminals

US must beef up its cyber muscle, Trump says (CIO) The Republican calls for increased spending on cybersecurity and more offensive weapons

Trump: ‘Hillary Clinton Has Taught Us Really How Vulnerable We Are in Cyber Hacking’ (CNSNews) In a speech at the Union League of Philadelphia, GOP presidential nominee Donald Trump said Wednesday that the Defense Department’s cyber capabilities must be improved to prevent cyber hacking and that Democratic presidential nominee Hillary Clinton has taught the nation how vulnerable it is

Clinton, Trump confront weaknesses in security forum (KLTV) Donald Trump and Hillary Clinton confronted their key weaknesses in a televised national security forum, with the Republican defending his preparedness to be commander in chief despite vague plans for tackling global challenges and the Democrat arguing that her controversial email practices did not expose questionable judgment

Podcast: Government hacking v. human rights (Christian Science Monitor Passcode) On the latest edition of The Cybersecurity Podcast, digital privacy expert Amie Stepanovich discusses government hacking from a human rights perspective

GAO: DoD Should Monitor National Guard’s Cyber Response Capabilities Through a Database (Executive Gov) The Government Accountability Office has called on the Defense Department to maintain a database to keep track of National Guard’s emergency response capabilities in support of civil agencies during a cyber attack

Litigation, Investigation, and Law Enforcement

OPM Breach: Two Waves Of Attacks Likely Connected, Congressional Probe Concludes (Dark Reading) Congressional investigation sheds more light on what went down in the massive Office of Personnel Management breach, says data theft was preventable

Congressional report highlights missed opportunities to avert OPM cyber-attack (Guardian) Personal information of more than 21 million compromised at federal agency. House report reveals details and chronology of attack some blame on China

OPM Hackers Used Marvel Superhero Nicknames to Hide Their Tracks (Motherboard) The disastrous data breach discovered last year at the US government agency that handles all federal employees data, the Office of Personnel Management, or OPM, was enabled by a seemingly endless series of mistakes by the agency itself, according to a comprehensive congressional report released on Wednesday

House GOP Slams OPM Over 2015 Breach (Infosecurity Magazine) House of Representatives Republicans have slammed the Office of Personnel Management (OPM) for multiple IT security failings which led to the unprecedented breach of over 21 million sensitive records last year, but Democrats claim their report doesn’t tell the whole story.

Turkish group responsible for failed cyber-attack on Vienna airport (SC Magazine) Austrian police are investigating a failed cyber-attack on the Vienna airport and the authenticity of a claim of responsibility from a Turkish political group

Microsoft’s Top Lawyer Becomes a Civil Rights Crusader (MIT Technology Review) The No. 2 executive at Microsoft is fighting the U.S. government in a series of cases that will shape online privacy—and the cloud business

Watchdog Finds UK Cops Snooped on Journalists' Sources Without Approval (Motherboard) UK police acquired data to identify or determine journalistic sources without seeking judicial approval four times in 2015, according to a report from an independent oversight body published on Thursday

German Federal Intelligence Service violates laws, dodges supervision (Help Net Security) The German Federal Intelligence Service (BND) has been illegally collecting data through mass surveillance tools, storing it in databases that should not exist, and has repeatedly prevented the Federal Commissioner for Data Protection and Freedom of Information (BfDI) from supervising their actions

St. Jude Sues Muddy Water Waters, MedSec (Dark Reading) Medical device vulnerability-disclosure flap intensifies

CIA-backed big data firm Palantir says secrets pinched by investor (Register) Accuses advisor of 'brazen scheme to claim highly confidential secrets as his own'

Exclusive: Our Thai prison interview with an alleged top advisor to Silk Road (Ars Technica) Is Roger Thomas Clark really the notorious "Variety Jones"?

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Upcoming Events

2016 Intelligence & National Security Summit (Washington, DC, USA, September 7 - 8, 2016) Third annual unclassified summit hosted by AFCEA International and the Intelligence and National Security Alliance (INSA). There are five plenary sessions and nine breakout sessions related to cybersecurity,...

Annual Privacy Forum 2016 (Frankfurt, Hesse, Germany, September 7 - 8, 2016) In the light of the upcoming data protection regulation and the European digital agenda, DG CONNECT, ENISA and, Goethe University Frankfurt is organizing APF 2016. In the light of the upcoming data protection...

Innoexcell Annual Symposium 2016 (Singapore, September 8, 2016) The Innoxcell Annual Symposium (IAS) is largest and most comprehensive international legal and regulatory compliance conference in Hong Kong, Beijing, Shanghai, Singapore, Australia and United States.This...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness...

SANS Network Security 2016 (Las Vegas, Nevada, USA , September 10 - 16, 2016) We are pleased to invite you and your colleagues to attend SANS Network Security 2016 at the magnificent Caesars Palace, Las Vegas, on September 10-19. SANS Network Security is your annual networking opportunity!...

Business Insurance Cyber Risk Summit 2016 (San Francisco, California, USA, September 11 - 12, 2016) The Business Insurance Cyber Risk Summit provides risk management professionals and chief information security officers with the practical information and tools needed to combat the latest cyber risks...

Hacker Halted 2016 (Atlanta, Georgia, USA, September 11 - 16, 2016) This ​year, ​Hacker ​H​alted’s theme​ is​ the Cyber Butterfl​​y Effect​:​ When ​S​mall ​M​istakes ​L​ead to ​B​ig ​D​isasters​. The goal of the conference is to bring the IT security community together...

(ISC)² Security Congress (Orlando, Florida, USA, September 12 - 15, 2016) (ISC)² Security Congress offers attendees over 90 education sessions, designed to transcend all industry sectors, focus on current and emerging issues, best practices, and challenges facing cybersecurity...

7th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 13, 2016) Join over 600 senior-level attendees, more than 50 distinguished speakers, and over 40 prestigious sponsors and exhibitors at the 7th Annual Billington CyberSecurity Summit, the leading Fall forum on cybersecurity...

Privacy. Security. Risk. 2016 (San Jose, California, USA, September 13 - 16, 2016) Innovative since Day 1, P.S.R. brings together two related fields—privacy and security—helping you see beyond your role in order to excel in your role. Because perspective is everything. Delivering the...

CISO GAS (Frankfurt, Hessen, Germany, September 13, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. CISOs and IT security executives...

ISS World Americas (Washington, DC, USA, September 13 - 15, 2016) ISS World America is the world's largest gathering of North American Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech...

Tarleton State University Cyber Security Summit 2016 (Dallas, Texas, USA, September 13, 2016) Cyber Security for the Board and the C-Suite: "What You Need to Know." Cyber Security experts will discuss corporate cyber-attacks and legal practitioners will discuss strategies to help companies comply...

Insider Threat Program Development Training For NISPOM CC 2 with Legal Guidance (Germantown, Maryland, USA, September 14 - 15, 2016) Insider Threat Program Development Training for NISPOM CC 2 (Germantown, Maryland, September 14 - 15, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Insider Threat Program Development Training for NISPOM CC 2 (Milwaukee, Wisconsin, USA, September 19 - 20, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795...

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.