skip navigation

More signal. Less noise.

Daily briefing.

German new outlets are reporting that a number of senior politicians and their staffs have come under cyber attack, apparently by Russian actors. The Bundestag sustained compromised last year; the current round extends to political party organizations in the country's Länder. It appears the attackers initial approach was through a long series of phishing emails purporting to originate in NATO. The timing of the attacks suggests an interest in elections, and Süddeutsche Zeitung significantly juxtaposes the story with its coverage of election-related hacking in the US.

Anonymous, unhappy with the treatment offered for ADHD in Italy, focuses its attention on four healthcare sites. The action involves both website defacements and release of stolen data.

The vulnerability Cisco found in the course of its investigation of the Shadow Group exploits is being used by attackers in the wild. Patches and mitigations are expected soon.

More ransomware enters circulation, some unsophisticated (DetoxCrypto is distributed in a poorly crafted imitation of Malwarebytes communication; other strains are being carried by bogus FedEx failed delivery notices) but some sophisticated indeed, and dangerous—Mamba, also known as HDDCryptor, is unusually dangerous. Mamba locks hard drives, encrypts files in mounted drives and network shares, and overwrites master boot records.

The RIG exploit kit has taken Angler's place, and is now distributing CrypMIC ransomware.

Academic institutions appear to have taken over first place from healthcare institutions as the principal target of ransomware.

Chinese researchers demonstrate proof-of-concept hacks of Tesla cars. They disclosed them privately; Tesla has already patched.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, France, Germany, India, Italy, Democratic Peoples Republic of Korea, Netherlands, Poland, Taiwan, Turkey, United Kingdom, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland, as Jonathan Katz discusses Google’s recent adoption of HSTS encryption. Our guest is the Johns Hopkins University's Matthew Green, who will talk about the dangers of weakening encryption for the sake of law enforcement. As always, if you enjoy the podcast, please consider giving it an iTunes review.

CYBERSEC - European Cybersecurity Forum (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC Forum is the first conference of its kind in Poland and one of just a few regular public policy conferences devoted to the strategic issues of cyberspace and cybersecurity in Europe.

Dateline Air, Space, and Cyber Conference

Cyberwarfare: What are we doing today? (Air Force News Service) Lt. Gen. J. Kevin McLaughlin, the U.S. Cyber Command deputy commander, discussed the missions, capacity and capabilities of USCYBERCOM during a cyber warfare session at the Air Force Association Air, Space and Cyber Conference here Sept. 20

Cyber Command builds critical infrastructure defense skills (FCW) As U.S. Cyber Command reaches operational capability in its mission to protect Defense Department networks and support combat commanders, it is also firming up its plans to help the Department of Homeland Security defend critical infrastructure networks, according to one of the command's top leaders

Technical Workforce Development: The Cyber Challenge (The CyberWire) A two-person panel offered perspectives on developing, recruiting, and retaining a cyber workforce. One represented the Air Force, the other industry

Conversations on the Conference Floor (The CyberWire) We were able to spend some time on the exhibit floor, talking with exhibitors and conference participants. While the exhibits were, as one observer noted, "heavy-industry heavy" with airframe manufacturers, flight service providers, and major system integrators dominating the floor, there was also a manifest interest in cyber security

Cyber Attacks, Threats, and Vulnerabilities

German politicians faced cyberattack: report (Politico) Security experts believe senior politicians and their staff were targeted

Hackerangriff auf deutsche Parteien (Süddeutsche Zeitung) Hochrangige Politiker haben mehrmals E-Mails mit einer Spähsoftware erhalten. Die Regierung befürchtet, dass Abgeordnete vor der Bundestagswahl ausgespäht werden

Anonymous Targets Italian Healthcare Sites Against ADHD Treatment (HackRead) Anonymous defaced four Italian healthcare websites and also dumped data on the Internet — Anonymous is not happy with the government’s stand on the way ADHD patients are being treated

Cisco reveals new vulnerability used by hackers to conduct first real-world cyberattack from leaked NSA cyber tools (International Business Times) Cisco has not issued a software update yet adding that there are currently 'no workarounds that address this vulnerability'

DDoS Mitigation Firm Has History of Hijacks (KrebsOnSecurity) Last week, KrebsOnSecurity detailed how BackConnect Inc. — a company that defends victims against large-scale distributed denial-of-service (DDoS) attacks — admitted to hijacking hundreds of Internet addresses from a European Internet service provider in order to glean information about attackers who were targeting BackConnect

Android Scam Call And SMS Security Is Undone By HTML Exploiting Malware (TechWeek Europe) Android’s built-in protection which flags warnings about apps trying to send premium rate messages without user consent can be manipulated by malware

Ransomware disguises itself as Malwarebytes Anti-malware (though quite poorly) (Neowin) When it comes to deceiving people, there's nothing like using a little social engineering to achieve this. This is also the favorite technique of cybercriminals, victimizing a lot of innocent people with malware

Mamba Ransomware Encrypts Hard Drives Rather Than Files (Threatpost) Just when we thought ransomware’s evolution had peaked, a new strain has been discovered that forgoes the encryption of individual files, and instead encrypts a machine’s hard drive

HDDCryptor ransomware uses open source tools to thoroughly own systems (Help Net Security) HDDCryptor (aka Mamba) is a particularly destructive piece of ransomware that encrypts files in mounted drives and network shares, locks the computers’ hard disk, and overwrites their boot disk MBR

Security Alert: RIG Exploit Kit Picks up Where Neutrino Left Off, Spreads CrypMIC ransomware (Heimdal Security) The Neutrino EK campaign takedown that was announced 20 days ago left a big gap in the cyber crime market. And so did the arrest of Angler’s creators. But it didn’t take long for other cyber criminals to jump at the chance to increase their revenues

Fake FedEx ‘missed delivery’ emails infecting devices with ransomware (Hackread) An email has been doing the rounds on the internet that appears to be a regular notification from FedEx related to a missed delivery. However, this is no ordinary email as it is yet another campaign to trick unsuspecting users into opening an attached invoice that contains ransomware malware

Education Now Suffers The Most Ransomware Attacks (Dark Reading) New data shows ransomware rates worldwide doubling and tripling in past 12 months

Someone Is Putting Malicious USB Sticks in Australian Mailboxes (Motherboard) Some people just can't resist the urge to plug random USB sticks into their computers. Now, someone in Australia is taking full advantage of the public's naivety when it comes to cybersecurity

How Cybercriminals Target Victims: Report Cites Top Information Resources (Hacked) Cybercriminals, whose attacks cost organizations millions of dollars a year, do extensive research on their targets. They gather organizational and personal information before deciding which vulnerabilities to exploit

Fake Critical System Failure Alert Removal (Bleeping Computer) The Critical System Failure alert is a Trojan from the Rogue.Tech-Support-Scam family that displays a fake Windows alert that tries to scare you into calling a listed remote tech support number

Dissecting Windows 10 Security (Redmond Magazine) New features such as the Antimalware Scan Interface, Virtualization-Based Security and threat analytics are making Windows much more difficult to exploit, but hackers and researchers demonstrate it's still not impossible

Could a DDoS Cyber Attack Take Down a 911 Emergency System? (EDM Digest) Norton, an antivirus program developer, defines a bot as a type of malware that allows a hacker/attacker to take control of an affected computer

880,000 users exposed in MoDaCo data breach (Help Net Security) Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised

Payment Gateway Data Breach Exposes Financial Details of 324,000 users (HackRead) Attacking high profile websites and companies, stealing huge databases and dumping the data online seem to be the latest trend in the hacking community. In the latest breach, nearly 324,000 users have been affected as a payment gateway BlueSnap or its affiliate RegPack became a victim of data breach

WoW Dev Blizzard Deluged in Another DDoS Blitz (Infosecurity Magazine) World of Warcraft fans were left high and dry for the second time in a month after developer Blizzard Entertainment’s servers were DDoS-ed yet again at the start of the week

The cyber nuclear option that might already be in place (Bulletin of the Atomic Scientists) In late 2015, a top-flight online security expert made a startling discovery while investigating an attack on one of his corporate clients: A routine effort to hold the company’s data for ransom had exploited a path blazed more than a year earlier, yet the initial hackers had yet to cause any harm, despite pulling off an elaborate break-in

Welcome to the Dark Net, a Wilderness Where Invisible World Wars are Fought and Hackers Roam Free (Vanity Fair) Through the eyes of a master hacker turned security expert, William Langewiesche chronicles the rise of the Dark Net—where weapons, drugs, and information are bought, sold, and hacked—and learns how high the stakes have really become

Chinese researchers hijack Tesla cars from afar (Help Net Security) Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components

Insurer Warns of Drone Hacking Threat (Infosecurity Magazine) Insurance giant Allianz has warned that the increasing volume of drones in our skies could present a major cybersecurity threat, potentially even resulting in loss of life

North Korea accidentally lets slip all its .KP domains — and there aren’t many (TechCrunch) North Korea is famously secretive and restrictive — the regime goes to great lengths to both prevent the outside world from learning what goes on there and prevent its citizens from learning about the outside world. An IT error just gave us a glimpse at the country’s online ecosystem — and it’s a pretty meager one

Security Patches, Mitigations, and Software Updates

Tesla Fixes Critical Remote Hack Vulnerability (Threatpost) Several models of the Tesla S cars were hacked by researchers who were able to abruptly stop the car in its tracks, pop open the trunk while the car was being driven, and remotely turn on and off the windshield wipers

Symantec patches more bugs found by Google bug hunter (CSO) Symantec’s problems fixing bugs in its archive parser discovered by Google’s antivirus bug-hunter Tavis Ormandy aren’t quite over yet

Should you trust your security software? (Help Net Security) The complaint that security is broken isn’t new and even industry insiders are joining the chorus. Companies spent an estimated $75 billion last year on security products and yet cyber attacks and data breaches are still a common occurrence. Now, we’re finding that security tools themselves have vulnerabilities that are putting organizations at risk

Apple Squashes 68 Security Bugs With Sierra Release (Threatpost) With the release of macOS Sierra 10.12 Tuesday, Apple snuffed out dozens of lingering security vulnerabilities in OS X El Capitan and Yosemite. Along with updates to its OS, Apple addressed security bugs in its Safari web browser and macOS Server in separate security bulletins, also released Tuesday

Swift hopes daily reporting will help stem payment fraud (CSO) But the reports will arrive up to a day after the payments were made, leaving criminals with a window of opportunity

Cyber Trends

New AlienVault Research Finds 76% of Security Professionals Believe Sharing Threat Intelligence Is a Moral Responsibility (Yahoo! Finance) AlienVault polled 222 security professionals at Black Hat 2016 to determine how they are incorporating threat intelligence into their malware defense strategies

28 Percent of Organizations Don't Encrypt Data in Public Cloud Environments (eSecurity Planet) And 47 percent said security concerns are their main reason for avoiding cloud deployments, a recent survey found

Identity and personal data theft account for 64% of all data breaches (Help Net Security) Data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015, according to Gemalto

UK: Financial fraud soars (Help Net Security) More than 1 million incidents of financial fraud – payment card, remote banking and cheque fraud – occurred in the first six months of 2016, according to official figures released by Financial Fraud Action UK

Cyber terrorism seen as biggest single future threat (Help Net Security) 47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. This was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%)

Marketplace

Poland's PGZ signs cyber co-operation agreement with Microsoft (IHS Jane's Defence Weekly) Polish state-owned defence group Polska Grupa Zbrojeniowa (PGZ) has announced that it has agreed to co-operate with Microsoft on the provision of cyber-security within Poland

SIEM market dynamics in play (Network World) Financial churn combined with new requirements are transforming the SIEM market for enterprise organizations

Student cybervandal earns $300,000 for hacking US Airlines (Naked Security) In November 2014, Georgia Tech computer engineering student Ryan Gregory Pickren cyber-trespassed to post this pre-football-game message on the calendar of his school’s arch-rival, University of Georgia

Products, Services, and Solutions

Terbium Labs Announces the General Availability of Its Dark Web Data Intelligence Platform, Matchlight (Yahoo! Finance) Terbium Labs announces the general availability of Matchlight, the world's first fully private, fully automated data intelligence system to find compromised or stolen data on the dark web as soon as it appears. In private beta since June 2015, Matchlight has quickly grabbed the attention of security teams at leading businesses and government organizations for its innovative approach to information security -- offering much-needed private, proactive and automated breach detection that's both affordable and reliable

ThreatConnect Adds Orchestration to its Intelligence Platform (News Channel 10) With orchestration, ThreatConnect customers may bridge security teams, tools, processes, and threat intelligence for faster, more efficient actions

High-Tech Bridge releases a new version of its free SSL testing service (High-Tech Bridge) High-Tech Bridge is pleased to announce a new release of its free SSL security testing service that companies and organizations from all over the world use to test their web, email, VPN and other SSL/TLS-based services. The new release thoroughly tests for known vulnerabilities in SSL/TLS implementation (e.g. Heartbleed) and in encryption protocols (e.g. POODLE), as well checks if a SSL/TLS configuration is compliant with PCI DSS requirements, HIPAA guidance and NIST guidelines

Device Authority announces new KeyScaler IoT security platform (Device Authority) KeyScaler converges Device Authority and Cryptosoft security solutions and adds policy driven key and certificate management

Generali Global Assistance : Deploys Iris OnWatch Identity Protection for Optima Tax Relief (4-Traders) Generali Global Assistance (³GGA² or ³the Company²), a leader in the assistance industry since its founding in 1963 and part of the multinational Generali Group, today announced that it has deployed its Iris OnWatch (³Iris²) identity protection platform for Optima Tax Relief (³Optima²). Optima will now, along with its industry leading tax relief services, offer its customers 360° identity and digital protection services inclusive of the four pillars of identity protection - prevention, monitoring, alerts and resolution

Verodin and Critical Start Partner to Advance Instrumented Security Across Industry Sectors (BusinessWire) Critical Start to resell and integrate Verodin Platform within its security assessment and managed security services practices

APTEC and Duo Security Help Enterprises Protect Critical Assets with Multi-Factor Authentication (APTEC) APTEC, a Cyber Risk Management, LLC company and leading provider of identity governance and access management services, today announced a partnership with Duo Security to help organizations add and manage strong two-factor authentication, protecting business critical data and other IT assets. Under the partnership, Duo’s scalable, cloud-based Trusted Access platform joins APTEC’s portfolio of identity-as-a-service (“IDaaS”) offerings, which will greatly strengthen the security and compliance of any organization

Security Startup FinalCode Tackles The Big File-Sharing Problem With Help From The Channel (CRN) San Jose, Calif.-based security startup FinalCode continues to invest in its young channel program, focusing on security resellers and enterprise content management resellers

FireEye Threat Analytics Platform: Product overview (Tech Target) Expert Dan Sullivan takes a look at the FireEye Threat Analytics Platform, a cloud-based security analytics product that offers threat detection and contextual intelligence

iovation Launches Sophisticated Machine Learning Fraud Detection Solution (Yahoo! Finance) iovation, the leading provider of device-based solutions for authentication and fraud prevention, today announced the launch of iovationScore

CentraComm Extends Managed Security Services to the Cloud with Zscaler (Press Release Rocket) New offering combines CentraComm’s managed service expertise with the Zscaler Cloud Security Platform to enable customers moving from appliances to the cloud

Continuous PCI Compliance Monitoring from Tenable Network Security Provides Real-time Compliance Data on 75 Percent of PCI DSS Controls (BusinessWire) Tenable strengthens payment card system security and enables faster threat response for retail operations, merchants and service providers

PKWARE: Inventors of Zip now fielding smart, scalable encryption (CTO Vision) PKWARE has a history of producing scalable, highly functional software and approaches to data storage, movement and encryption. With this post we are initiating coverage of PKWARE, tracking them in our Disruptive IT Directory in our sections on the highest performing Infrastructure and Security companies

Lord David Blunkett Urges Orgs to take Cyber Highway to Better Security (Infosecurity Magazine) Today, Former Home Secretary and Chairman of Cyber Essentials Direct Lord David Blunkett launched The Cyber Highway which offers a new, unique and user-friendly online portal for large enterprises seeking to sure up the cyber defense of their supply chain, and for companies of all sizes that want to improve their cyber resilience

Technologies, Techniques, and Standards

ISF Debuts Best Practice Framework for Protecting 'Crown Jewels' (Infosecurity Magazine) The Information Security Forum (ISF) has debuted Protecting the Crown Jewels, a structured, methodical process for determining the approaches required to protect mission-critical information assets

Industrial IoT is inching toward a consensus on security (CSO) The Industrial Internet Consortium has released an IoT security framework

The federal self-driving vehicles policy has finally been published (Ars Technica) There's a 15-point safety assessment for manufacturers and help for individual states

Which Threat Risk Model Is Right for Your Organization? (eSecurity Planet) Which threat risk model is right for you? We compare strengths and weaknesses of three popular ones: STRIDE, DREAD and CVSS

Blog: Financial Sector Offers Model for Cybersecurity Sharing (SIGNAL) When it comes to cybersecurity, I have heard many people express consternation and wonderment as to why the government cannot protect the Internet. It boils down to two things: No authorization, and officials only have visibility into a scant number of networks under their control

Hacking 'Forward’ With Weaponized Intelligence (Dark Reading) Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?

Why Data Reduction is Key for Meaningful Visualizations (Security Week) As many of you are aware, I have spent quite a bit of time in Security Operations Centers (SOCs) over the course of my career. I remember one particular experience like it was yesterday. A high ranking executive came through for a whirlwind tour that literally lasted about 17 seconds. On her way out, she screamed, “I need more pictures on those big screens!”

The Five Steps of Incident Response (Digital Guardian) Incident response is a process, not an isolated event. In order for incident response to be successful, teams should take a coordinated and organized approach to any incident. There are five important steps that every response program should cover in order to effectively address the wide range of security incidents that a company could experience

When Alexa is listening, what do you tell houseguests? (Christian Science Monitor Passcode) If you've plugged in an eavesdropping personal assistants such as the Amazon Echo Dot, are you obligated to warn visitors, 'Be careful what you say, Alexa is listening'?

Research and Development

Scientists Set a New Distance Record for Quantum Teleportation (Motherboard) Scientists have teleported the quantum state of a light particle over six kilometers (roughly 3.7 miles), setting a new distance record for quantum teleportation—and taking another step towards creating an internet that’s secure from hacking threats, including those posed by future quantum computers

Academia

NIST Grants Take Regional Approach to Solve National Cybersecurity Challenge (NIST) The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has awarded grants totaling nearly $1 million for five projects that are taking a community approach to addressing the nation’s shortage of skilled cybersecurity employees

Report ranks CMU at top of list for cybersecurity (Pittsburgh Business Journal) Carnegie Mellon University was ranked number one by InformationWeek as the top college for cybersecurity

Legislation, Policy, and Regulation

Is India Prepared for a Cyber Attack? Suckfly And Other Past Responses Say No (Wire) From mandatory disclosures, to improving CERT-IN’s functioning and transparency, there is much to be done in the event of future cyber attacks

Experts Want Transparency From Government’s Vulnerabilities Equities Process (Threatpost) The federal government’s Vulnerabilities Equities Process—albeit a heavily redacted version—was turned over more than a year ago, and despite that measure of visibility, privacy and security watchdogs still don’t have the transparency they seek with the regard to the unreported flaws the government has at its disposal

Pentagon goes 'back to basics' on cyber (FedScoop) The plan, released last year and updated in February, is designed to radically simplify the department's approach, and provide metrics and benchmarks for assessing progress

STRATCOM Nominee Favors Boosting Cyber Command, Nuke Modernization (Defense News) US Cyber Command should be elevated to an independent, unified combatant command, the nominee to head US Strategic Command told lawmakers Tuesday

Will tracking digital harassment help defend against internet trolls? (Christian Science Monitor Passcode) Almost a year after his teenage daughter's attacker was sentenced in a high-profile sexual assault case, Alexander Prout hoped his family could get back to normal

Minnesota, Florida Outline Cybersecurity Plans (Government Technology) State CIOs weigh in on the issue that's topping their priority lists

Litigation, Investigation, and Law Enforcement

House panel looking into Reddit post linked to Clinton’s deleted email (Naked Security) Paul Combetta, the IT guy who reportedly deleted Hillary Clinton’s emails despite Congress’ orders to preserve them, was given immunity by the Department of Justice a few weeks ago

Wells Fargo CEO grilled by Senate committee over opening fake accounts (Ars Technica) The bank will be contacting every customer and expanding its review of fraud

Federal judge says Bitcoin is money in case connected to JP Morgan hack (Ars Technica) Despite definitions used by IRS and Florida judge, Anthony Murgio won’t have two charges dismissed

Judge: child porn evidence obtained via FBI’s Tor hack must be suppressed (Ars Technica) Third judge rules that Playpen search warrant was invalid from the start

Hollywood and Washington battle to define Snowden's image (Christian Science Monitor) With Hollywood and rights groups stepping up efforts to portray the ex-National Security Agency contractor as a hero, Snowden's detractors in Congress struck back by questioning his motives and ethics

The Cyber Threat: Snowden—Ultimate Insider Threat Missed by NSA Security (Washington Free Beacon) How political correctness harms the intelligence community and national security

Judge gives man who stole former NSA chief’s identity a break (Chicago Sun-Times) The judge wasn’t convinced that the man standing before him — someone who’d stolen the identity of the former director of the National Security Agency — had cleaned up his act

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

4th ETSI/IQC Workshop on Quantum-Safe Cryptography (Toronto, Ontario, Canada, September 19 - 21, 2016) This three-day workshop brings together diverse players in the quantum-safe cybersecurity community to facilitate the knowledge exchange and collaboration required to transition cyber infrastructures and...

AFA AIr, Space, and Cyber Conference (National Harbor, Maryland, USA, September 19 - 21, 2016) The Air Force Association’s Air, Space & Cyber Conference is the must-attend event by Airmen each fall. This annual gathering provides attendees with an unrivaled platform to debate and discuss the most...

Cyber Physical Systems Summit (Newport News, Virginia, USA, September 20 - 22, 2016) On September 20-22, 2016 the Commonwealth will be hosting a Cyber and Physical Systems Summit. The three day event will consist of roundtable discussions, plenary and panel presentations across the intersection...

hardwear.io Security Conference (The Hague, the Netherlands, September 20 - 23, 2016) hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of...

3rd Annual Senior Executive Cyber Security Conference: Navigating Today's Cyber Security Terrain (Baltimore, Maryland, USA, September 21, 2016) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 3rd Annual Senior Executive Cyber Security Conference on Wednesday, September 21, from 8:30 a.m. –...

New York Cyber Security Summit (New York, New York, USA, September 21, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Gigaom Change 2016 Leader's Summit (Austin, Texas, USA, September 21 - 23, 2016) Over an immersive 2.5 days, we will explore the current state-of-the-art technologies, how these are transforming industry, and why this all matters. You’ll emerge with a greater understanding of the exponential...

NYIT Annual Cybersecurity Conference (New York, New York, USA, September 22, 2016) Presented by NYIT School of Engineering and Computing Sciences, this conference brings together cyber experts from academia, business, and government to address: Cyber Defense Against Attacks–How Industry...

Cyber Security Conclave India (SCSC) Conference and Exhibition (Hyderabad, India, September 22 - 23, 2016) Understanding the intensity and effects of growing cyber frauds, SCSC – Society for Cyberabad Security Council has come up with the very first edition of the Annual Cyber Security Conclave in 2015. This...

GDPR Comprehensive 2016 (London, England, UK, September 22 - 23, 2016) The GDPR is now a reality. Are you prepared? We had an incredible response to the IAPP GDPR Comprehensive in Brussels and New York, where we prepared hundreds of privacy and data protection professionals...

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference...

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety...

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats...

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own...

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate...

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that...

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s...

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of...

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders,...

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater...

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.