skip navigation

More signal. Less noise.

Daily briefing.

Yahoo!'s disclosure Thursday that more than 500 million customers' account information—including "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers"—draws much comment. The breach, dating to 2014, was discovered during investigation of rumors that stolen credentials were being offered on the black market. The company blamed an unnamed "state-sponsored actor" for the compromise.

Yahoo! has been seeking a soft landing for a much-challenged business by selling its core assets to Verizon for $4.8 billion. That soft-landing is now in doubt: The New York Times notes that Yahoo! stated in the merger agreement that “there have not been any incidents of, or third-party claims alleging” security incidents that could affect Yahoo!'s value. The acquisition could be cancelled, but observers think renegotiation of the price downward likelier.

KrebsOnSecurity is back, now hosted by Google, after sustaining a very large DDoS attack. The site's host, Akamai (who hosted KrebsOnSecurity pro bono; the two parted without rancor) severed services when the volume of attack traffic began to affect its other customers. The attack is a troubling bellwether for two trends: use of IoT botnets in high-volume DDoS, and the privatization of censorship (Krebs is thought to have been attacked in retaliation for reporting on a DDoS-as-a-service enterprise).

The US FBI late Friday released more documents from its investigation of former Secretary of State Clinton's email practices.

Switzerland yesterday voted for more extensive government surveillance powers.

Notes.

Today's issue includes events affecting Afghanistan, Armenia, Australia, Azerbaijan, Canada, China, Germany, India, Kosovo, Russia, Switzerland, United Kingdom, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Ben-Gurion University of the Negev, as Yisroel Mirsky describes the security risks of Android touch loggers. As always, if you enjoy the podcast, please consider giving it an iTunes review.

Maryland Cyber Day (Rockville, MD, USA, October 5, 2016) Highlighting and celebrating Maryland’s cybersecurity entrepreneurs, innovators and companies and connecting them with two vital tools for growth and success – investment capital and customers – from Maryland and beyond.

CyberMaryland Job Fair (Baltimore, MD, USA, October 20, 2016) Top companies looking for cyber security professional, cleared and non-cleared opportunities.

Cyber Attacks, Threats, and Vulnerabilities

GCHQ thwarted Russian cyber-attack on general election (Sunday Times) Russian hackers threatened to cause massive disruption to British government departments and TV broadcasters in the run-up to last year’s general election, security sources have revealed

Dark Net Researcher Says Russian Hackers Attacking Big Companies in US (HackRead) According to dark net researcher Ed Alexander, nearly 85 high profile US tech firms including Amazon and Apple Pay allegedly attacked by Russia-based hacking group

Armenian Hackers Leak Azerbaijani Banking and Military Data (HackRead) Armenian hackers leaked personal details of government officials and also defaced embassy sites to celebrate 25 years of Armenian independence

Yahoo hack is latest major cyber-attack (AFP via Yahoo! Tech) The massive hacking attack on Yahoo revealed Thursday is one of biggest thefts of online users' personal information ever, affecting some 500 million accounts

Yahoo’s compromised records likely hidden within encrypted traffic, vendor says (CSO) Venafi researchers outline crypto problems at Yahoo, say compromised data was likely encrypted

Is the Yahoo hack evidence of an international cyberwar? (KPCC) On Thursday, Yahoo announced that they're the victim of one of the largest data breaches in history, stating that 500 million accounts had been compromised. In their announcement, they also described the hack as state-sponsored

Yahoo! hack – Industry reactions (ITSecurityGuru) Yahoo has confirmed that more than 500 million account holders’ details have been compromised in a data breach

Security Industry Reactions to the Yahoo! Breach (The CyberWire) Last week's disclosure by Yahoo! that somewhat more than 500 million customers' credentials had been compromised in a breach dating back to 2014 has prompted widespread reaction from industry experts. The incident has implications for Yahoo!'s consumer trust; it also is seen as likely to affect, adversely, the soft landing the company anticipated in Verizon's proposed acquisition of Yahoo!'s core assets. We summarize below some of the commentary we've received from security industry veterans

Massive Yahoo Data Breach Shatters Records (BankInfoSecurity) Between cybercriminals and state actors, password war is being lost

Why Yahoo Is Under Fire About Cyber Hack Timeline (Fortune) Yahoo has many more questions than answers right now

Yahoo's Mega Breach: Security Takeaways (BankInfo Security) Post-Snowden, breaches less likely to occur today, F-Secure's Sullivan contends

Yahoo hack throws internet insecurity into sharp relief (Christian Science Monitor Passcode) The massive scale of the credential thefts at Yahoo, LinkedIn, and the other internet firms has focused attention on the seeming inability of American companies to secure their networks against foreign and domestic adversaries

Massive Yahoo hack 'evidence of industry’s complacency' (Engineering & Technology) Data of 500 million Yahoo users has been stolen in what has been described as the largest hack of its kind to date, prompting cyber security experts to unleash an avalanche of criticism about the lack of circumspection in the industry

Some Yahoo users close accounts amid fears breach could have ripple effects (Reuters) Many Yahoo users rushed on Friday to close their accounts and change passwords as experts warned that the fallout from one of the largest cyber breaches in history could spill beyond the internet company's services

Yahoo Data Breach: Stolen Passwords Were Encrypted, but That Doesn't Mean Users Are Safe (Consumer Reports) The most dangerous losses could be security questions and answers

What Consumers Need to Know About the Yahoo Security Breach (ABC News) Yahoo announced on Thursday that it believes information associated with at least 500 million user accounts was stolen by a "state-sponsored actor" at the end of 2014

One of the Largest DDoS Attack Ever Seen Kills Krebs Security Site (WebProNews) One of the largest Denial of Service (DDoS) attacks ever seen on the internet has caused Akamai to dump a site it hosted, KrebsOnSecurity.com. The DDoS attack was apparently in retaliation for journalist Brian Krebs' recent article about vDOS, which is allegedly a cyberattack service

Krebs on Security booted off Akamai network after DDoS attack proves pricey (ZDNet) There's no rancor or bitterness, however, since Akamai hosted the security expert's blog pro bono

The Democratization of Censorship (KrebsOnSecurity) John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech

A massive attack that may have hijacked online cameras will soon be “the new normal” (Quartz) One of the biggest distributed denial-of-service (DDoS) attacks ever was directed at independent security journalist Brian Krebs on Tuesday (Sept. 27), and lasted for three days, leading his service provider to take his website offline. More ominously, the attack could have been originated from a “botnet”—a network of devices controlled by a hacker—comprised of unsecured, internet-connected, cameras

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net (Ars Technica) “Free speech in the age of the Internet is not really free,” journalist warns

Some thoughts on the Krebs situation: Akamai made a painful business call (CSO) Akamai was damned if they do, damned if they don’t, but Krebs is the one who is taking the beating

Email Hack Details Movements of Joe Biden, Michelle Obama and Hillary Clinton (New York Times) Hackers on Thursday posted hundreds of emails from a young Democratic operative that contained documents detailing the minute-by-minute schedules and precise movements of the vice president, the first lady and Hillary Clinton during recent campaign fund-raisers and official political events

Financial watchdog hit by IT outage - days after telling banks to improve cyber defences (Telegraph) The City watchdog said many of its systems have been knocked out by a “major IT incident”, days after it urged financial companies to improve their defences against cyber risks

iOS 10 security flaw allows hackers to crack passwords 2,500 times faster, Russian firm Elcomsoft says (International Business Times) Backup data mechanism in iOS 10 is vulnerable to password-cracking tools commonly used by hackers

Ever-Evolving Trojan Roots Devices and Infects Android System Process news.softpedia.com (Let All Know) The trojan known as Android.Xiny continues to evolve, and in its most recent iteration, Xiny has gained the ability to infect a core Android system process that facilitates and hides its malicious behavior, making the uninstallation process many times more difficult

Over 850,000 Devices Affected by Unpatched Cisco Zero-Day (Softpedia) Lots of critical equipment vulnerable to BENINGCERTAIN 0-day

Caught on the Drive-by: Buhtrap Banking Malware Returns (Infosecurity Magazine) The Buhtrap malware has been caught stealing again: And an investigation from Cyphort Labs shows it being dropped via drive-by download targeting Russian banks

Spam Levels Spike, Thanks In Part To Ransomware (Dark Reading) By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns

Ransomware from Stoned to pwned (CSO) When I was in the trenches as a defender I saw all manner of malicious software. The first one I ever encountered back in the late 80s was the Stoned virus. This was a simple program that was lobbying the infected computer operator on the subject of legalizing marijuana. It was spread through the use of infected floppy disks

Chances of cyberattacks affecting election results in Nevada, US called remote (Las Vegas Review-Journal) The nation’s secretaries of state are trying to reassure voters that despite talk of cyberattacks and “rigged” systems in this contentious election cycle, the prospect of outside hackers skewing the outcome is remote

Clinic Reports Security Incident Involving HIE Access (HealthcareInfo Security) Vendor inappropriately accessed information on about 4,000 patients

Security Patches, Mitigations, and Software Updates

Microsoft Authenticator for iOS updated with push notifications feature (Phone Arena) Microsoft has just announced one of the long-awaited features that users requested has just made its debut on its Authenticator: push notifications

The Security Bug That Made Microsoft Discontinue Windows Journal (Softpedia) Heap overflow issue broke the camel's back

Cyber Trends

ICS vulnerabilities are still rampant (CSO) A panel of experts at the recent Security of Things Forum agreed that attackers are probably already inside the nation’s industrial control systems

Interview: Patrick Grillo, Fortinet (Infosecurity Magazine) Fortinet’s director of product strategy, Patrick Grillo, recently took to the Gartner Security & Risk Management Summit stage to deliver a session titled ‘The Internet of “Very Bad” Things’, but just before he did, I was able to sit down with him to dig a little deeper into what he thinks is so ‘Very Bad’ about the IoT, and what it means for the industry

Public safety threat: Cyber attacks targeting smart city services (Help Net Security) A new survey conducted by Dimensional Research assessed cyber security challenges associated with smart city technologies. Survey respondents included over 200 IT professionals working for state and local governments

MPs warn smart meters carry cyber attack risk (City A.M.) MPs have warned today that the government's plan to install smart meters in every house and business across the UK by 2020 carries cyber security risks

Companies say IoT matters but don't agree how to secure it (CSO) An IDC survey shows a majority of enterprises consider IoT strategic to their future

Federal Insider Federal cyber incidents jump 1,300% in 10 years (Washington Post) For the naive who still think cyber data is safe with Uncle Sam, here is some information that demonstrates the harsh reality

Typical Cost of a Data Breach: $200,000 or $7 Million? (GovInfo Security) Audio report: ISMG Editors analyze the latest developments

Marketplace

Yahoo's Titanic Data Breach Highlights Risk to M&A (Fortune) Companies are increasingly studying the security risk of their acquisition targets

Yahoo could pay for breach negligence in lower-priced Verizon deal (USA Today) Yahoo's trouble over its massive data breach is far from over

What the Hacking at Yahoo Means for Verizon (New York Times) Questions swirl about whether Verizon’s $4.8 billion deal for Yahoo’s core business will be renegotiated, or happen at all

Yahoo!’s Massive Breach: CUDA, Fortinet et al. Should Get a Lift, Says Piper (Barraon's) The Street this morning is trying to figure out what to do with Yahoo!’s (YHOO) disclosure yesterday of one of the largest-ever hacks, with half a billion users’ data having been compromised by a “state-sponsored actor”

Report of buyout interest from Cisco, IBM sends Imperva shares soaring (CNBC) Shares of the security-software company Imperva gained 21 percent on Friday after a report said it has drawn acquisition interest from several companies

Cisco Systems, Inc.: Why CSCO Stock is Important Again (Income Investors) CSCO stock: benefiting from new business focus

Has HPE lost focus on security software business? (Infotechlead) HPE enhances its security software as it prepares to spin-merge with Micro Focus — after selling several related businesses, says Jane Wright, principal analyst at TBR

Cyber crime has become big business (Financial Express) IT security firm Symantec is moving beyond traditional security software to help customers protect against a wider range of threats

Dell's SonicWALL sale close to completion (ChannelWeb) Dell Security VP expects the deal to close around the end of October

Australia must take cyber security opportunity (ComputerWeekly) Australia may never be able to create an IT industry like that in the US, but it can lead in cyber security

Security tycoon puts his trust in Ireland (Sunday times) Eugene Kaspersky got into computer safety by accident. Now the Russian billionaire is creating a €5m office in Dublin

Skyhigh Networks Raises $40 Million to Control the Cloud (Fortune) Cloud security startup now boasts more than 600 enterprise customers

Startup Spotlight: Cymmetria's Cyber Deception Technology (eSecurity Planet) Cymmetria's cyber deception technology turns the tables on bad guys by luring them to decoys where users can track their lateral movements

Cybersecurity accelerator gives startups the chance to work with GCHQ spy agency (ZDNet) A new government scheme designed to help protect the UK from cyberattacks has been launched

CounterTack Recognized as Innovative US Army Venture-Backed Startup (American Security Today) CounterTack today announced it was recognized by CB insights, a research and advisory firm, in a list of emerging technology companies backed by U.S. government defense- and security-focused investment firms

Security Salaries Skyrocket with Pros in Hot Demand (Infosecurity Magazine) Whilst the cybersecurity skills shortage continues to plague the industry, security professionals appear to be reaping the benefits with job opportunities and salaries skyrocketing across the board

Proofpoint Hires Former Fortinet Exec As North American Channel Chief (CRN) Proofpoint has nabbed former Fortinet channel exec Jon Bove as its North American channel chief, as the security vendor looks to expand its push into the channel with regional reseller partners

Products, Services, and Solutions

Cybersecurity training center set to open in Baltimore (Technical.ly Baltimore) The ETA Cyber Range is set to provide simulations of attacks on the digital battlefield

Darktrace announces cloud-only environment (Cloud Pro) Enterprise Immune System offers 100% visibility of users and data in the cloud

Technologies, Techniques, and Standards

7 New Rules For IoT Safety & Vuln Disclosure (Dark Reading) In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!

Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry (Dark Reading) Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says

Broadening the Scope of Mobile Security (GovInfo Security) New NIST report offers list of risks to address

Quantum computing will cripple encryption methods within decade, spy agency chief warns (National Post) The head of Canada’s electronic spy agency warned Friday the advent of super-fast quantum computers will cripple current encryption methods for securing sensitive government and personal information within a decade

An Open-Source Security Maturity Model (Dark Reading) Oh you don't run open-source code? Really? Christine Gadsby of Blackberry and Jake Kouns of Risk-Based Security visit the Dark Reading News Desk at Black Hat to explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications -- proprietary and otherwise

The best way to learn about computers: break them (Christian Science Monitor Passcode) Travis Goodspeed, an independent cybersecurity researcher, says tinkering leads to better cybersecurity

Changing Passwords After a Breach Is Still Way Too Hard (Motherboard) Yahoo’s announcement earlier this week that 500 million user accounts were compromised inspired another prolonged sigh, at a time when data breaches are so commonplace they sometimes seem like background noise

Design and Innovation

Is Facebook having a crisis of confidence over all the bad news its algorithms are making? (TechCrunch) Is Facebook having — A) An existential crisis B) An attack of conscience C) A mid-life crisis D) None of the above?

Why CISOs Must Make Application Security a Priority (InfoRisk Today) Denim Group's John Dickson sizes up app development challenges

What’s in your code? Why you need a software bill of materials (CSO) When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates

Research and Development

Unpicking the Gordian knot around blockchain patents (TechCrunch) Earliest mentions of the term “bitcoin” in patent titles and abstracts date back to around 2009, while the term “blockchain” begins to appear in patent titles from around 2011. As of June 22, 2016, there were 492 published patent families directed to the theme of blockchain and 192 relating to bitcoin

Legislation, Policy, and Regulation

Swiss voters approve new surveillance law (Help Net Security) On Sunday, the Swiss populace voted in support for a new surveillance law that will give the Federal Intelligence Service (FIS) wider electronic surveillance powers to prevent terrorist attacks

The great firewall of China (Times of Malta) What are the implications of China’s cyber sovereignty, Marc Kosciejew asks

Top five GDPR myths (Help Net Security) At this moment, there are many misunderstandings surrounding the new GDPR legislation. These rules will affect any business that handles personal data, and therefore the majority of organisations in the UK, so owners are beginning to look into what GDPR will mean for them

Cyber security experts cold on mandatory breach legislation (Financial Review) The notion of compulsory data breach notifications is leaving some internet security experts and business leaders cold, despite the barrage of cyber attacks plaguing Australian companies on a daily basis

Regulation Of Encryption Is Need Of The Hour (CXO Today) It has been an observation that Indian corporate, government agencies, and even healthcare organizations, have been victims to reputation and financial draining data hacks and security breaches. The major reason is the lack of awareness for data encryption, and purpose it serves for organizations that deal with a large quantity of data flow, especially over the internet

Homeland Security increases focus on cybersecurity at the polls (Christian Science Monitor Passcode) Robert Silvers, assistant secretary for cybersecurity at Homeland Security, said the agency is helping states fortify voting systems against digital tampering before November's presidential election

What's the Likely Future of Cybersecurity in the States? (Government Technology) During a keynote session at their annual conference this week in Orlando, the National Association of State CIOs (NASCIO) released their biennial survey results on state cybersecurity. While the overall report trends (compared with the previous three surveys) seemed encouraging, many attendees asked me if the real situation was as positive as the data seemed to imply. Let’s explore the state CISO survey answers and the rest of the story

Litigation, Investigation, and Law Enforcement

Yahoo is sued for gross negligence over huge hacking (Reuters) Yahoo Inc (YHOO.O) was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts

‘Keep an Eye on Him,’ Ahmad Khan Rahami’s Father Says He Told F.B.I. (New York Times) The father of the man accused of carrying out bombings last weekend in New York and New Jersey said that, two years ago, he warned federal agents explicitly about his son’s interest in terrorist organizations like Al Qaeda and his fascination with jihadist music, poetry and videos

German Military Hacked Afghan Mobile Operator to Discover Hostage's Whereabouts (Softpedia) This was Germany's first offensive cyber operation

ISIS hacker gets 20 years for giving terrorists US military kill list (Ars Technica) We're “passing on your personal information to the soldiers of the khilafah”

Did Russia Hack The NSA? Maybe Not (KPBS) Lately Russia has been taking the blame for hacking everyone from the Democratic National Committee to former Secretary of State Colin Powell to the National Security Agency

Report: NSA hushed up zero-day spyware tool losses for three years (Register) Investigation shows staffer screw-up over leak

Obama used a pseudonym in emails with Clinton, FBI documents reveal (Politico) President Barack Obama used a pseudonym in email communications with Hillary Clinton and others, according to FBI records made public Friday

Why Did the Obama Justice Department Grant Cheryl Mills Immunity? (National Review) Well, what would Friday be without the latest document dump from the Clinton email investigation? Yesterday afternoon, with the public in distracted anticipation of the coming weekend and Monday’s Clinton-Trump debate showdown, the FBI released another 189 pages of interview reports

Former NSA analyst: FBI may reopen investigation if Clinton loses (Washington Examiner) The FBI could reopen its investigation into Hillary Clinton's mishandling of classified information if she fails to win the November election, according to a former National Security Agency analyst, especially in light of revelations made public in a Friday document dump by the agency

Trump hotel chain fined over data breaches (CSO) The chain, one of Donald Trump’s businesses, also delayed in reporting the breaches to consumers

Privacy groups urge US FTC to investigate WhatsApp promises (CSO) WhatsApp's plan to share data with parent Facebook violates earlier commitments, groups say

House Intelligence Panel Gets Dozens of Whistleblower Complaints Every Year (Intercept) Critics of leakers have often argued that whistleblowers have legitimate channels through which they can report their grievances, but in the murky world of intelligence, it’s hard to know how many complaints are filed, and what, if anything, happens as a result. Now, the House Permanent Select Committee on Intelligence says it sees “dozens” of such complaints every year.

IBM botched geo-block designed to save Australia's census (Register) Bureau of Stats says spooks signed off IBM's plan, but Big Blue mucked something up

Another Way to Violate Privacy: PHI in Court Documents (HealthcareInfo Security) Hospital system hit with sanctions tied to documents it filed

Man Arrested over Pippa Middleton iCloud Hack (Infosecurity Magazine) A man has been arrested for allegedly hacking into the iCloud account of Pippa Middleton and stealing around 3,000 personal images

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

Upcoming Events

Cyber Security: How to Identify Risk and Act (Frankenmuth, Michigan, USA, September 26, 2016) Join us on 9/26/2016 for the PMI-MTC's annual project management PDD focusing on "Cyber Security: How to Identify Risk and Act." Earn 7 PDUs during the interactive sessions with well-known information ...

CYBERSEC (Kraków, Poland, September 26 - 27, 2016) The CYBERSEC forum is the first of its kind in Poland and one of just a few regular public policy conferences in Europe devoted to the strategic issues of cyberspace and cybersecurity.The goal of the CYBERSEC...

Third Annual Women in Cyber Security Reception (Baltimore, Maryland, USA, September 27, 2016) The CyberWire is pleased to present the 3rd Annual Women in Cyber Security Reception in cooperation with our partner the Cybersecurity Association of Maryland (CAMI) on Tuesday, September 27, 2016, in...

Structure Security (San Francisco, California, USA, September 27 - 28, 2016) Technology companies have created a digital revolution through the sheer pace of their innovation. CIOs and business leaders in every industry are adopting digital technology at breakneck speed and transforming...

IP EXPO Nordic 2016 (Stockholm, Sweden, September 27 - 28, 2016) IP EXPO Nordic is part of Europe’s number ONE enterprise IT event series, designed for those looking to find out how the latest IT innovations can drive business growth and competitiveness. The event showcases...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference...

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety...

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats...

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own...

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate...

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that...

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s...

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels,...

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of...

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders,...

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater...

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.