skip navigation

More signal. Less noise.

Daily briefing.

InfoArmor has published an extensive report on the Yahoo! breach. They conclude that two distinct criminal hacking groups were involved, along with a third black market reseller. The groups that stole the data, InfoArmor says, sold them at least three times, once to a "state-sponsored actor."

It's worth noting that "state-sponsored" can include a wide variety of groups in addition to government agencies and services themselves: activists, terrorist organizations, crime syndicates and an array of hired guns can all, under the right circumstances, legitimately be considered "state-sponsored." Thus "criminal" and "state-sponsored" are far from mutually exclusive, and states are using more fronts and cut-outs in cyberspace (an updated form of traditional information operations and espionage tradecraft).

Other lessons being drawn from the breach include the "toxicity" of personal data, which draw hackers' attentions (although it's unclear how companies that depend upon monetizing such data can avoid the toxin that comes with them) and the difficulties inherent in recovering from a breach that requires a massive password reset. Since security questions were also compromised, Wired suggests it's time to start telling lies in setting up one's answers.

The FBI warns Congress of more (presumably Russian) attempts to access state voter registration databases. Many take comfort from the disparate and disconnected US state-run voting systems, but such comfort is cold: one needn't globally hack an election to alter it. The power-grid analogy is instructive—a wayward squirrel or snake won't take out a continental grid, but it can still have major effect.

Notes.

Today's issue includes events affecting Australia, Belgium, China, European Union, France, Germany, India, Israel, Morocco, New Zealand, Russia, Spain, Syria, United States.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from Charles Clancy of Virginia Tech's Hume Center, who'll discuss software defined networking and the security implications thereof. Our guest will be Netsparker's Ferruh Mavituna, who'll talk about using subresource integrity checks with content delivery networks. And as always, if you enjoy the podcast, please consider giving it an iTunes review.

Maryland Cyber Day (Rockville, MD, USA, October 5, 2016) Highlighting and celebrating Maryland’s cybersecurity entrepreneurs, innovators and companies and connecting them with two vital tools for growth and success – investment capital and customers – from Maryland and beyond.

CyberMaryland Job Fair (Baltimore, MD, USA, October 20, 2016) Top companies looking for cyber security professional, cleared and non-cleared opportunities.

Cyber Attacks, Threats, and Vulnerabilities

Yahoo Hackers Were Criminals Rather Than State-Sponsored, Security Firm Says (Wall Street Journal) InfoArmor says the hackers sold Yahoo database at least three times, including once to a state-sponsored actor

The Yahoo hackers weren't state-sponsored, a security firm says (CSO) Elite hackers-for-hire were actually behind the breach, according to InfoArmor

InfoArmor: Yahoo Data Breach Investigation (InfoArmor) Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations

Yahoo Breach: User Data Considered Toxic (Digital Guardian) Computer science and security rely on precision for the descriptions of their constructs and concepts. But there are some things that defy description in these realms, and the Yahoo data breach is one of them

Yahoo Breach Raises Questions About Password Resets (Wall Street Journal) Online services that depend on email for passwords resets are also at risk, experts say

Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox (Heimdal Security) So you think you have nothing valuable on your email? Think again

Hackers have attempted more intrusions into voter databases, FBI director says (Washington Post) Hackers have attempted more intrusions into voter registration databases since those reported this summer, the FBI director said Wednesday, and federal officials are urging state authorities to gird their systems against possible other attacks

Hacking The Polls: Where US Voting Processes Fall Short (Dark Reading) The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results

Opinion: Think hackers will tip the vote? Read this first (Christian Science Monitor Passcode) In the final stretch of the presidential campaign, there's growing concern hackers could strike on Election Day. But while there are concerns about cybersecurity at polling places, altering an election is another matter altogether

U.S. Believes Hackers Are Shielded by Russia to Hide Its Role in Cyberintrusions (Wall Street Journal) Officials are increasingly confident that the Russian government is intensifying a campaign to steal U.S. computer records and leak damaging information to the American public

Record-breaking DDoS reportedly delivered by >145k hacked cameras (Ars Technica) Once unthinkable, 1 terabit attacks may soon be the new normal

Web Host Hit by DDoS of Over 1Tbps (Infosecurity Magazine) A French web hoster is claiming his firm has been hit by the biggest DDoS attack ever seen, powered by an IoT botnet with an estimated capacity of 1.5Tbps

D-Link DWR-932 router is chock-full of security holes (Help Net Security) Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities affecting the LTE router/portable wireless hotspot D-Link DWR-932. Among these are backdoor accounts, weak default PINs, and hardcoded passwords

Introducing Her Royal Highness, the Princess Locker Ransomware (Security Newspaper) Today we bring you Princess Locker; the ransomware only royalty could love. First discovered byMichael Gillespie, Princess Locker encrypts a victim’s data and then demands a hefty ransom amount of 3 bitcoins, or approximately $1,800 USD, to purchase a decryptor. If payment is not made in the specified timeframe, then the ransom payment doubles to 6 bitcoins

IP Expo Nordic and getting Popp’d by ransomware (CSO) Ransomware has become all the rage in the security field these days. Both from the perspective of the writers and the defenders. The media is lousy with these articles and I’m apparently not above writing about it myself. This has been grabbing the headlines in a big way simply because of the insidious nature of it

Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business (CSO) Even smaller criminal groups are using smarter business tactics

Necurs botnet: the resurrection of the monster and the rising of spam (Security Affairs) Necurs botnet, the monster is resurrected. Banking Trojans and Ransomware propagated via spam is bring backing the high-volume spam campaign

China cyber espionage continues (Washington Times) U.S. Cyber Command recently reported within secret government channels that China is continuing aggressive cyber espionage against American companies

At your service: cyber criminals for hire to militants — EU (Interaksyon) Cybercriminals offering contract services for hire offer militant groups the means to attack Europe but such groups have yet to employ such techniques in major attacks, EU police agency Europol said on Wednesday

SNMP Pwn3ge (SANS Internet Storm Center) Sometimes getting access to company assets is very complicated. Sometimes it is much easier (read: too easy) than expected. If one of the goals of a pentester is to get juicy information about the target, preventing the IT infrastructure to run efficiently (deny of service) is also a “win”. Indeed, in some business fields, if the infrastructure is not running, the business is impacted and the company may lose a lot of money. Think about traders

New Zealand Herald publisher suffers cyber attack (News Hub) Media company NZME says a hacker has managed to get access to the details of tens of thousands of people who entered a competition

In a first, Forest Department falls prey to ransomware attack (New Indian Express) In a first incident of its kind, a government department fell victim of ranswomware attack by cyber criminals

WADA Says Electronic Database Is Safe Despite Cyber Attack (ABC News) Despite the hack of personal medical information from some of the world's leading athletes, the World Anti-Doping Agency says its overall electronic database is safe

More Than Half Of IT Pros Employ Insecure Data Wiping Methods (Dark Reading) Recent study shows most enterprise IT professionals incorrectly believe emptying a Recycle Bin or reformatting a computer drive permanently erases data

Why digital hoarding poses serious financial and security risks (Help Net Security) 82 percent of IT decision makers admit they are hoarders of data and digital files, according to research conducted by Wakefield Research among 10,022 global office professionals and IT decision makers to look into how individuals manage data

The Real Reasons Why Users Stink At Passwords (Dark Reading) Personality, denial, and authentication-overload are big factors, new study finds

The psychological reasons behind risky password practices (Help Net Security) Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – consumers have yet to adjust their own behavior when it comes to password reuse

Which celebrities generate the most dangerous search results? (Help Net Security) Female comedian Amy Schumer knocked DJ Armin van Buuren off of the list to become the most dangerous celebrity to search for online, according to Intel Security

Security Patches, Mitigations, and Software Updates

ISC Patches Critical Error Condition in BIND (Threatpost) The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software

Opera browser starts running traffic through its own “VPN” (Naked Security) …Except it’s not really a VPN, but more of a proxy. More on that in a bit

Cisco Battles Shadow Broker Exploits (TechNewsWorld) Cisco has swung into action to combat a hacker group's exploitation of vulnerabilities in its firmware. The group, known as the "Shadow Brokers," released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency

Cyber Trends

Crossing the next frontier (Banking Technology) There has been a huge amount of hype at this year’s Sibos about financial technology and its role in financial services. Devie Mohan* looks at the technologies that will help financial institutions cross the next frontier of innovation

IBM's Ginni Rometty Tells Bankers Not To Rest On Their Digital Laurels (Forbes) Just when bankers were beginning to understand what it will mean to become digital, IBM’s CEO told them that’s become a new minimum — the next step is cognitive computing

Bay Dynamics Unveils New Report That Finds Compliance Regulations Are Driving Boards to Make Cyber Security the Top Priority (MarketWired) Third study in series finds support for, but struggles with, increasing regulations and demand for adding more board security expertise

What’s driving boards of directors to make cyber security a top priority? (Help Net Security) Almost half (46 percent) of board members believe compliance regulations help establish stronger security, but nearly 60 percent struggle with meeting increased mandates—a nearly 20 percent jump over the past two years, according to a nationwide survey by Osterman Research

Cloud Security Paradigm: Time for Change? (InfoRisk Today) Gartner's Steve Riley says security mindset needs to evolve, adapt

A Bug Bounty Reality-Check (Dark Reading) New study shows that bug bounties without a secure application development program and testing can be costly

Marketplace

Verizon Remains Mum On Yahoo Acquisition Status In Aftermath Of Hack (CRN) Verizon has remained largely silent in the days following Yahoo's confirmation that more than 500 million of its user accounts were hacked in 2014, leaving the industry wondering whether the telecom giant is still committed to buying Yahoo

Akamai Acquires Data Processing Provider Concord Systems (Akamai) Akamai Technologies, Inc. (NASDAQ: AKAM) announced today that it has acquired Concord Systems, Inc., a provider of technology for the high performance processing of data at scale, in an all cash transaction. The acquisition is expected to complement Akamai’s existing platform data processing capabilities and augment the Company’s product roadmap for supporting customers leveraging Internet of Things (IoT) technologies

Contrast Security raises $16M; Tenable founder Ron Gula among investors (Baltimore Business Journal) Contrast Security has secured $16 million in new financing from venture capitalists and technology industry veterans, including Ron Gula, the founder of Columbia-based Tenable Network Security

Contrast Security raises $16M Series B, looks to grow in Natty Boh Tower (Technical.ly Baltimore) “For cyber, this is the place to be,” said VP of Engineering Steve Feldman

Shape Security Announces Strategic Investment and Partnership With Hewlett Packard Pathfinder (MarketWired) Closes $40M Series D as it now prevents $1B+ in online fraud, protects more than 20% of in-store mobile payments worldwide

Patriot Berry Farms (PBFI) Announces Name Change to Cyberfort Software Inc., Acquisition of first IP and a move into the Cyber Security Market (Econotimes) Patriot Berry Farms Inc. (OTCQB:PBFI) is pleased to announce completion of the initial steps required in order to enter the Cyber Security industry, commencing with a name change application, filed with the SEC on September 15th 2016. The company will soon be known as Cyberfort Software Inc. and will target the $122.45 billion1 Cyber Security market, starting with its purchase of an innovative iOS and MacOS privacy and security application

FireEye Inc's Worst Business Segment in 2016 So Far (Motley Fool) Subscription and services sales are up, but revenue in this division is slumping

Dropbox and Microsoft Join Privacy Shield (Infosecurity Magazine) Dropbox and Microsoft have become the latest big name US tech companies to announce they’ve signed up to the controversial US-EU Privacy Shield data transfer agreement, following Google

ZeroFOX Named a Leader & Top-Ranked in Strategy Category for Digital Risk Monitoring by Independent Research Firm (BusinessWire) Company focused on helping organizations gain visibility, governance and security around the largest digital risk vector: social media

Proofpoint Named A Leader In Digital Risk Monitoring and Granted Groundbreaking Patent for Social Media Protection (GlobeNewswire) Proofpoint credited for standing above the pack with unparalleled control and enforcement in the Forrester Wave™: Digital Risk Monitoring, Q3 2016 report

Check Point tour opens Israel pipeline to Aussie partners (ARN) Inaugural Israel trip gives local partners insight into Check Point's internal operations

Avecto sees North American sales surge by 67% (Press Release Rocket) Spikes in both revenue and headcount for software firm following US expansion

Didi Chuxing makes information security push with new U.S. research lab and hires (TechCrunch) Didi Chuxing, China’s largest ride-hailing company, has hired two distinguished security experts to lead a new U.S.-based research center as part of a major push to increase its data security efforts

Products, Services, and Solutions

Effective DarkComet RAT Analysis in 10 Minutes and 3 Clicks (Recorded Future) In 2015 we released a report on identifying known RAT (remote access trojan) controllers. Malicious IP addresses are continuously identified through proactive internet scanning (via Shodan) for known family signatures, like Poison Ivy and BlackShades. This year we created Recorded Future Intel Cards for common indicators that make analysis a breeze, and RAT controllers are a perfect example

Inside the Mind of a Hacker (Bugcrowd) The bug bounty community is a truly global group of people, coming from all walks of life, with diverse backgrounds, technical skills and expertise. This diversity is what fuels the power of the crowdsourced cybersecurity economy, connecting a community of skilled, creative individuals with organizations that need their help

PKWARE And QuintessenceLabs Announce Strategic Partnership To Create Next-Gen Crypto Solution (PRNewswire) Integration benefits customers with strengthened solution in key management and control of data-security policy

Trustwave Unveils the Next Generation of Global Security Operations (Sys-Con Media) Global network of federated, advanced security operations centers powered by Trustwave ushers in the next generation of cybersecurity protection

Splunk Expands Adaptive Response Initiative to Strengthen Enterprise Security (BusinessWire) Organizations to demonstrate new capabilities at .conf2016

Improving Security Savvy Of Execs And Board Room (Dark Reading) Jeff Welgan, executive director and head of training for CyberVista, visits the Dark Reading News Desk at Black Hat to describe how CyberVista is working to improve cybersecurity literacy throughout the C-suite

Google Launches All-Out War on XSS (Infosecurity Magazine) Google has released a new set of tools designed to help firms better fortify their web systems against cross-site scripting (XSS) attacks using the Content Security Policy (CSP) mechanism

Signal Adds iPhone Access to Desktop App (Threatpost) Open Whisper Systems has long offered Android users of its encrypted messaging app a companion desktop version of the service. iPhone users haven’t been as lucky until Monday when the company announced desktop support for iPhone users of its Signal desktop beta app called Signal Private Messenger

ZTE debuts OTN-based quantum encryption transport system (Telecompaper) ZTE has announced the launch of what it describes as the world’s first quantum encryption transport system based on an optical transport network (OTN). The company said the system can generate secure and reliable keys by transmitting digital information and using a single photon, adding that its secure transmission and anti-decoding capabilities are far higher than any traditional information encryption method

BAE Systems launches first cloud–based compliance for financial crime in Australia (ITWire) The Anti-Money Laundering (AML) and Counter-Terrorism Financing Act (Cwth) 2006 placed strict governance rules on the financial sector, gambling sector, bullion dealers and other professionals or businesses that provide services covered by the Act. It looks like that may be extended even further

Enhance iMessage security using Confide (Help Net Security) One of the new features in iOS 10 offers the possibility of deploying specially crafted applications within iMessage. Most users will probably (ab)use this new functionality for sending tiresome animations and gestures, but some applications can actually provide added value for iMessage communication

Technologies, Techniques, and Standards

Mitigating Fraud Risks for Same-Day ACH (BankInfo Security) NACHA's Larimer says strong authentication, monitoring are key

ICS-CERT releases new tools for securing industrial control systems (Help Net Security) The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies

SWIFT security controls to be mandatory by 2018 (Tech Target) New SWIFT security policy will mandate baseline controls for banking partners, but experts are unsure how effectively the changes can be enforced

HITRUST Advances the State of Cyber Threat Information Sharing for the Nation’s Healthcare Sector (BusinessWire) First healthcare information sharing organization to contribute to DHS’s Automated Indicator Sharing Program

Enabling Cyber Preparedness amongst Banks (Dataquest) Why banks should invest in security operation centres (SOC) and incident response technologies

White House And The National Cyber Security Alliance Join Forces To Launch "Lock Down Your Login," A Stop. Think. Connect. ™ Campaign (Yahoo! Tech) As called for in the President's Cybersecurity National Action Plan, the White House, the National Cyber Security Alliance (NCSA) and more than 35 companies and NGOs today launched a new internet safety and security campaign, "Lock Down Your Login," to empower Americans to better protect their online accounts

Design and Innovation

Q&A: Internet of Insecure Things? Think security as the logical first step, says Sophos (Techgoondu) The Internet of Things (IoT) is rapidly expanding its universe by giving objects and devices the ability to connect and transfer data automatically over a network

Lower cost is key benefit of blockchain (Banking Technology) Blockchain technology has the potential to help ease banks’ profitability pressures, particularly in Europe’s negative interest rate environment, an audience was told at an offsite briefing yesterday morning

Bitcoin Returns to Its Cypherpunk Roots: An Interview With Lupták and Sip of Hackers Congress Paralelní Polis (Bitcoin Magazine) First announced on the cryptography mailing list in 2008, Bitcoin was the embodiment of a decade-old cypherpunk vision. A digital currency not controlled by any government, bank, or company existed in the hearts and minds of hackers and cryptographers long before most even considered the concept viable

Time to Kill Security Questions—or Answer Them With Lies (Wired) The notion of using robust, random passwords has become all but mainstream—by now anyone with an inkling of security sense knows that “password1” and “1234567” aren’t doing them any favors. But even as password security improves, there’s something even more problematic that underlies them: security questions

Research and Development

IARPA To Develop Early-Warning System For Cyberattacks (Wall Street Journal) A multi-year R&D project aims to use social media data and other unconventional signals to detect cybersecurity attacks

Academia

UTSA snags two grants for cybersecurity education amid hiring spree (San Antonio Business Journal) The University of Texas at San Antonio is beefing up its computer science field experts this fall as the educational institution raked in about $3.5 million in grants this week to bolster its cybersecurity education programs

Montreat College, Mission Health partner on cybersecurity training (Mountain Express) Montreat College and Mission Health are teaming to develop cybersecurity professionals who are not only trained in the best techniques, but also have the kind of ethical and moral framework necessary to become trusted leaders in the cybersecurity field

Legislation, Policy, and Regulation

EU mulls amending controversial cyber export rules (The Hill) A new proposal in the European Union would locally address many of the controversies over an international export control agreement that includes the United States

Interview: DSCI's New CEO Spells Out Priorities (InfoRisk Today) Rama Vedashree discusses projects, including efforts to grow the data security industry

How to thwart Election Day hackers: Vote the old-fashioned way (C|Net) The country's outdated, offline voting machines could actually save the election from cyberattacks, say experts at a Congressional hearing

Opinion: Will either candidate protect your data? It's time to ask (Christian Science Monitor Passcode) In light of the Yahoo breach, Donald Trump and Hillary Clinton owe the American public an explanation for how they'll protect their personal data

Litigation, Investigation, and Law Enforcement

Five arrested on suspicion of forming European Islamic State cell (Reuters) Spanish, German and Belgian authorities have arrested five people suspected of forming an "active and dangerous" Islamic State cell and promoting Islamist militancy in the three countries, Spain's interior ministry said on Wednesday

Syrian Electronic Army hacker pleads guilty after sending victim scan of his passport (Tripwire: the State of Security) A Syrian national affiliated with the notorious Syrian Electronic Army hacking group has pleaded guilty in a US court to charges of conspiring to hack into computers and extort money

Yahoo Faces Lawsuits Over Breach (Data Breach Today) But breach litigation in U.S. has mixed record of success

FBI’s Comey won’t reopen Clinton email probe, refuses to say she’s truthful (Washington Times) FBI Director James Comey said he’s not going to reopen the investigation into Hillary Clinton’s emails, telling Congress on Wednesday that none of the recent revelations since he closed the case in July “would come near” to triggering that extraordinary step

Obama Administration takes revenge on Peter Thiel? (Communities Digital News) The weaponization of the federal government against Palantir, a potentially central player in the war on terror, aims a weapon at the heart of U.S. national security

Public service openly breaking law to avoid costs and delays of security vetting (Canberra Times) The Public Service Commission is investigating more than 50 job advertisements that allegedly breach the Public Service Act

Outdated BA Agreement Results in $400,000 HIPAA Settlement (HealthcareInfo Security) Affilated hospital was previously fined by state attorney general

CloudFlare tells court it does not assist pirate sites: Report (HackRead) CloudFlare was sued for providing CDN services to websites containing pirated content – in reply, the firm has made it clear that it will not stop providing its services to such sites whatsoever

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Security Summit 2016 (Aukland, New Zealand, May 5, 2016) New Zealand’s first Cyber Security Summit will be held in Auckland on 5 May 2016. The theme is “Keeping New Zealand’s Economy Cyber Secure”. Hosted by the Minister for Communications Hon Amy Adams, the...

Upcoming Events

escar Asia 2016 (Tokyon, Japan, September 28 - 30, 2016) Founded in 2003, escar has established itself as the premier forum for the discussion and exchange of ideas to identify and minimize threats to data and vehicles. Held in Europe, the US and now for the third time in Asia, escar provides a forum for collaboration among industry, academia and governments for in-vehicle cyber security.

Cyber National Security – The Law of Cyberspace Confrontation (Hanover, Maryland, and Fort Meade, October 3 - 6, 2016) US Cyber Command will host the fourth annual COCOM-Interagency Cyber Law Conference from 3 through 6 October 2016, Cyber National Security – The Law of Cyberspace Confrontation. This year the conference...

Crossroads Regional Cybersecurity Summit (Victoria, Texas, USA, October 4, 2016) Bringing together top experts from both the public and private sectors, the Crossroads Regional Cybersecurity Summit (CRCS) will be an exciting and educational day for local businesses. Through a variety...

Cambridge Cyber Summit (Cambridge, Massachusetts, USA, October 5, 2016) This unique one-day summit will bring together c-suite executives and business owners with public and private-sector leaders in security, technology and defense to discuss ways to combat urgent cyber threats...

IP EXPO Europe (London, England, UK, October 5 - 6, 2016) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forwardIP EXPO Europe now includes six co-located events with their own...

RFUN 2016: 5th Annual Threat Intelligence Conference (Washington, DC, USA, October 5 - 6, 2016) The fifth annual RFUN Conference is a two-day event that brings together the diverse and talented community of analysts and operational defenders who apply real-time threat intelligence to out-innovate...

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

VB 2016 (Denver, Colorado, USA, October 5 - 7, 2016) The 26th annual international Virus Bulletin conference meets this October in Denver

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

TU-Automotive Cyber Security Europe (Munich, Bayern, Germany, October 6 - 7, 2016) The most focussed forum on the ‘here and now’ of automotive cybersecurity. As we are inundated by headlines on cyber-attacks, we go beyond the hype to focus on the current challenges and solutions that...

AppSecUSA 2016 (Washington, DC, USA, October 11 - 14, 2016) OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. Come hear an amazing group of inspirational speakers—including YouTube’s...

AFCEA CyberSecurity Summit (Washington, DC, USA, October 11 - 12, 2016) AFCEA Washington, DC invites you to attend the 7th Annual Cybersecurity Summit on October 11–12, 2016. This two-day summit will feature keynotes from government leaders, thought-provoking discussion panels,...

Insider Threat Program Development Training for NISPOM CC 2 (Warrington, Pennsylvania, USA, October 17 - 18, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (NISPOM Conforming Change 2). PA. For a limited time the training is being offered at a discounted rate of...

Cyber Ready 2016 (McDill Air Force Base, Florida, USA, October 18, 2016) We invite you to join us for our first annual Cyber ReadyTM 2016 conference observing National Cyber Security Awareness Month: The Impact of Cyber Crime. The National Cyber Partnership, joined by the MITRE MITRE National Capture the Flag (CTF) Competition Cyber Challenge Awards Ceremony.

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders,...

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Los Angeles Cyber Security Summit (Los Angeles, California, USA, October 28, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

CyberMaryland 2016 (Baltimore, Maryland, USA, October 20 - 21, 2016) The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government and private...

CyCon US: International Conference on Cyber Conflict (Washington, DC, USA, October 21 - 23, 2016) The inaugural U.S. based International Conference on Cyber Conflict will take place 21-23 October 2016 in Washington D.C. Focusing on a theme of Protecting the Future. CyCon U.S. seeks to create greater...

SANS San Diego 2016 (San Diego, California, USA , October 23 - 28, 2016) Cyber security training in San Diego, CA from SANS Institute, the global leader in information security training. Choose from nine hands-on, immersion-style training courses for security professionals...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

Regional Cyber Security Summit (Sharm El-Sheikh, Egypt, October 30 - November 1, 2016) The Regional Cyber Security Summit comes this year with the theme of “Boundless Collaboration, Boundless Protection”. It focuses on the cooperation in cybersecurity as one of key pillars to tackle the...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.