skip navigation

More signal. Less noise.

Daily briefing.

Ruslan Stoyanov, the Kaspersky researcher and former FSB officer whom Russian authorities have charged with treason, has condemned the Russian state practice of coopting and using cybercriminals. In a statement he dictated to his lawyers, who released it to independent television station Dozhd, Stoyanov says "patriot-thieves" are given immunity from prosecution to attack foreign targets, and this practice is unsustainable: the protected hoods will eventually unleash a wave of crime against Russia itself. (Observers have long commented on close ties between Russian security services and organized crime.)

The biter may have already been bitten with one of the Word zero-days patched this week. According to FireEye, CVE-2017-0199 appears to have been exploited to deliver Finspy (a controversial lawful intercept product developed by the Gamma Group) to Russian-speaking targets. The vector was a weaponized document, a military manual from the Ukrainian pro-Moscow separatist group "Donetsk People's Republic." The same vulnerability has also been used to spread the more obviously criminal Latenbot and Terdot payloads.

Palo Alto Networks researchers warn that an aggressive strain of Ewind adware is afflicting Android users. As much Trojan as conventional adware, Ewind clones popular apps, installs malicious code, and inserts them into third-party stores. Some of the noteworthy apps so cloned include Grand Theft Auto Vice City, AVG cleaner, Minecraft (Pocket Edition), Avast! Ransomware Removal, Vkontakte, and Opera Mobile.

Russo-US relations continue to be chilly, with information operations unabated. German authorities advocate widespread control over media to combat fake news; they hope all Europe will follow.

Notes.

Today's issue includes events affecting Canada, China, European Union, Germany, India, Iran, NATO/OTAN, Russia, Syria, Ukraine, United Kingdom, United States.

A note to our readers: You may find Recorded Future's new weekly podcast on threat intelligence (produced in partnership with the CyberWire) worth subscribing to; you'll find it here.

In today's podcast, our partners at Webroot are represented by David Dufour, who talks the ins-and-outs of tax season phishing. (Have our American readers noticed this is tax season? The IRS has.) Our guest, Fred Wilmot from PacketSled, describes the increasing convergence of IT and OT. 

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

Cyber Attacks, Threats, and Vulnerabilities

Microsoft Word exploit linked to cyberspying in Ukraine conflict (CSO Online) A severe Microsoft Office vulnerability was recently used to deliver spyware to Russian-speaking targets, in a possible case of cyberespionage.

Report: Microsoft Word flaw was used in both espionage, crime since January (TheHill) A security flaw in Microsoft Office has been used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye.

Microsoft Word 0-day was actively exploited by strange bedfellows (Ars Technica) Same exploit used by malware crooks and nation-sponsored hackers targeting Russians.

CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware (FireEye) FireEye recently identified a vulnerability – CVE-2017-0199 – that allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document containing an embedded exploit. We worked with Microsoft and published the technical details of this vulnerability as soon as a patch was made available.

Nation-State Hackers Go Open Source (Dark Reading) Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.

Home Routers Used to Hack WordPress Sites (BleepingComputer) There's a group of hackers who are hijacking unsecured home routers and using these devices to launch coordinated brute-force attacks on the administration panel of WordPress sites.

Hackers Cloning Popular Android Apps to Infect Users with Malware (HackRead) The IT security researchers at Palo Alto Network have discovered new samples of the Adware-family “Ewind” have been discovered by security researchers. As

Russian Malware Infects Popular Android Apps, Allows Hackers Complete Access To Your Phone (India Times) Ewind malware can expose infected Android phones to hackers with no holds barred!

PwC Isle of Man warns local businesses of new sustained global cyber espionage campaign (Isle of Man News) PwC’s cyber security practice has worked closely with BAE Systems and other members of the security community to uncover and disrupt what is thought to be one of the largest ever sustained global cyber espionage campaigns.

Cyber criminals are turning to ransomware and Mac malware, warns Malwarbytes (Computing) Malwarebytes: 'Sophisticated' Cerber dominates ransomware with 90 per cent 'market share'

Akamai Security Intelligence Response Team Identifies New Reflection Attack Method (Yahoo! Finance) Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today published new research from the company's ...

Security Alert: Job Seekers, Beware of this LinkedIn Scam - Heimdal Security Blog (Heimdal Security Blog) This new LinkedIn scam wants to trick you into giving it your CV and personal information. Learn how to identify the scam and stop it.

Netflix’s HTTPS Update Can’t Combat Passive Traffic Analysis Attacks (Threatpost) Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack.

Uber reportedly tracked Lyft drivers using a secret software program named ‘Hell’ (TechCrunch) Another day, another revelation of an ethically questionable business practice by Uber. This time The Information reports that Uber secretly tracked Lyft..

This Dark Web Service Makes Spamming Hackers Ridiculously Easy (Motherboard) For 40 bucks, anyone can send Jabber spam.

Pirate radio: Signal spoof set off Dallas emergency sirens, not network hack (Ars Technica) System doesn't encrypt commands used to set off signals, official admitted.

Targeting the Weak Link in the Supply Chain: Amazon Third-Party Sellers Hacked (eSecurity Planet) Tens of thousands of dollars have been stolen from seller accounts, and fake items have been listed for sale in an effort to steal even more money.

How to Illegally Build an Internet-Connected PC in Prison (Motherboard) Five Ohio inmates were caught with a functioning, internet-connected computer in the ceiling that they used for tax fraud, porn and drug recipes.

Security Patches, Mitigations, and Software Updates

Google deprecates Octane JavaScript benchmark, because everyone is basically cheating (Ars Technica) JavaScript engines have focused too much on the benchmark, to the detriment of the real world.

Google boosts verification after wave of Maps fake listings fraud (Naked Security) Just as platforms are turning to humans to verify news stories, verification procedures for business listings now seem to be heading in the same direction

Malware, Sir? Jenkins ‘software butler’ tool gets many security fixes (Naked Security) You patched the operarting system, you patched your apps, but did you patch your plugins?

SAP closes critical vulnerability affecting TREX (Help Net Security) SAP closed a critical vulnerability for an issue that was exposed for almost two years. The vulnerability (SAP Security Note 2419592) affects TREX.

Microsoft patches Word zero-day booby-trap exploit (Naked Security) All versions of Office on all versions of Windows are vulnerable to this zero-day that spreads malware, so make sure you patch quickly

Critical Security Updates from Adobe, Microsoft (KrebsOnSecurity) Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products. Adobe patched dozens of holes in its Flash Player, Acrobat and Reader products. Microsoft pushed fixes to address dozens of vulnerabilities in Windows and related software.

Cyber Trends

Deloitte: Caution around cyber risks ‘costly, catching, and dangerous’ (Computerworld) ​Greater investment in cyber security would lead to national wage increases of two per cent by 2030, claims a report by Deloitte Australia published today.

Cybersecurity is About Wins and Losses, Not Ones and Zeros (Dow Jones) Jeremy King, the founder and president of Benchmark Executive Search, discusses the evolution of the chief risk officer, highlights the challenges in recruiting cybersecurity talent from the intelligence community and recommends talking about cybersecurity in terms of wins and losses rather than ones and zeros.

Security Training Should be Legal Requirement, Say Employees (Infosecurity Magazine) Security Training Should be Legal Requirement, Say Employees. New study claims over half haven’t been given any over past year

Marketplace

MACH37 Announces the Spring 2017 Class of Cybersecurity Startups (Yahoo! Finance) The MACH37 Cyber Accelerator announced today that it has selected six cybersecurity startups to participate in the Spring 2017 three-month mentorship-driven startup ...

Synack: Hackers wanted after firm gets $21.25M funding from Microsoft, HPE (Network World) Synack gets $21.25 million in Series C funding from Microsoft, HPE and Singtel to hire more white-hat hackers and expand its territory.

Elmodis raises a $4.9M round to find the soul of a new machine (TechCrunch) Like the boy in Iron Giant, Elmodis watches massive machines to ensure they don't break or, worse, hurt people. The company recently raised $4.9 million to..

FireEye: Demanding More From Mandiant (Seeking Alpha) Mandiant will play a bigger than expected role in FireEye's turnaround story. The shift from physical on-prem appliances means more pressure on incident respond

BlackBerry’s stock had a great day after the company won a big dispute with Qualcomm (TechCrunch) Earlier today, BlackBerry’s stock hit its highest point more than a year, and all it took was a lousy $814.9 million arbitration win. It’s a healthy..

root9B Holdings Names Eric Hipkins Chief Executive Officer (PRNewswire) root9B Holdings, Inc. (Nasdaq: RTNB) ("RTNB"), a leading...

Products, Services, and Solutions

LookingGlass Delivers Corporate and Supplier Cyber Attack Surface Analyses (BusinessWire) LookingGlass Cyber Solutions, a leader in threat intelligence-driven security, today announced the release of their Corporate and Supplier Cyber Attack Surface Analysis offerings, a measurable and cost-effective way for organizations to examine their internal security posture as well as that of their third-party vendors.

Closing the Skills Gap and Empowering Veterans With CyberTraining 365 and Operation Code (Yahoo! Finance) CyberTraining 365 is continuing their efforts of empowering veterans to help fill the cybersecurity skills gap by partnering with Operation Code. Operation Code is an open source veterans non-profit aiding US veterans in learning cybersecurity skills

The New and Improved Anomali Threatstream Splunk App (Anomali) Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs).

Travelers Enhances Cyber Risk Capabilities with Symantec (Zacks Investment Research) The Travelers Companies, Inc.'s (TRV) recently announced that its cyber policyholders will now have access to the pre-breach cybersecurity services of Symantec Corp.

Rapid7 Defines Next-Generation Analytics Platform For Security And IT Professionals (Information Security Buzz) Rapid7 Insight platform is the first cloud-based platform to combine vulnerability management, user behaviour analytics-powered SIEM, IT log analytics, and application security data Evolved platform centralizes operational and security data from the network, endpoints, and the cloud to unify data, accelerate analysis, and reduce cost of ownership Rapid7 introduces two new solutions, on its platform: …

Cisco Inaugurates Cyber Range Lab in India (MENA FN) The Cyber Range Lab to simulate real-world cyber-attacks and incidents and cyber-defence tactics The Cyber Range Lab will provide

University of Massachusetts Systems Office Selects LogRhythm Technology to Deliver a Centralized Security Solution (Yahoo! Finance) LogRhythm, The Security Intelligence Company, today announced that the University of Massachusetts System Office has chosen its Threat Lifecycle Management platform to deliver a centralized network security service.

Technologies, Techniques, and Standards

Swift Releases New Controls, Suspicious-Payments Blocker (Wall Street Journal) Swift, the dominant carrier of cross-border payment instructions between banks, has finalized a new set of security standards its customers must follow by the end of this year—or risk being reported to regulators.

Government calls for submissions for GDPR derogations (Computing) Consultation exercise over flexibilities permitted within GDPR

CareCERT launch contributes to 250 per cent rise in cyber attack reporting (Health IT Central) The number of cyber attacks reported to NHS Digital increased from 16 to 55 in one year

Evolution of security operations from reactionary survival mode to forced sophistication (Help Net Security) The evolution of security operations has moved from reactionary survival mode to forced sophistication, due to a factors outlined in this article.

In Cyberspace, It’s Always Hunting Season (SIGNAL Magazine) The practice of cyberthreat hunting traps elusive prey lurking inside networks.

DevOps: Failure to integrate security creating a 'bow wave of future problems' (Computing) Industry figures react to Computing's DevSecOps research findings

How CISOs can explain privacy to the C-suite (CSO Online) With the recent moves by the FCC, it is imperative that chief security officers make the company aware of privacy issues.

How Innovative Companies Lock Down Data (Dark Reading) A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.

Cybersecurity & Fitness: Weekend Warriors Need Not Apply (Dark Reading) It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.

Design and Innovation

Securing Driverless Cars From Hackers Is Hard. Ask the Ex-Uber Guy Who Protects Them (WIRED) Uber's former top hacker explains the challenges of securing self-driving cars.

Research and Development

There’s a big problem with AI: even its creators can’t explain how it works (MIT Technology Review) No one really knows how the most advanced algorithms do what they do. That could be a problem.

Academia

WCTC named National Center of Academic Excellence in cyber defense education (Lake Country Now) College is first in Wisconsin to be recognized by National Security Administration and Department of Homeland Security

Can you break the code? Kryptos contest starts on April 13 (Daily Record) Kryptos, the annual code-breaking contest, is on Thursday and the Central Washington University Mathematics Department invites all undergraduate students to participate.

NSA gives military students a leg up on cyber with real-time exercise (FederalNewsRadio.com) The National Security Agency is holding its 17th annual Cyber Defensive Exercise to help young cyber warriors hone their skills.

WGU Texas Launches Bachelor's in Cybersecurity and Information Assurance (PRNewswire) To help meet the increasing demand for cybersecurity...

UMUCs Mansur Hasib Wins 2017 Maryland Cybersecurity People’s Choice Award (HS Today) Mansur Hasib, program chair for Cybersecurity Technology, University of Maryland University College (UMUC) Graduate School and a well-known thought leader in health care technology and cybersecurity, won the Cybersecurity Association of Maryland’s (CAMI) People’s Choice Award for lifetime achievement.

Legislation, Policy, and Regulation

Russia vetoes UN resolution to condemn Syria chemical attack (Military Times) Russia vetoed a Western-backed U.N. resolution Wednesday that would have condemned the reported use of chemical weapons in a town in northern Syria and demanded a speedy investigation into the attack that killed nearly 90 people.

Trump says NATO ‘no longer obsolete’ in series of foreign policy reversals (Defense News) U.S. President Donald Trump has said NATO is "no longer obsolete," a huge reversal from an oft-stated stance that alarmed U.S. allies, and one in a series of recent foreign policy U-turns.

Trump declares US-Russia relations may be at 'all-time low' (Military Times) Laying bare deep and dangerous divisions on Syria and other issues, President Donald Trump declared Wednesday that U.S. relations with Russia "may be at an all-time low." His top diplomat offered a similarly grim assessment from the other side of the globe after meeting with Vladimir Putin in Moscow.

Why U.S.-Russia Relations Won't Get Any Better (The National Interest) So far, there’s been a lot of talk, but little action.

German Officials Seek to Control ‘Fake News’ Online — and Hope the EU Will Follow Suit (National Review) Continent-wide censorship — what could go wrong?

To Split or Not to Split: The Future of CYBERCOM’s Relationship with NSA (Lawfare) The 2017 NDAA paves the way for CYBERCOM to be elevated to a fully independent unified combatant command and maintains a more hotly contested opportunity for CYBERCOM to be split from the NSA.

Air Force looks at how it can support services in multi-domain battle (C4ISRNET) The Air Force is looking at how it can support its sister services in multi-domain battle.

Litigation, Investigation, and Law Enforcement

Kaspersky Lab cyber expert accused of treason slams Kremlin for giving hackers 'immunity' (International Business Times UK) Ruslan Stoyanov warned working with hackers will lead to "waves of crime" in Russia.

Арестованный по делу о госизмене топ-менеджер «Лаборатории Касперского» обратился к властям (Дожд) Топ-менеджер «Лаборатории Касперского» Руслан Стоянов, который вместе с сотрудниками Центра информационной безопасности ФСБ проходит по делу о госизмене, передал из «Лефортово» обращения к российским властям и общественности. Письма были надиктованы во время встреч с защитниками, рукописи есть в распоряжении Дождя, их подлинность подтвердил адвокат Стоянова. 

UK lawmakers examine Brexit cyber-attack claim (Anadolu Agency) Report refuses to rule out foreign cyber-attack on website which crashed while registering voters for Brexit referendum - Anadolu Agency

Report: FBI ordered surveillance on Trump adviser thought to be Russian agent (Federal Times) The FBI obtained a secret court order last summer to monitor the communications of Carter Page, an adviser to then-candidate Donald Trump, because the government had reason to believe Page was acting as a Russian agent, The Washington Post has reported.

Why Surveillance of Carter Page Is Such a Bombshell (Foreign Policy) You don’t get slapped with a FISA warrant unless the court thinks you could be the agent of a foreign power.

The Carter Page Surveillance Doesn’t Prove Anyone’s Conspiracy Theory (WIRED) Keep the focus where it belongs: on Russia's efforts to undermine US democracy.

Congress expands 'unmasking' probe amid questions over Rice role (Fox News) The House and Senate intelligence committees are expanding their investigation into the so-called “unmasking” controversy, Fox News has learned, to examine whether other candidates or lawmakers beyond President Trump’s associates were affected.

Michael Hayden: Susan Rice’s unmasking request is no 'smoking gun' (TheHill) OPINION |The former national security advisor's requests to unmask U.S. person's information appears to be lawful, appropriate and — dare I say — maybe even routine.

U.S. Says Jailed Russia Programmer Is One of World’s Most Sophisticated Hackers (Wall Street Journal) The Russian programmer arrested in Spain on accusations of cyber fraud operated a vast network of compromised computers for malicious purposes, U.S. authorities allege.

Kelihos Botnet Had Around 60K Bots When It Was Taken Down (Fourth Time's a Charm) (BleepingComputer) The Kelihos botnet is no more. Or at least that's what authorities hope happens, after attempting to bring it down three times in the past, but to no avail.

Suing to See the Feds’ Encrypted Messages? Good Luck (WIRED) Conservative watchdog Judicial Watch is suing the EPA for staffers' Signal messages. It may hit the encrypted limits of federal transparency.

It’s Not Chill At All That Canadian Police Misled the Public For Years About Stingrays (Motherboard) And they need to answer for it.

Lax Employee Communications Policies Open the Door to Lawsuits (Infosecurity Magazine) More than half of office-based employees say their companies don't have written policies on data retention or personal use of work devices.

Low fines for charities misusing donors’ data was ‘a masterstroke’ (Naked Security) When 13 charities including two leading animal welfare organisations were given what looked like very low fines for serious data breaches, many were outraged – but it increasingly looks like …

Court to force adult site to expose ‘pirating’ users (Naked Security) A porn company has found more than 1,000 copyright-infringing videos on Pornhub. Fair. But why isn’t Pornhub itself being held accountable?

Facebook again under fire for spreading illegal content (TechCrunch) An investigation by a British newspaper into child sexual abuse content and terrorist propaganda being shared on Facebook has once again drawn critical..

Facebook publishing child pornography (Times (London)) Facebook is at risk of a criminal prosecution in Britain for refusing to remove potentially illegal terrorist and child pornography content despite being told it was on the site, The Times can reveal.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Chertoff Group Security Series: Security in the Boardroom (East Palo Alto, California, USA, June 22, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

2017 International Information Sharing Conference (Washington, DC, USA, October 31 - November 1, 2017) Join us for the inaugural International Information Sharing Conference hosted by the Information Sharing and Analysis Organization Standards Organization (ISAO SO), with participation from the Department...

Upcoming Events

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.