skip navigation

More signal. Less noise.

Daily briefing.

The British Foreign Office was spearphished last year by the Callisto Group, according to the BBC and the Times of London, but it's not believed the espionage succeeded in discovering anything particularly sensitive. 

Reports of the incident are based on a study of the Callisto Group released yesterday by F-Secure. As usual, F-Secure is coy about attribution, but they do tease with informed speculation that Callisto is connected to a nation-state. It's used infrastructure connected to actors in China, Ukraine, and Russia, but also to criminal organizations dealing drugs and other contraband. The payload Callisto's phishing emails delivered was, according to F-Secure, the Scout tool from the HackingTeam's RCS Galileo. F-Secure also notes similarities in technique to APT28, a.k.a. Fancy Bear, a.k.a. the GRU, so signs both criminal and technical tend to point toward Russia.

US Director of Central Intelligence Pompeo had some harsh words for WikiLeaks yesterday, calling Mr. Assange's organization a "non-state hostile intelligence service" and Mr. Assange himself "a narcissist who has created nothing of value." The operation, Pompeo argued before the Center for Strategic and International Studies, provides an implausibly deniable figleaf for the Russian services, at best a fellow-travelling useful idiot if not an active agent-of-influence.

The ShadowBrokers are angry too, fed up with "the peoples" who aren't taking their leaks seriously enough.

Much of this conflict lies in the realm of influence operations as opposed to hacking proper, and some within NATO would like to "weaponize" memes, trolling both ISIS and the Russian government.

Notes.

Today's issue includes events affecting China, Egypt, Germany, Iran, Italy, Democratic Peoples Republic of Korea, Malaysia, NATO/OTAN, Russia, South Sudan, Ukraine, United Kingdom, United States.

In today's podcast, Jonathan Katz from our partners at the University of Maryland discusses Google’s unfulfilled promise of end-to-end encryption in gmail. Our guest, Ajit Sancheti from Preempt Security, talks about the enduring tension between security and human nature. 

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

Cyber Attacks, Threats, and Vulnerabilities

Callisto Group hackers targeted Foreign Office data (BBC News) The UK's Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016.

Foreign Office hit by ‘Russian hackers’ (Times (London)) The Foreign Office has faced a sustained onslaught by cyberattackers believed to be linked to Russia. It was among a string of military and government targets in Europe which were hit last year by...

Nation-State-Linked Hackers Targeted UK Foreign Office (Infosecurity Magazine) Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks and journalists.

Callisto Group (F-Secure) The Callisto Group is an advanced threat actor whose known targets include military personnel, government officials, think tanks, and journalists in Europe and the South Caucasus. Their primary interest appears to be gathering intelligence related to foreign and security policy in the Eastern Europe and South Caucasus regions.

CIA head: WikiLeaks a 'non-state hostile intelligence service' (TheHill) CIA Director Mike Pompeo on Thursday hammered WikiLeaks, calling the organization a "non-state hostile intelligence service."

CIA director rips Assange, defends foreign surveillance (FCW) In his first public remarks as CIA director, Mike Pompeo defended the work of the agency -- and condemned Wikileaks founder Julian Assange and former intel contractor Edward Snowden for undermining the CIA and national security.

The CIA is really, really mad at WikiLeaks (TechCrunch) Speaking at the Center for Strategic and International Studies today, CIA Director Mike Pompeo went off on WikiLeaks. Pompeo is pretty mad about that whole..

Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks (Motherboard) One presentation points to several banks located in the Middle East.

Recent Microsoft 0-Day Used for Cyber-Espionage and Mundane Malware Distribution (BleepingComputer) The saga of CVE-2017-0199, a recently patched zero-day vulnerability affecting Microsoft Office and WordPad, just got a little stranger yesterday after cyber-security firm FireEye revealed the vulnerability was used by both cyber-criminals pushing mundane malware, and also by state-sponsored cyber-espionage groups.

Exclusive: Spyware firms in breach of global sanctions (Al Jazeera) Undercover investigation exposes inner workings of spy equipment companies selling to clients from sanctioned countries.

Selling spyware, making millions, breaking sanctions... (Graham Cluley) Al Jazeera went undercover, approaching three companies on behalf of the governments of Iran and South Sudan - and found it all too easy to buy surveillance technology that could be used to spy on the countries' citizens.

North Korea accuses Donald Trump of 'causing trouble' amid nuclear test crisis (Guardian) Vice-foreign minister says Pyongyang will conduct nuclear test when it sees fit as China appeals to US to avoid pre-emptive strike

BrickerBot – The Dark Knight of IoT (Radware Blog) Over the course of the last week, you have probably heard about the attacks designed to render Internet of Things (IoT) devices across the internet useless. We called the originator of the attacks “Brickerbot,” but should we have called it the “Batman of IoT”? Permanent Denial of Service PDoS is an attack that damages a …

Android malware creators throw up a roadblock to thwart the good guys (Naked Security) Security practitioners often use emulators to dig into Android malware. So what happens when the bad guys work out how to spot that?

Unpatched vulnerability exposes Magento online shops to hacking (CSO Online) An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops.

‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable (Threatpost) A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.

Don’t let hackers ruin your roast! Security flaws found in AGA cooker app (Bitdefender Box) Imagine you work in marketing for a company that has been manufacturing upmarket cookers for almost 100 years.

Is a Smart Oven "Smart" If It Can Be Hijacked via SMS? (BleepingComputer) Security researchers from Pen Test Partners have discovered pretty glaring security flaws in Aga's line of smart ovens.

Stories From Two Years in an IoT Honeypot (Threatpost | The first stop for security news) A researcher at this year’s Security Analyst Summit staged a series of honeypots at his friends’ houses to record IoT traffic, exploit attempts and other statistics.

What is an Open Redirection Vulnerability and How to Prevent it? (Netsparker) Technical & detailed explanation of the open redirection web application vulnerability. This attack also explains to prevent such attacks on your websites.

OLE packages, how criminals distribute malware, are on the rise (Healthcare IT News) Cybercriminals increasingly are using object linking and embedding packages though healthcare executives have options to fight them.

Exploit Kits Surge Worldwide as Rig EK Climbs to Second Place in Check Point’s ‘Most Wanted’ Malware (GlobeNewswire News Room) After several months in decline, Exploit kit infections show sharp uplift and deliver a variety of threats, says Check Point

Exploit Kit Activity Quiets, But Is Far From Silent (Threatpost) Here are the exploit kits to watch for over the next three to six months.

Smartphone sensors offer hackers a way past security PINs (Naked Security) But how likely are you to fall victim to this kind of attack?

Shedding Some Light on the Dark Web (Anomali) Underground markets may have originated in the time of Internet Relay Chats (IRCs), but the appearance of cryptocurrencies and anonymous communications like Bitcoin and TOR have allowed these markets to develop far past their genesis. Darknet forums are now a very efficient platform through which to conduct illegal business. Some forums are accessible only via the TOR network, while others are only accessible via traditional web browsing (clearnet).

Why businesses should care about identity theft (Help Net Security) Identity theft is directed squarely against individuals, but to believe that businesses don't suffer any consequences or costs associated with it is wrong.

Warwick business owner’s warning after cyber attack blackmail (Warwick Courier) A Warwick company’s managing director is warning other businesses to protect themselves from cyber criminals after being held to ransom.

Following serious cyber attack, ECMC restoring online systems (WFBO) It's been a busy week for the information technology department at Erie County Medical Center. Days after an online attack, they're restoring computer

Nintendo Hackers Told Us $20,000 Bug Bounties Aren't Going to Stop Piracy (Motherboard) Nintendo is offering up to $20,000 to white hat hackers who report critical vulnerabilities that could be used to hack its new Switch console.

Security Patches, Mitigations, and Software Updates

New processors are now blocked from receiving updates on old Windows (Ars Technica) The promised update block is now in effect.

Did Microsoft Drop the Ball on the Word Zero-Day Flaw? (Bank Info Security) The recent fix for a zero-day flaw in Microsoft Office appeared more than five months after Microsoft was privately alerted to the flaw, and followed months of it being exploited via in-the-wild attacks. Can Microsoft do better?

Google Making Life Difficult for Ransomware to Thrive on Android (Threatpost) At the Kaspersky Lab Security Analyst Summit, Android Security Team malware analyst Elena Kovakina explained Google’s strategy for countering ransomware on Android.

Cyber Trends

Cloud adoption and escalating threats accelerate encryption deployments, finds latest Thales Global Encryption Study (Thales) For the first time business unit leaders break through as top encryption strategy influencers

2017 Global Encryption Trends Study | Data Security Issues, Risks, Trends, and Concerns | Thales e-Security (Thales e-Security) Driven by escalating cyberattacks, traditional insider threats, privacy requirements and data residency regulations, enterprises around the world are facing increasing pressures to protect their data and reduce the exposure of their organizations to data related risks.

()

Finally, enterprise-wide encryption strategies increase! (Help Net Security) Enterprises have accelerated adoption of encryption strategies, with 41% saying their organization has an encryption strategy applied across the enterprise.

AI Adds a New Layer to Cyber Risk (Harvard Business Review) A breach can cause massive damage in a matter of seconds.

Of machines and men: AI and the future of cybersecurity (Help Net Security) As the number and complexity of threats and attacks increases, organisations are looking to AI and machine learning to transform their security posture.

Neural networks made easy (TechCrunch) If you’ve dug into any articles on artificial intelligence, you’ve almost certainly run into the term “neural network.” Modeled loosely on the human..

The Trends Increasing Military Network Vulnerabilities (SIGNAL Magazine) SDN, BYOA, VDI. This alphabet soup of technologies complicates U.S. Defense Department networks more than ever.

How computing will change amid challenges to Moore’s Law (TechCrunch) We are in the midst of a true inflection point in computing, and the very way we interface with technology daily is changing.

95% of Organizations Have Employees Seeking to Bypass Security Controls (Dark Reading) Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.

So You Want to Be a Security Rock Star? (Dark Reading) While the thrill of crafting attention-grabbing stunt hacks may seem like the coolest job on earth, what our industry needs more of are strong defenders who can fix things as well as break them.

New Cryptocurrencies Gain Traction, Spark Concern For Law Enforcement (SurfWatch Labs, Inc.) Last month a new ransomware emerged known as “Kirk Ransomware.” The malware was interesting not just because of the Star Trek-themed imagery of James Kirk and Spock that it used, but also because…

Alle 4 Sekunden neue Malware (ChannelPartner von IDG) Im ersten Quartal 2017 erschienen 6.834.443 neue Schadprogramme - gegenüber dem ersten Quartal 2016 ist das eine Steigerung um 73 Prozent, das haben die Security-Forscher von G Data herausgefunden.

Every UK business got hit by cyber-attack 43,000 times in Q1 2017 (IT Pro Portal) Beaming is showing some serious numbers.

Majority of SMEs need to increase cyber security funding (The C-Suite) The vast majority of small to medium sized enterprises (86%) have less than a tenth of their total IT budget allocated to cyber security, while 75% have between zero and two IT security staff members, according to the results of a survey by EiQ Networks.

Marketplace

Elbit's Cyberbit hones military technology for commercial market (Reuters) Israeli defense electronics company Elbit Systems forecasts double-digit growth for its Cyberbit business, which is transforming the technology it has long provided for military intelligence to the fast-growing commercial market. Cyberbit took shape after Elbit's $150 million acquisition of the cyber and intelligence unit of Israel's Nice Systems in 2015, blending Nice's technology designed for law enforcement and intelligence agencies with Elbit's military-focused capabilities.

Mimecast's Enterprise Potential Is Underappreciated (NASDAQ: MIME) (Benzinga) “While Mimecast Ltd (NASDAQ: MIME) came into prominence by providing email solutions to midmarket customers (SMB/SMEs), we believe Mimecast’s growing enterprise...

IBM Does Not Compute Just Yet as a Buy (Real Money) The shares of the tech giant seem fully valued for a story that won't play out until 2019.

West Coast computer science firm headed for Dayton (Dayton Daily News) A Portland computer science company interested in deepening relationships with federal customers and...

Security vendor TrapX targets UK Cisco and Palo Alto Networks partners (CRN) TrapX on the hunt for UK partners as it shifts from direct to channel model

E8 Security's Mission to Transform Security Operations Continues with Industry Veteran Madhukar Govindaraju as Senior Vice President of Engineering (Yahoo! Finance) E8 Security, an innovator of behavioral intelligence for cybersecurity, today announced that Madhukar Govindaraju has joined the company as its Senior Vice President of Engineering. In the newly added ...

SailPoint Names Christopher Schmitt as General Counsel (BusinessWire) SailPoint, the leader in enterprise identity management, today announced the appointment of Christopher Schmitt to the role of General Counsel.

Products, Services, and Solutions

ForeScout Delivers Extended Modules for the Palo Alto Networks Next-­Generation Security Platform (ForeScout) Download PDF Integrated offering provides joint customers with increased visibility and control of traditional and IoT devices on enterprise networks. Wave of devices connecting to enterprise networks increases need for network segmentation. ForeScout’s Extended Modules help enterprises running on multi-vendor network infrastructures reduce the attack surface, dynamically segment resources, detect advanced threats and automate security …

Intercede And Centrify Ditch The Password (PYMNTS.com) Usernames and passwords are shaping up to go the way of the dinosaur, the dodo and parachute pants. But the transition to stronger authentication measures has largely been uneven. For the most part, strong authentication measures have been largely leveraged by governments and a few major financial institutions, said Richard Parris, founder and CEO of Intercede…

Authentic8 Improves Virtual Web Browser with Web Gateway Integration (eWEEK) Security vendor provides new options to automatically trigger secure browser sessions with a disposable browser.

Rapid7 Defines Next-Generation Analytics Platform For Security And IT Professionals - Information Security Buzz (Information Security Buzz) Rapid7 Insight platform is the first cloud-based platform to combine vulnerability management, user behaviour analytics-powered SIEM, IT log analytics, and application security data Evolved platform centralizes operational and security data from the network, endpoints, and the cloud to unify data, accelerate analysis, and reduce cost of ownership Rapid7 introduces two new solutions, on its platform: …

Thycotic Combats Insider Threats by Giving Security Administrators Behavioral Analytics for Privileged Accounts (Yahoo! Finance) Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, today unveiled Privileged Behavior Analytics (PBA). This cloud-based tool gives IT and security professionals the ability to quickly detect security

NTT Security launches worldwide threat intelligence centre (CRN) Security VAR rolls its research and intelligence units into one global entity

Paladion underlines the importance of security analytics for faster detection and response to cyber attacks (IT Business Net) Paladion, a global cyber security provider, in its commitment to enabling enterprises with the right tools to combat today's advanced cyber threats, sponsored a two day cyber security conference organized by MESCON on the 11th and 12th of April 2017 . The conference hosted over 200 plus CISOs from different business

RedOwl Revolutionizes Behavioral Analytics to Secure Enterprises from Insider Risk with New Insider Risk Framework (Yahoo! Finance) RedOwl, the leader in insider risk solutions, today announced the release of the latest version of its Insider Risk Framework, designed to help enterprises quickly deploy and operationalize programs to ...

Wombat Security Enables Employee Benefits Organization to Reduce Phishing Susceptibility by More Than 89% (PRNewswire) Wombat Security Technologies (Wombat), the leading provider of cyber...

Digital Guardian Receives Highest Product Score for Intellectual Property Protection in Gartner’s Critical Capabilities Report for Enterprise Data Loss Prevention (Sys-Con Media) Digital Guardian, a next generation data protection platform purpose built to stop data theft, today announced that Gartner, Inc., has given the company the highest Product Score in Intellectual Property Protection, scoring a 4.11 out of 5 in the April 2017 Critical Capabilities for Enterprise Data Loss Prevention.

Masters Tournament Avoids Hazards With Watson for Cyber Security (Security Intelligence) With the help of Watson for Cyber Security, we rounded off yet another successful year for the Masters, keeping all IT assets running smoothly.

Technologies, Techniques, and Standards

Priorities clash over the call to encrypt the whole internet (Naked Security) What does ‘encrypting the whole internet mean’: can it be done and is it a good idea?

AMC conducts new cyber assessment (Belleville News-Democrat) Air Mobility Command’s Test and Evaluation Squadron conducted a benchmark C-5M Cybersecurity Adversarial Assessment, becoming the first test of this kind conducted on an AMC aircraft, and among the first conducted on any Air Force major weapons system.

Cloud-based single sign-on means access and security everywhere (Help Net Security) You can easily customize your cloud-based single sign-on solution to ensure additional levels of security measures in your organization.

Evolution of security operations from reactionary survival mode to forced sophistication (Help Net Security) The evolution of security operations has moved from reactionary survival mode to forced sophistication, due to a factors outlined in this article.

NCCIC uses automation technology to flip the script on hackers (FederalNewsRadio.com) DHS’s NCCIC is using new automation technologies to flip the script on script kiddies and black hat hackers by getting proactive about cyber defense.

Assuring Crypto-code with Automated Reasoning (InfoQ) Aaron Tomb describes the capabilities and operation of some open source tools that allow developers to conclusively and largely automatically determine whether a low-level cryptographic implementation exactly matches a higher-level mathematical specification. He focusses on work they have done to integrate these tools into the continuous integration system of Amazon's s2n implementation of TLS.

Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth (Dark Reading) If an aggressive, all-out cyberdefense strategy isn't already on your operational technology plan for 2017, it's time to get busy.

Can cybersecurity professionals speak the language of the business? (Infosecurity Magazine) How can cybersecurity professionals translate tech speak to the language of the business?

Design and Innovation

Can NATO Weaponize Memes? (Foreign Policy) There’s a small group of experts calling for NATO governments to throw memes into the fight against online iihadi or pro-Kremlin trolls.

Google joins the efforts to halt the spread of fake news (Naked Security) Tech giants’ efforts to identify dubious stories are helpful, but the onus still lies with users

SHA-1 Encryption Has Been Broken: Now What? (Forbes) In February 2017, Google and CWI announced they had broken SHA-1 encryption. This isn't a surprise: The encryption, used for things like digital signatures, had been susceptible to collisions for years. Companies began slowly phasing out SHA-1 after warning signs of its vulnerability started appearing around 2005.

The 7 worst automation failures (CSO Online) A list of the moments when technology monumentally backfired.

Research and Development

DARPA tasks BAE with workaround to secure the power grid in event of massive attack (Defense Systems) DARPA has awarded BAE an $8.6 million deal to engineer secure alternative wireless networks in the event of attack.

The Large Bitcoin Collider Is Generating Trillions of Keys and Breaking Into Wallets (Motherboard) A quixotic, and slightly dubious, quest.

Legislation, Policy, and Regulation

Outer-Space Hacking a Top Concern for NASA’s Cybersecurity Chief (Bloomberg) NASA scientists glean valuable data about powerful space explosions and the energy of black holes from their Swift and Fermi satellites. The projects were supposed to last a few years. Instead, they’ve survived for more than a decade.

National resilience essential to minimise consequences of shocks: Booz Allen Hamilton (Daily News Egypt) The negative consequences of a major disruptive event can affect up to 20% of a country’s GDP, according to a press release issued by the firm

Vital for Sarawak to establish cyber-security defence system — Abg Johari (BorneoPost Online) Chief Minister Datuk Amar Abang Johari Tun Openg said it is imperative for Sarawak to establish a cyber-security defence system in its quest to develop the state into a digital economy and…

Litigation, Investigation, and Law Enforcement

House Intel Committee Member on Susan Rice Probe: ‘This Is Now a Full-Blown Investigation’ (Washington Free Beacon) The House and Senate Intelligence Committees are expanding their investigations into former National Security Adviser Susan Rice's alleged

British spies were first to spot Trump team's links with Russia (Guardian) Exclusive: GCHQ is said to have alerted US agencies after becoming aware of contacts in 2015

Man arrested after Borussia Dortmund attack 'led Isis unit in Iraq' (Guardian) But prosecutor’s office says there is no evidence so far that Islamic State member played part in attack on football team’s bus

Fifth Person Pleads Guilty in $5 Million ID Theft Case (Dark Reading) A total of five Eastern Europeans were arrested for conspiracy involving cyberattacks and fraudulent purchases.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Tech Fairfax (McLean, Virginia, USA, June 13, 2017) A thought-provoking conference and exhibition on global cyber threats, solutions, innovations and technologies. At Cybertech Fairfax, high-profile speakers and panelists will focus on the global cyber...

Upcoming Events

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

(ISC)2 Cyber Security Congress 2017 (Calgary, Alberta, Canada, April 26, 2017) The aim of the Cyber Security Congress 2017 is to strengthen cyber security leaders by arming them with the knowledge, tools, and expertise to protect their organizations. In April, 2017 over 150 like-minded...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.