skip navigation

More signal. Less noise.

Daily briefing.

The campaign against the Scottish Parliament's email services continues. Defenses are said to be holding firm.

India's National Informatics Centre's flawed eHospital app has exposed Aadhaar numbers to a free Android app, Mygov, whose developer was arrested in late July. Aadhaar is a twelve-digit personally identifying number linked to biometric information; most adult Indians are enrolled in the government program.

Hijacked Chrome extensions are being purged, but malicious software proved surprisingly effective at evading security checks established to catch such attacks routinely. Morphus Labs warns that one of the malicious extensions is particularly active in Brazil, where criminals are phoning marks and telling them to install it as an update to their bank's security module.

Governments turn a cold eye toward foreign-made software and hardware. In the US, Kaspersky remains under (controversial) suspicion over alleged connections with Russian intelligence services. India has told a number of Chinese device manufacturers to give proof of security and appropriate data handling if they expect to continue to do business in the subcontinent. And in Russia the Security Council head warns that widely used foreign software is implicated in longstanding Western plots to destabilize the country. 

The Brown Shirt wannabes of the Daily Stormer find fewer places to operate online, but as always extremism continues to find its outlets. Some vigilantism directed against the unsympathetic Stormer is hitting innocent and sympathetic targets: uninvolved people are being doxed and threatened because someone thought they looked like some guys reenacting Triumph of the Will in Virginia.

Notes.

Today's issue includes events affecting Australia, Brazil, Cayman Islands, China, India, Indonesia, Israel, Japan, Kenya, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.

An approach to SIEM that works for resource-constrained organizations.

When it comes to deploying a SIEM, companies of all sizes face challenges such as budget, time and resource constraints which can seriously delay the time it takes to start detecting threats, and thus, return on investment. This new Executive Brief from Frost and Sullivan provides an overview of how AlienVault's unified approach to security addresses these challenges and provides resource-constrained organizations with an integrated solution for effective threat detection, incident response, and compliance.

In today's podcast, our partners at Terbium Labs are represented by Emily Wilson, who shares her thoughts from Black Hat and what she's seeing with respect to shifting awareness of the dark web. Our guest, Brad Stone of Booz Allen Hamilton, takes us through a new report on NotPetya.

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Cyber Security Conference for Executives (Baltimore, MD, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on the Homewood Campus of Johns Hopkins University. This year’s theme is, “Emerging Global Cyber Threats.” The conference will feature thought leaders across a variety of industries to address current cyber security threats to organizations and how executives can work to better protect their data.

Cyber Attacks, Threats, and Vulnerabilities

Ongoing Holyrood cyber attack fails to breach security (BBC News) A "brute force" cyber attack is ongoing, but has failed to breach security systems at the Scottish Parliament.

North Korean Cyberspies Target US Defense Contractors Following Nuclear Threats (BleepingComputer) The North Korean cyber-espionage group known as the Lazarus Group has been busy hacking US defense contractors, according to a report published on Monday by security research firm Palo Alto Networks.

Latest Aadhaar leak exposes security flaws in app developed by NIC (Hindustan Times) In recent months, websites maintained by NIC have inadvertently published the Aadhaar numbers and financial details of millions of citizens.

Tipping Point: Why have Aadhaar numbers been deactivated? (Business Standard) Unique Identification Authority of India (UIDAI) has deactivated about 8.1 million Aadhaar cards

Russian security chief warns against the use of foreign IT in state sector (RT International) The head of the Security Council of Russia says the use of foreign data technology by state structures could result in the infrastructure servicing the state one day being blocked from the outside.

Exploit leaks are a cyber security game changer, says Kaspersky Lab (ComputerWeekly) Leaked exploits became the game changer of the cyber threat landscape in the second quarter of 2017, say security researchers

Exploit Packages Lead to Five Million Attacks in Q2 (Infosecurity Magazine) Exploit Packages Lead to Five Million Attacks in Q2. Kaspersky Lab claims leaked exploits are causing widespread damage

LG service centers in S.Korea Possibly Hit By WannaCry ransomware (HackRead) LG Electronics' service centers have been targeted by cyber criminals leading to ransomware infecting of its self-service kiosks and blocking it from funct

NotPetya aftermath: Companies lost hundreds of millions (Help Net Security) The NotPetya ransomware attack, which started in Ukraine on June 27 but later spread internationally, has resulted in huge monetary losses for the victims.

Google Chrome under attack: Have you used one of these hijacked extensions? (ZDNet) Recent versions of several Chrome extensions have been compromised to spread malicious ads.

(Banker(GoogleChromeExtension)).targeting("Brazil") (SANS Internet Storm Center) A new day, a new way to steal bank data in Brazil. Scammers are calling and urging victims to install a supposed update of the bank's security module. In fact, it is a malicious extension of Google Chrome capable of capturing the information entered by the user during access to the bank account.

Bank-fraud malware not detected by any AV hosted in Chrome Web Store. Twice (Ars Technica) Extension that surreptitiously steals bank passwords uploaded twice in 17 days.

Eight Chrome Extensions Hijacked to Deliver Malicious Code to 4.8 Million Users (BleepingComputer) Six more developers have had their Chrome extensions hijacked in the past four months, according to new evidence surfaced yesterday by Proofpoint researcher Kafeine.

Were the Kenyan Elections Conducted Successfully? (Foreign Affairs) For the most part, the Kenyan elections showed how digital technology can help to overcome problems of distrust during the voting process.

Doubts over EVM security again as RTI reveals theft of 70 voting machines (Moneycontrol) The Election Commission of India (ECI) has repeatedly claimed that EVMs are unhackable and tamper-proof.

A Deep Flaw in Your Car Lets Hackers Shut Down Safety Features (WIRED) A new wrinkle in auto-hacking research points to a fundamental vulnerability in the CAN protocol cars' innards use to communicate.

Hackers can shut down critical security features in most modern cars: report (TheHill) With physical access to car components, someone could disable any component using the CAN bus network.

HBO Social Media Accounts Hacked (EXCLUSIVE) (Variety) Way to kick HBO while it’s down. As if the Time Warner-owned cable network didn’t have enough problems to worry about with cyberattacks, a notorious hacking group took over the company&…

EV ransomware is targeting WordPress sites (Help Net Security) Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files.

Cerber Fights Anti-Ransomware Tools (Dark Reading) Deception technology is the popular ransomware's latest target.

Vaccine discovered for Cerber ransomware - based on its own evasion (SC Media UK) Hackers try to circumvent anti-ransomware, gives researchers vital clues to combat threat of Cerber

Locky Ransomware Variant Slips Past Some Defenses (Threatpost) Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file.

Security Alert: Locky Adds the .lukitus Extension, Spreads through Waves of Malspam (Heimdal Security Blog) New variant of Locky Ransomware spreads through waves of malspam.

2016 Open-Source Repo Continues to Fuel the PHP Server Ransomware Scene (BleepingComputer) A PHP ransomware project open-sourced on GitHub is still spawning active threats, more than a year after it was released in early 2016.

New pulse wave DDoS method lets attackers hit multiple targets (CSO Online) In a new type of DDoS attack, skilled bad actors use pulse wave DDoS assaults to exploit weaknesses in appliance-first hybrid mitigation solutions and pin down multiple targets.

Websites Selling DDoS Services and Tools on the Rise in China (Dark Reading) Researchers detect an increase in Chinese websites offering online DDoS services within the past six months.

Companies are buying bitcoin to pay off hackers, says top cybersecurity CEO (CNBC) Jim Cramer spoke with CyberArk's Udi Mokady to hear about how companies are getting involved with cryptocurrencies because of cyberattacks.

Maldoc with auto-updated link (SANS Internet Storm Center) Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was the case for my Word 2016 version). If you add links to external resources like URLs, Word will automatically update them without any warning or prompt.

Sarahah app craze continues: 10 things you should know before you start using it (India Today) Sarahah has become the talk of the town. Everyone on social media, be it on Facebook, Twitter, Instagram or Snapchat, is talking about Sarahah, an app that allow users to send anonymous messages to others registered with the app. The key highlight of Sarahah is that it doesn't reveal the identity of the sender of the message at any given cost. This is where Sarahah stands out from other similar applications available on the Play store.

Millions of RDP Endpoints Exposed Online and Ready for Bad Things (BleepingComputer) An Internet-wide scan carried out by security researchers from Rapid7 has discovered over 11 million devices with 3389/TCP ports left open online, of which over 4.1 million are specifically speaking the RDP protocol.

Software maker admits attackers hid backdoor in entire suite of products (Computing) South Korea's NetSarang holds hands up to 'ShadowPad' backdoor hack of its server management products

Supply chain attack inserted backdoor into popular server management software (Graham Cluley) A supply chain attack is believed to have been responsible for surreptitiously inserting a backdoor into widely used server management software.

Internet turns on white supremacists and neo-Nazis with doxing, phishing (Ars Technica) Many fear being outed from photos, but now the real cyber game against “alt-right” begins.

Doxing Is a Perilous Form of Justice—Even When It's Outing Nazis (WIRED) While the extreme right and the far left use different logic to justify their actions, the end result is often the same.

The Ethics of Doxing Nazis on Social Media (Motherboard) The important question is: does any of this help?

Neo Nazi site DailyStormer moves to dark web that's as good as dead (HackRead) On August 14th it was reported that Internet domain registrar and web hosting giant GoDaddy banned the racist and neo-nazi website Daily Stormer from its p

DigitalOcean and Cloudflare ditch neo-Nazi client, The Daily Stormer (TechCrunch) Following the violent far right demonstrations in Charlottesville at the weekend, another two web services companies have terminated their business..

The Daily Stormer’s Last Defender in Tech Just Dropped It (WIRED) Cloudflare pulls the plug on a white supremacist site, after years of declaring neutrality.

CloudFlare CEO says his Daily Stormer takedown was “arbitrary” and “dangerous” (Ars Technica) “I woke up this morning in a bad mood and decided to kick them off the Internet.”

Tech is not winning the battle against white supremacy (TechCrunch) Content warning: This post contains racial slurs, homophobic language and very graphic depictions of racism and violence.  If you were just paying attention..

Web hosting, CDN companies torn as to how to respond to racist websites (Ars Technica) Dreamhost, meanwhile, “will host any website as long as its content is legal.”

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (Motherboard) There’s plenty of appetite for "hacking back," but in many contexts it’s likely illegal for companies to retaliate against cybercriminals.

Black Hats VS Computer Security Companies – an ongoing campaign? (cyberdb.co) In Late July 2017 hackers leaked information from Cybersecurity company - another episode in a historical battle between blackhats and security companies

Becker County website shut down by cyber attack (WDAY) Becker County is under a cyber attack that has taken down its website, disabled its printers and is now slowly corrupting its entire IT network, according to Becker County Administrator Jack Ingstad."Apparently we got the ransom request from whoever's doing it to pay them off,"...

Security Patches, Mitigations, and Software Updates

Google Removes Chrome Extension Used in Banking Fraud (Threatpost) Google has removed the Interface Online Chrome extension. The plugin was used in Brazil to target corporate users with the aim of stealing banking credentials.

Adobe Flash's Final Countdown Has Begun (Threatpost) The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base.

Cyber Trends

On-premises workloads have more security incidents than those in the public cloud (BetaNews) According to a new survey, workloads run on in-house systems suffer 51 percent more security incidents than those on public cloud services.

Insider Threats Loom Large for Security Pros (Dark Reading) Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.

BYOD Drives Prevalence of Insider Threat (Infosecurity Magazine) BYOD Drives Prevalence of Insider Threat. Dtex report claims staff negligence is key cause of breaches

Why Cyber Attacks are Not as Scary as they Sound (Infosecurity Magazine) The truth is that there are already excellent processes and diligent professionals that have kept us safe, and will continue working to keep us safe.

In Search of an Ethical Code for Cybersecurity (Infosecurity Magazine) Ethics plays a big part in many lines of work, but what about information security?

Marketplace

Respond Software Powers The Self-Driving SOC™ (Respond Software) First company to automate analyst decision-making receives $12 million in Series A funding from CRV and Foundation Capital

Codacy, a platform that helps developers check the quality of their code, raises $5.1M (TechCrunch) Codacy, a startup based in Lisbon, Portugal that offers what it calls an "automated code review platform," has raised $5.1 million in Series A funding. EQT..

Digi.me and Personal merge to put you in control of the nascent ‘personal data ecosystem’ (TechCrunch) Digi.me and Personal, two companies that broadly play in the personal data space by offering apps to securely store and share various data about yourself, are..

Claims resurface that Kaspersky helped Russian intelligence (ZDNet) Yes, Kaspersky Lab works with government law enforcement agencies, just like American ones do. The company denies any wrongdoing with its work with Russia's government.

Booz Allen wins $91M Missile Defense cyber contract (Washington Technology) Booz Allen Hamilton wins a five-year, $91.5 million contract for cybersecurity and computer network defense support services to the Missile Defense Agency.

SAIC to support Marine Combat Operations Center in $39M task order (UPI) Science Applications International Corporation will provide engineering services to support the U.S. Marine Corps Combat Operations Center.

Cisco: Looking For A Comeback In Security And Services (Seeking Alpha) Cisco Systems will report fiscal 4Q17 results this Wednesday after the closing bell. Will services and security, key tenets of the investment thesis, engineer a

You Wouldn't Believe the Size of Cisco's Cybersecurity Unit (The Motley Fool) With over $2 billion in annual revenues, Cisco’s cybersecurity business is becoming a threat to smaller stand-alone players.

Cybercompany adds pair of former Mach37 execs to help its growth (Washington Business Journal) Chantilly cybersecurity startup Atomicorp has big plans to boost its profile and raise money — and it has brought on a pair of former Mach37 executives to help.

Former Splunk Executive Pete Sicilia Joins Periscope Data as Vice President, Customer Success (GlobeNewswire News Room) Former VP of data and analytics at Splunk brought on to scale customer success and solutions, accelerate new initiatives including professional services and customer education

Products, Services, and Solutions

Netsparker is now enabling open source projects to secure their application with unlimited web security scans with Netsparker Cloud (Netsparker) Press Release | Open source developers can now obtain unlimited web security scans with Netsparker Cloud web application security scanner.

Top Security Tools of 2017 (CSO Online) Go hands-on with some of the most innovative and useful security tools from today's most important cybersecurity technology categories.

Top 10 Enterprise Encryption Products (eSecurity Planet) Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions.

Eset DESlock: Encryption Product Overview and Analysis (eSecurity Planet) We review Eset DESlock, an enterprise encryption tool that allows remote device wipe and control and ease of management and use.

IBM Guardium Data Encryption: Product Overview and Analysis (eSecurity Planet) We review IBM Guardium Data, which performs encryption and decryption with minimal performance hit and requires no changes to databases, apps or networks.

Ethereum Blockchain Powers Vault One Password Service (eSecurity Planet) Ethereum isn't just for cryptocurrency anymore as a new startup uses the underlying open-source blockchain to help improve password security.

Deloitte Selects Miami Based Unified Technologies Ltd. to Form Cyber Security Alliance Serving the Caribbean (PRNewswire) Unified Technologies, a Pan-Regional IT solutions provider with...

IBM and Sony build secure student data store using blockchain (Computing) The platform will hold student records and learning history.

Enterprises still struggle with password policies (BetaNews) Passwords and their effectiveness is a subject that continues to come under the spotlight, particularly with the publication of a recent United States National Institute for Standards and Technology (NIST) document recommending a move to passphrases.

Technologies, Techniques, and Standards

The Day of Reckoning: Cybercrime's Impact on Brand (Dark Reading) Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.

Organizations Willing to Try Out Longer Passwords, Study Finds (eWEEK) Security awareness vendor KnowBe4 surveyed IT professionals' views on new NIST guidance that advocates the use of longer passwords.

How to spot malicious mobile apps (Help Net Security) RiskIQ researchers advise users on how to spot malicious mobile apps: be on the lookout for 3 suspicious things when evaluating the legitimacy of an app.

Preparedness & Cyber Risk Reduction Part Five C: Operations-Based Exercises (SurfWatch Labs, Inc.) As we continue in our series on Preparedness, and concluding this mini-series on exercises, in the section that follows, we’ll look at different types of operations-based exercises as we continue t…

Israeli firm hacks the hackers, and has advice how to beat them (The Times of Israel) What are cyberattackers looking for, and what do they do when they find it? A report by cybersecurity company Imperva has some answers

The human point: Gaining visibility into the context behind user actions (Help Net Security) Dr. Richard Ford, Chief Scientist at Forcepoint, talks about doing some of the fundamental research around what we call the human point.

What to know before buying AI-based cybersecurity tools (Healthcare IT News) These tools have evolved in maturity, and there are ways to conduct due diligence to get past the hype.

Managing Manufacturing Cybersecurity (Pharmtech) Everyone from IT departments through to manufacturing line personnel should be aware of cybersecurity threats and how to prevent attacks.

Design and Innovation

Apple's biometric identity crisis (CRN Australia) [Comment] Is Apple planning an about-face on its next iPhone’s biometric security?

Bitcoin Is Forking. Again. (Motherboard) In November there will be three versions of the world's most popular cryptocurrency.

Research and Development

NSA Awards Grant to CSU for Cyber Training Tool (MeriTalk) The National Security Agency gave Columbus State University in Georgia a $174,000 grant to develop a cybersecurity training tool.

Academia

RIT named a National Center for Academic Excellence in Cyber Defense Research (EurekAlert!) Rochester Institute of Technology has been nationally recognized for its significant contributions in defending America's cyberspace through computing security research. RIT has been designated as a National Center of Academic Excellence in Cyber Defense Research (CAE-R) through the year 2022.

Teams needed for High School Cyber Challenge (UPMATTERS) Michigan high school students are invited to become cyber warriors this Fall and compete in the second annual Governor’s High School Cyber Challenge.

University of West Florida announces Florida Cyber Range virtual platform (Pensacola News Journal) The UWF Center for Cybersecurity announced the creation of the Florida Cyber Range, an platform that will supply hands-on education and training.

Hacker Halted Security Conference Complimentary for Women through IBM Security Scholarship (PRWeb) To increase female representation in information security, IBM is funding a scholarship that will cover 100% of the entry fees for women to attend EC-Council’s largest annual cyber security conference, Hacker Halted.

Legislation, Policy, and Regulation

21 smartphone makers, a chunk of them Chinese, told to share security info or face action (The Economic Times) The government has given the companies, a large majority of which are Chinese, time till August 28, to revert with the details of processes they follow.

Asian regulators stepping up as cyberattacks increase: Deloitte (The Business Times) AS worries grow over a financial cyber crisis, Asia's regulators are stepping up their efforts to tackle the risks while facing a number of challenges, said a Deloitte report released on Wednesday. Read more at The Business Times.

Defense execs back Trump's move to investigate Chinese theft (InsideDefense.com) In a statement, the chief executive of the National Defense Industrial Association today praised President Trump's new effort to stem Chinese theft of U.S. intellectual property.

Assistant Secretary for Infrastructure Protection: Who Is Christopher Krebs? (AllGov) Krebs joined the George W. Bush administration as a policy adviser to Bob Stephan, then the assistant secretary for infrastructure protection. Krebs helped develop and implement DHS’ Chemical Facility Anti-Terrorism Standards regulatory program. Krebs left government in 2009 to join Dutko Risk Management, a lobbying firm, as a VP in a new division to focus on consulting with governments and businesses on risk-management issues involving threats and disaster recovery.

DHS cyber shop seeks CTO (FCW) A key cyber hub at the National Protection and Programs Directorate is looking for a top tech officer.

Air Force CISO says innovation key to future cyber defense (Defense Systems) According to senior Air Force officials, airmen are encouraged to take an innovative approach to cyber defense.

Army cyber Guard transition ceremony historic moment (DVIDS) The transition of authority between 169 Cyber Protection Team (CPT) and Task Force Echo (TFE), U.S. Army National Guard (ARNG), at the McGill Training Center August 15 was more than just a ceremony – it was a historic and impactful event for the Army cyber enterprise and the Nation.

Litigation, Investigation, and Law Enforcement

Ukraine malware author turns witness in Russian DNC hacking investigation (Ars Technica) “Profexor” turns self in to Ukrainian authorities, assists FBI in DNC hack investigation.

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking (New York Times) For the first time, an actual witness has emerged in the election hacking, and he has been interviewed by the F.B.I.

There's Now At Least One Real, Live Witness In FBI's Election-Hacking Probe (Talking Points Memo) A New York Times report out this morning contains a rare glimpse into the workings of a notorious hacking team that’s been chased by an...

Shady pro-Russia group tries to infiltrate liberal media with conspiracy about DNC hack (ShareBlue) The same group that denied the Syrian dictator gassed his people are now responsible for a report blaming the DNC for an internal leak.

Verizon—Yes, Verizon—Just Stood Up For Your Privacy (WIRED) By fighting against the collection of warrantless location information, Verizon bucks a trend of telecom cooperation with the feds.

When government hides decisions behind software (WIRED) Agencies decline to release information about algorithms used for criminal justice, social welfare, and education.

The Daily Stormer Is Getting Sued for Fabricating a Comedian’s Tweets (Motherboard) Dean Obeidallah, a radio host, comedian, and Daily Beast contributor, is suing the neo-Nazi site for framing him as the perpetrator of the Manchester bombing.

Lawyers clash over an imaged hard drive as Waymo v. Uber hurtles toward trial (Ars Technica) "He was ordered to come clean and did not come clean."

IT Insider Helped Alleged $5m Insider Trading Scheme (Infosecurity Magazine) IT Insider Helped Alleged $5m Insider Trading Scheme. DoJ charges five after bank’s tech consultant pleaded guilty

Secret Service Man Admits Laundering More Stolen Bitcoin (Infosecurity Magazine) Secret Service Man Admits Laundering More Stolen Bitcoin. Shaun Bridges highlights the continued dangers posed by malicious insiders

Negotiating Licenxe and Services Agreements: Part 1 – Limitation of Liability Clauses (Galkin Law) The ins and outs of negotiating a limitation of liability clause for license and services agreements.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.