skip navigation

More signal. Less noise.

Daily briefing.

Research Saturday, coming from the CyberWire this September

Our understanding of risks and our ability to secure ourselves in cyberspace come from the exacting work of researchers all over the world. Beginning this September 9th, we’ll talk to those researchers who are unpacking the threats and vulnerabilities, and who are making the fixes and building the defenses we depend upon. We’ll hear from the experts in industry and academia who are working on the hard problems of security in a rapidly evolving technological, policy, business, and social landscape. Watch our site for this new weekly podcast.

As ISIS sees its physical caliphate shrink to territorial insignificance, it steps up activity in cyberspace. Such activity remains largely inspiration—information operations, marketing in battledress—as opposed to hacking properly so-called. Ability to summon the disaffected to acts of terror, recently on display in Barcelona, seems undiminished.

Worries about maritime hacking continue. The recent collision between the destroyer USS John S. McCain and the merchant tanker Alnic MC in the Straits of Malacca has aroused speculation that shipboard navigational and safety systems might have been deliberately interfered with. Such suspicions are based, it's important to note, on a priori possibility overlaid with what observers are calling an unusually high rate of collisions involving the US Navy. (Observers are also recalling the June 22nd incident in which Russian operators engaged in GPS spoofing affecting ships in the Black Sea.) The US Navy is investigating, and undertaking an immediate review of seamanship throughout the fleet.

Another misconfigured Amazon S3 bucket has exposed its data. This time the affected business is hospitality booker Groupize.

"Mr. Smith," ransom still unpaid by HBO, is threatening to release the season finale of Game of Thrones.

Britain's National Health Service has sustained a breach in its SwiftQueue appointment service. The hacker (hackers?) claiming responsibility represents himself (herself? themselves?) as performing a public service, exposing security flaws. The incident is under investigation.

Google has pulled about 500 apps from its Play store. They contained compromised versions of development kit Igexin that effectively installed a backdoor for spyware.

Notes.

Today's issue includes events affecting Australia, China, Denmark, Russia, Saudi Arabia, Spain, United Kingdom, United States, and Vietnam.

A note to our readers: we'll be in Palo Alto tomorrow, attending the Chertoff Group's Security in the Boardroom conference. We'll have special coverage out later this week.

Best Practices for Applying Threat Intelligence

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

In today's podcast we hear from our partners at the Maryland Cybersecurity Center at the University of Maryland. If you've wondered about how you could distinguish actual expertise from the merest charlatanism, especially when it's expertise you don't have, you could of course read Plato's Charmides. Or you could listen to  Jonathan Katz, the Maryland Cybersecurity Center's Director, who'll explain how to tell fact from FUD, science from shinola.

We have a guest, too: Dan Larson from CrowdStrike, who will talk us through incident response for zero-days.

You'll also be interested in Recorded Future's latest podcast, produced in partnership with the CyberWire. This week's edition is an overview of Russian policy in historical context, and how that's shaped tensions with the US in cyberspace. Download "Russia Revisited: How Did We Get Here?" and listen to this timely discussion.

Security In the Boardroom (Palo Alto, CA, USA, August 23, 2017) Cybersecurity is a boardroom topic in nearly every organization. For many boards, security has evolved from a technical risk to a top business risk. Cybersecurity is also a growth opportunity. Proper integration of security and privacy concerns can drive far more effective digital transformation efforts. However, the mystique around cybersecurity can prevent board members and management from improving their cyber fluency and driving required improvements. Please join The Chertoff Group for our Security in the Boardroom event where we will demystify cybersecurity technology and policy issues while providing practical tools that board members and management can use to improve their resiliency to cyber risk and drive competitive advantage.

Incident Response 17: IR17 The First Operational Community-Driven Incident Response Conference (Pentagon City, VA, USA, September 11 - 12, 2017) IR17 is open to both commercial and government professionals. Join us to learn tips and best practices from industry leaders. IR17 features 30+ hours of practical training, 36 breakout sessions designed for all levels of experience, and you will leave the conference with a developed incident response plan.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Cyber Attacks, Threats, and Vulnerabilities

ISIS’s propaganda machine is thriving as the physical caliphate fades (Washington Post) Barcelona attack showcases the power of the ‘virtual’ caliphate to drive terrorism abroad.

Hacking May Have Caused USS John S McCain’s Collision, Say Cyber Experts (International Business Times) Cyber experts said countries like Russia and China might have the capability to launch cyber attacks on warships.

US Navy collisions stoke cyber threat concerns (Tribune Washington Bureau via MSN) The Pentagon won’t yet say how the USS John S. McCain was rammed by an oil tanker near Singapore, but red flags are flying as the Navy’s decades-old reliance on electronic guidance systems increasing looks like another target of cyberattack.

The USS John S. McCain’s Crash Only Seems Familiar (WIRED) The collision with a tanker happened in one of the world's most congested waterways.

The cyber risk for ships (Insurance Business) Security industry says marine sector is too complacent

NotPetya highlights cyber risk in shipping industry (ComputerWeekly) Malware attack has shown that the shipping industry is vulnerable to cyber attacks, with Danish shipping giant Maersk reporting potential cost of up to $300m.

Stuxnet explained: How code can destroy machinery and stop (or start) a war (CSO Online) Stuxnet is an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. Its purpose was not just to infect PCs but to cause real-world physical effects. Specifically, it targets centrifuges used to produce the enriched uranium that powers nuclear weapons and reactors.

New Research Sheds Light on the Mirai Botnet (eSecurity Planet) USENIX paper on Understanding the Mirai Botnet provides seven months of data insights into the IoT botnet.

Understanding the Mirai Botnet (USENIX) The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks

Meeting and Hotel Booking Provider's Data Found in Public Amazon S3 Bucket (Threatpost) Data belonging to meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has been locked down.

HBO hackers threaten to leak Game of Thrones' season finale (HackRead) The nightmare for Home Box Office (HBO) is not over yet as Mr.Smith, the hacker or group of hackers who breached and stole a trove of data from Network is

Spyware backdoor prompts Google to pull 500 apps with >100m downloads (Ars Technica) Google killed secret plugin download capability after being alerted by researchers.

Locky ransomware's 'rebirth' puts everyone at risk once again (Security Brief) The Locky ransomware is back and using social engineering in another round of email-based attacks on tens of thousands of users.

Phishing Site Spotted Hosted on .Fish Domain (Infosecurity Magazine) Phishing Site Spotted Hosted on .Fish Domain. Netcraft discovers phishy goings on at the gTLD

Phishing Activity: August 21, 2017 (LookingGlass Cyber Solutions Inc.) Our weekly phishing activity report offers a snapshot into weekly trends of the top industries targeted by phishing attacks, August 21, 2017.

Spam Distribution Follows a Regular Workweek, IBM Reports (eWEEK) New research from IBM X-Force finds that Tuesday is the most popular day of the week for spam as spammers work a regular workweek.

Watch Hackers Hijack Three Robots for Spying and Sabotage (WIRED) An early taste of the hacked robot uprising.

Hacked robots can be a deadly insider threat (Help Net Security) Researchers have probed the security of a number of humanoid home and business robots as well industrial collaborative robots, and have found it wanting.

How to Hack a Robot (Dark Reading) Forget 'killer robots:' researchers demonstrate how collaborative robots, or 'cobots,' can be hacked and dangerous.

Industrial Cobots Might Be The Next Big IoT Security Mess (Threatpost) Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Experts Warn Bots Could Herald Third Revolution in Warfare (Infosecurity Magazine) Experts Warn Bots Could Herald Third Revolution in Warfare. IOActive research has already revealed robots as new insider threat

Killer robots are coming, and Elon Musk is worried (Ars Technica) Technology leaders warn autonomous drones could become "weapons of terror."

ACCC warns of fake NBN scammers (CRN Australia) $28,000 already stolen this year.

Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly (TrendLabs Security Intelligence Blog) Fileless malware can be a difficult threat analyze and detect. It shouldn’t be a surprise that an increasing number of new malware threats are fileless, as threat actors use this technique to make both detection and forensic investigation more difficult. We recently found a new cryptocurrency miner (which we detect as TROJ64_COINMINER.QO) that uses this particular technique as well.

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit (FireEye) Hiking advertisements are directing users to the Neptune Exploit Kit and ultimately a Monero miner infection as part of a new malvertising campaign.

Ethereum's Biggest Hacking Problem Is Human Greed (Motherboard) The "world computer" has a people problem.

Foxit acknowledges zero-days in its PDF software, but no patches yet (Security Brief) Foxit will not be issuing a patch for the two vulnerabilities. It instead released a statement that encourages users to use “Safe Reading Mode”.

Two zero-day vulnerabilities disclosed after Foxit refuses to patch PDF Reader (Graham Cluley) Researchers have disclosed two zero-day vulnerabilities affecting Foxit's PDF Reader after the vendor revealed it has no plans to fix the security flaws.

Fujitsu suffers "major incident" at Sydney data centre (CRN Australia) Recovery efforts continue after SAN failure.

Data on 1.2 million NHS patients stolen, claims hacker (Computing) Contractor at the centre of the claims says it didn't hold that much data

NHS 1.2 million patient name database hacked 'to expose weaknesses' (SC Media UK) The NHS has suffered a data breach in its SwiftQueue appointment booking system whose database contains confidential records on up to 1.2 million

Not violating India's privacy laws, user data fully safe: Oppo (The Economic Times) Oppo is the first company to officially comment after the government asked all handset makers that sell phones in India to share the security protocols they follow to secure mobile phones.

‘If I don’t receive my Bitcoins I’ll send video’ (NewsComAu) Sophisticated email scammers are targeting Australians with pornography and adult dating links which are then followed up with extortion attempts in an aggressive new form of attack.

N**e photos of Anne Hathaway leaked online by hackers (Graham Cluley) Hollywood actress Anne Hathaway is just the latest in a long line of celebrities who have found their intimate snaps exposed online by hackers.

What if All Your Secrets Went Public? (WIRED) A work of fiction by Joshua Cohen explores the consequences of the worst data breach imaginable.

Security Patches, Mitigations, and Software Updates

Chrome Adds Warning for When Extensions Take Over Your Internet Connection (BleepingComputer) Google engineers have added two neat features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page.

Fuze Patches TPN Handset Vulnerabilties (Threatpost) VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.

Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya (ZDNet) Despite warnings and international cyber-incidents, too many organisations still aren't bothering to apply security patches, a report has warned.

Cyber Trends

‘Gloomy times ahead’ for security on critical infrastructure, warn experts (Naked Security) NIST is raising awareness that security through obscurity has become a thing of the past – but are we doing enough to protect infrastructure such as dams and power plants?

Fortify Networks Now Against the Coming Internet of Things Tsunami (SIGNAL Magazine) Amid the Internet of Things hoopla, serious cybersecurity risks cannot be ignored.

Cassandra coefficient and ICS cyber – is this why the system is broken (Control Global) Chapter 9 of Richard Clarke and R.P. Eddy’s book, Warning – Finding Cassandras to Stop Catastrophes, is defining the “Casandra Coefficient”. In reading the chapter, many of the issues that have prevented industry from adequately addressing ICS cyber security becomes evident.

DDoS Attacks on the Rise Again: Akamai (Infosecurity Magazine) DDoS Attacks on the Rise Again: Akamai. Second quarter sees 28% uptick as commoditisation of DDoS continues

Fortinet Threat Landscape Report Reveals Poor Security Hygiene and Risky Applications Enable Destructive Cyberattacks to Spread Infection at Record Pace (GlobeNewswire News Room) Cybercriminals Are Exploiting Known Vulnerabilities and Maximizing Impact With a Hybrid Threat Known as Ransomworms

Cybercrime Losses Continue to Mount (Multichannel News) Reported losses since 2012 total $4.63B, FBI says

Your Handy Guide to the Many Tech Anxieties of Our Time (WIRED) Tech is ruthlessly efficient, endlessly entertaining—and completely panic-inducing.

Marketplace

The Pitfalls of Cyber Insurance (Dark Reading) Cyber insurance is 'promising' but it won't totally protect your company against hacks.

eSentire Announces Growth Equity Investment from Warburg Pincus (PRNewswire) Investment to accelerate growth for leading Managed Detection and Response (MDR) firm

Verisk Analytics to Acquire Sequel (NASDAQ.com) Verisk Analytics, Inc. (Nasdaq:VRSK), a leading data analytics provider, has signed a definitive agreement to acquire Sequel from HgCapital and other Sequel shareholders. Sequel is a leading insurance and reinsurance software specialist based in London.

Aussie cyber security start-up TokenOne heads to US to kill passwords (Financial Review) Local security start-up TokenOne has become the first Australian business to be selected to take part in a consortium of major US cyber firms.

Cybersecurity Firm root9B's Assets Up for Sale (Dark Reading) Move to foreclose comes after company defaulted on repayment terms for over $10.7 millions in loans it owes creditors.

3 Cybersecurity Stocks to Buy Now (Fortune) These cybersecurity companies are cashing in on the scramble to fight hackers. We suggest buying their stocks.

What The Market Is Missing About Cisco (Seeking Alpha) Cisco has established itself as a long-term dividend stock with regular dividend increases. The company is undergoing a dual business transformation: from hardw

Buy General Dynamics Cautiously (Seeking Alpha) General Dynamics is headed to Overvalued and will struggle to meet sales revenue targets in the coming years because of government budget limitations and milita

Zix: Protecting Against Downside (Seeking Alpha) Zix has seen some of the highest amounts of growth in its industry at 10% and is the leader in its area. A strong balance sheet will help Zix carry out addition

New CSO, CISO appointments (CSO Online) Find up-to-date news of CSO, CISO and other senior security executive appointments.

CEO Spotlight: Fortinet’s Ken Xie (Born2Invest) Get to know Fortinet's CEO Ken Xie and what keeps him going.

Learning from success: Brian Honan's infosec journey (Help Net Security) Learn about the infosec journey of CEO Brian Honan, founder of Ireland's first Computer Emergency Response Team and Special Advisor to Europol EC3.

Sophos' Kendra Krause On What Women Bring To The Table In Tech (CRN) At the 2017 XChange Conference, CRNtv spoke with Kendra Krause, VP of Global Channels at Sophos, about what sets women apart in the high tech workplace, and why they should be valued in the industry.

Zscaler appoints Dilshan Sivalingam as first Australian and New Zealand channel manager (CRN Australia) Dilshan Sivalingam joins with more than 18 years of industry experience.

ForeScout hires country manager and regional VP from Palo Alto Networks (CRN Australia) Nabs new country manager and VP.

Products, Services, and Solutions

Baxter Strikes With Matchlight for Dark Web Monitoring, Fraud Detection (Credit Union Times) Dark web monitoring and detection is on the radar for credit unions as concerns grow over data protection.

Skyhigh Networks Unveils Integration with Cisco Spark to Secure and Manage Collaboration in the Cloud (BusinessWire) Skyhigh Networks, the world’s leading Cloud Access Security Broker (CASB), today announced Skyhigh for Cisco Spark, a comprehensive security and

ScienceLogic Announces Technical Services Partner Program (ScienceLogic) ScienceLogic, the leader in hybrid IT service assurance, today announced a new Technical Services Partner Program as part of its overall ChannelLogic partner initiative. The program provides development and enablement for partners who provide technical services to their clients. It also provides system integrators and cloud service providers another entrée into the $24 billion cloud …

Kensington’s New SecureBack Rugged Case for Square Reader Safeguards the iPad in a Mobile Point-of-Sale Environment (Kensington) Users can “protect while they accept,” giving them greater confidence in their POS system, and less worry about possible damage when moving about.

Network forensics tool NetworkMiner 2.2 released (Help Net Security) The NetworkMiner forensics tool has reached version 2.2. It can parse pcap files as well as perform live sniffing of network traffic.

Cisco Systems (CSCO) Reports Four Breakthroughs in Security, Compliance, and Analytics (Street Insider) Cisco (NASDAQ: CSCO) understands the importance of security, compliance, and analytics. We infuse this thinking into everything we do.

Check Point's latest threat research taken from data you can see in real time (Security Brief) Check Point has taken the latest results from its Cyber Attack Trends: Mid Year Report from data that viewers can see happening in real time.

8 top cyber-attack maps and how to use them (CSO Online) Cyber-attack maps can be fun to look at, but are they useful? As usual, when it comes to security context is key, so CSO looked at eight of the web's most popular cyber-attack maps. While the maps themselves are mostly eye candy with limited context, there are some creative ways they can be used.

Technologies, Techniques, and Standards

The Intelligence Community’s Top 3 Cybersecurity Priorities (FedTech) Automated data sharing, greater coordination and more realistic training for cyberincidents can help intelligence agencies respond better, an IC official says.

Defang all the things! (SANS Internet Storm Center) Today, I would like to promote a best practice via a small Python module that is very helpful when you’re dealing with suspicious or malicious URLs.

Using Machines to Understand When Normal isn't Normal (Infosecurity Magazine) Is AI a means to make the incident responder’s job a lot easier?

The Role of CISO in the Face of the GDPR (Infosecurity Magazine) GDPR will create a lot of work in a short time, and the CISO will need help from the whole corporation.

The $500 gizmo that cracks iPhone passcodes – and how to stop it (Naked Security) A gizmo that can work out an iPhone’s passcode sounds pretty scary – but just how much of a risk is it?

Hospitals must band together to beat hackers (Healthcare IT News) Security frameworks and threat intelligence sharing already exist that hospitals can put to work to defeat cybercriminals.

Design and Innovation

Facebook Awards $100K to Researchers for Credential Spearphishing Detection Method (Threatpost) Researchers who identified a real-time way to detect credential spearphishing attacks in enterprise settings won $100,000 from Facebook last week.

Ford outlines plan to build self-driving cars at scale to deploy with partners (TechCrunch) Ford's autonomous driving vision includes fleet manufacturing, and then deploying vehicles at scale with partners working in commercial service areas like..

3 Ways Blockchain Is Revolutionizing Cybersecurity (Forbes) The second quarter of 2017 was a wild one for blockchain companies and investors, with nearly 60 initial coin offerings (ICOs) closed in the quarter for more than $750 million, and it looks like this is just the beginning. It seems that blockchain is about to have an impact on nearly every industry.

IBM, Kroger, Walmart and others team up to improve food safety with blockchains (TechCrunch) IBM today announced that it is working with a consortium that includes Dole, Golden State Foods, Kroger, McCormick and Company, Nestlé, Tyson Foods,..

Cryptocurrency Mining: What It Is, How It Works And Who's Making Money Off It (Benzinga) NVIDIA Corporation (NASDAQ: NVDA)'s second-quarter earnings released earlier this month, though exceeding expectations, elicited cautionary reaction from the investor as well as...

I Tried Being BFFs With an AI (Motherboard) For a week, at least.

Academia

Stand up to cybercrime with a cybersecurity degree (Alamogordo Daily News) Cybersecurity program is now offered at Eastern New Mexico University

Bellevue University Competes in 'ASTORS' Homeland Security Awards (American Security Today) The winner of last year’s 2016 ‘ASTORS’ Homeland Security Awards Program Gold Award for the Best Homeland Security Education Program from American Security Today, has continued to set the pace. International and domestic security threats are rapidly evolving resulting in a variety of risks and vulnerabilities for citizens and organizations. This reality has resulted in rapid …

Legislation, Policy, and Regulation

Russia Revisited: How Did We Get Here? (Recorded Future) In this episode we take a closer look at Russia. What’s the historical context for its cybersecurity strategy and what are our options for dealing with it?

Vietnam looks to bolster its internet censorship (Southeast Asia Globe Magazine) Cybersecurity concerns remain amid Communist Party’s muzzling of free speech

Concerns ignored as Home Office pushes ahead with facial recognition (Naked Security) Picking faces out of a crowd using software is unreliable and fraught with problems – whichever side of the pond you’re on

Return to sender: military will send malware right back to you (Naked Security) ‘The threat could be a large nation-state or a 12-year-old’ – so is weaponizing malware and sending it back the right tactic?

How confident is your agency in the security of the IT it’s buying? (FederalNewsRadio.com) The Committee on National Security Systems released a new supply chain risk management policy in late July.

Litigation, Investigation, and Law Enforcement

Spanish police link 120 gas canisters to suspected terrorist plot (Deutsche Welle) Police suspect jihadis had planned to load three vans with gas to carry out far deadlier attacks than the ones that occurred this week. Authorities are still searching for a 22-year-old Moroccan suspect.

Barcelona attack: Las Ramblas killer Younes Abouyaaqoub shot dead after discovery in vineyard (Times) The man suspected of killing 13 people by driving a van into crowds on Las Ramblas was shot dead by police yesterday as he yelled Allahu akbar while wearing a fake explosives vest. Younes...

U.K. to prosecute online hate crime as seriously as offline hate crime (CSO Online) The U.K. is cracking down on hate crime that is committed online, telling prosecutors to treat online hate crime the same as hate crime committed offline.

Lawsuit against Daily Stormer is stuck; founder can’t be served papers (Ars Technica) They visited seven known addresses, but couldn't find Andrew Anglin.

Danish FM admits to selling mass-surveillance technology to Saudi Arabia, UAE despite human rights concerns (alaraby) Denmark's foreign minister has for the first time acknowledged that...

Peter King: Police surveillance necessary to avoid terrorist attacks 'whether or not that's politically correct' (Washington Examiner) The New York Republican said that strategy was the only way to mitigate terror threats.

Suspect Raising Money for IS Granted Bail in Pakistan (VOA) Release raises concern that fund raising activities will continue

After years of investigation, feds bust one of AlphaBay’s largest drug rings (Ars Technica) Suspect got this text: “Rule 101 in drug dealing... don’t be so f***ing mean to people.”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.