skip navigation

More signal. Less noise.

Daily briefing.

Even as its core territory in Iraq and Syria shrink to insignificance, ISIS posts a Spanish-language video, promising to reconquer al Andalus, the Iberian Peninsula, lost to the Umma in the Fifteenth Century. Another ISIS inspirational video receiving wide circulation purports to show a ten-year-old American boy threatening President Trump.

ISIS and the Middle Eastern refugee crisis it's helped create have spawned large-scale human trafficking. Some traffickers ("slave-trading gangs," the Times of London calls them) are posting torture images to Facebook in attempts to extort ransom money from their captives' families. 

These posts, and the most recent wave of hacked celebrity pictures, are inducing some observers (UN agencies among them) to ask why tech companies aren't addressing such incidents with the focus and alacrity they brought to booting the loathsome Daily Stormer from their services. Is the outrage selective, the decisions arbitrary, or is the problem simply more complex to admit of easy, principled solutions?

Some criminals, reports Trend Micro, are exploiting online games with malicious Chrome extensions to steal in-game currency. And SentinelOne has discovered that cheats for the popular Counter Strike: Global Offensive game are installing cryptocurrency miners on victim machines.

Unwelcome cryptocurrency miners are being distributed in other ways, too: Netskope Threat Labs has found the Zminer malware hosted in an Amazon S3 bucket.

UK data policy experts think HM Government's Snooper's Charter won't play well with GDPR.

FBI makes an arrest in the OPM breach. More emerges on FSB officers charged with spying for the CIA.

Notes.

Today's issue includes events affecting Australia, China, India, Iraq, Russia, Spain, Syria, United Kingdom, United States.

Best Practices for Applying Threat Intelligence

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

In today's podcast we hear from our partners at Level 3 Communications, as Dale Drew shares threat intelligence on phishing and malware. Our guest, Nicole Eagan, CEO of Darktrace, tells us why her company is all-in on AI, and also shares some reflections on her experience as a woman leading a corporation.

Incident Response 17: IR17 The First Operational Community-Driven Incident Response Conference (Pentagon City, VA, USA, September 11 - 12, 2017) IR17 is open to both commercial and government professionals. Join us to learn tips and best practices from industry leaders. IR17 features 30+ hours of practical training, 36 breakout sessions designed for all levels of experience, and you will leave the conference with a developed incident response plan.

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Dateline Security in the Boardroom

Security in the Boardroom: Technology Change, Risk Management, and Duties of Care (The CyberWire) Given their responsibility for the health of the business, boards of course are deeply involved with risk management: threat, consequence, and vulnerability. As they grapple with cyber risk, they need help arriving at a clear business understanding not only of unfamiliar technologies, but of the cultures those technologies inhabit and affect.

Former DHS Secretary calls for security experts to raise their game (Blasting News) Michael Chertoff tells gathering in Silicon Valley that security community must respect warnings over vote tampering and other threats.

Cyber Attacks, Threats, and Vulnerabilities

We’re coming to take back Spain, Isis video says (Times) Islamic State has issued its first ever video in Spanish, threatening more terrorist attacks and vowing to reconquer al-Andalus for the “caliphate”. Al-Andalus was the name given to the Iberian...

Boy who claims his father was an American soldier warns Trump in disturbing ISIS video (Military Times) An ISIS propaganda video allegedly features a 10-year American boy named Yusuf — who claims his father fought as a U.S. soldier in Iraq — threatening President Trump.

Migrant crisis: Facebook publishes torture used to extort ransom (Times) People smugglers and slave trading gangs are using Facebook to broadcast the abuse and torture of migrants to extort ransom money from their families. Footage that has remained on the social media...

Hacked Celebrity Nudes Show ‘Freedom of Speech’ Is Arbitrarily Defined By Internet Corporations (Motherboard) The same companies that took action against the Daily Stormer are enabling the dissemination of hacked celebrity nude photos.

DreamHost takes a beating after hosting racist Daily Stormer (Ars Technica) The neo-Nazi site has struggled to find a domain registrar.

Ransomworms on the rise: yet another wake up call for the enterprise (SC Media UK) 90% of enterprises still recording exploits for vulnerabilities that are more than 3 years old, and 60% for vulnerabilities more than 10 years old.

Apps allow novices to craft their own Android malware (iTWire) Security firm Symantec says it has discovered a new trojan development kit, an app that enables even those who know little about coding to create Andr...

Malware rains on Google’s Android Oreo parade (Naked Security) It may be summer here in the northern hemisphere, but Android users face a shower of new threats

Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability (BleepingComputer) Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

Emonet: Trojan returns to steal Brits' banking credentials (Inquirer) Trojan 'absorbed NSA exploits' to spread via network security flaws,Security ,Security,trojan,malware

Locky Ransomware Keeps Returning After Repeated Absences (PhishMe) It seems that each time the information security community is ready to declare the Locky ransomware dead and gone, phishing threat actors launch new campaigns with new characteristics.

CS:GO Cheat Delivers Cryptocurrency Miner on MacOS (BleepingComputer) Counter-Strike: Global Offensive (CS:GO) players looking to get a leg up on the competition by using the vHook cheating app for macOS were also infected with a cryptocurrency miner.

OSX.Pwnet.A - CS: GO Hack and Sneaky Miner (SentinelOne) OSX.Pwnet.A - a hack for Counter-Strike: Global Offensive on macOS and a trojan that could mine CryptoCurrencies without user consent.

DDoS Attackers Taking Direct Aim at Gaming Companies, Akamai Reports (eWEEK) Akamai's 2Q17 State of the Internet / Security report reveals new trends in the DDoS and web application attack landscape.

Malicous Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord (TrendLabs Security Intelligence Blog) Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we've noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files).

Are you a student? Your personal data is there for the asking (Naked Security) Your college can – and will – hand over your personal details to anyone who asks, warns a researcher who is calling for better protection for students

Cryptocurrency Wallets Targeted By Attackers (Information Security Buzz) Kyle Lady, Senior R&D Engineer, Duo Security commented below on the story regarding attackers exploiting two-factor authentication by using a phone numbers to gain access to victim’s devices.

Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket (Threatpost) Attackers are using an exploit kit to spread the Zminer executable that downloads a cryptocurrency miner hosted in an Amazon S3 bucket.

Coin mining malware heads to the cloud with Zminer (Netskope) Netskope Threat Research Labs has detected several samples related to a coin miner malware named Zminer. The kill chain begins with the delivery of a drive-by download Zminer executable that...

Neptune EK Still Alive and Well and Driving Malvertising (Infosecurity Magazine) Unfortunately, this indicates a poor patch management posture across the board.

Cyber bank robbers stick up Ethereum owners for$225 million (SF Gate) Here's another reason to be leery of the initial coin offerings being done at a staggering pace in the cryptocurrency world: There's a 1-in-10 chance you'll end up a victim of theft.

Facebook Typosquatting Campaign Harvests User Info (Infosecurity Magazine) Facebook Typosquatting Campaign Harvests User Info. Over 100 brands abused in bid to steal credentials, says DomainTools

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass (KrebsOnSecurity) An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site.

Cyber attack not lone occurrence (The News-Examiner) A cyber attack last week, of the software system used by Franklin County to track its finances, is not the only such occurrence experienced by the county this

Two Weeks Before WannaCry: Surviving a Zero-Day Ransomware Attack (Infosecurity Magazine) There are many factors that can be gained from this experience, not least realizing how capable the attackers were

Cat food shortage after cyber attack hits one of UK's biggest suppliers (Metro) Shortages have been reported across London and the Home Counties.

Security Patches, Mitigations, and Software Updates

Microsoft's Bid to Save PowerShell From Hackers Starts To Pay Off (WIRED) The often-attacked framework finally learns to play defense.

90% of Companies Get Attacked with Three-Year-Old Vulnerabilities (BleepingComputer) A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.

Cyber Trends

You can't even trust your Sysadmins to use complex passwords (SC Media UK) 86 percent of sysadmins use only the most basic username and password authentication to access and protect their main business account on-site.

Security issues of the top and bottom government organizations (Help Net Security) SecurityScorecard released its U.S. State and Federal Government Cybersecurity Report, which showcases the cyber health of the nation's government entities.

Marketplace

7 Tips for Recruiting the Infosec Talent You Need Now (BankInfo Security) Hiring managers will need to get increasingly creative to find talent to fill their vacant information security positions, particularly in a shallow talent pool

Amazon-Backed Scout Soars on ASX Debut (The Bull) Amazon-backed US home security startup Scout Security has made a strong debut on the Australian share market, with its shares climbing 18 per cent on their first day of trading.

Cybersecurity business with SA office up for auction at $10.6M (San Antonio Business Journal) A cybersecurity company with a presence in San Antonio is up for sale to the highest bidder.

Show the proof, or cut it out with the Kaspersky Lab Russia rumors (CSO Online) The United States intelligence agencies have Kaspersky Lab in their crosshairs, but this a case of smoke, but no fire.

Better Buy: FireEye, Inc. vs. Fortinet (Madison) It's been nothing short of a banner year for both FireEye (NASDAQ: FEYE) and Fortinet (NASDAQ: FTNT), with the data security providers' stocks climbing 20% and 25%, respectively, in 2017.

Webroot Announces Significant Growth in Fiscal Year 2017 (Business Insider) Webroot, the market leader in endpoint security, network security, and threat intelligence, announced 15 percent year-over-year bookings growth for its fiscal year ending on June 30, 2017.

CrowdStrike thrives in APAC as it builds out channel & customer relationships (Security Brief) "We are excited to expand our presence in APAC countries and will continue to invest within the region throughout the rest of 2017."

Here’s a way to silence Trump on Twitter: Buy the microblogging service (Ars Technica) White House says it’s a “ridiculous attempt” to silence Trump’s 1st Amendment rights.

Zerodium Offers Half-Million-Dollar Payouts for Secure Messaging Exploits (Infosecurity Magazine) It's looking for fully weaponized 0-days for WhatsApp, Signal, Facebook Messenger, iMessage and others.

SafeBreach Co-Founder, CTO Itzik Kotler Wins Rising Star Leadership Award from SC Media (Marketwired) SafeBreach, the leading provider of Breach and Attack Simulation, announced that company co-founder and CTO Itzik has been named winner of the Rising Star category in the inaugural SC Media Reboot Leadership Awards.

Products, Services, and Solutions

New infosec products of the week​: August 25, 2017 (Help Net Security) Malwarebytes for Android features proprietary anti-ransomware technology Malwarebytes released Malwarebytes for Android, featuring targeted defense against

Thales’s newest advanced data security solutions achieve FIPS 140-2 certification (Thales Security) Thales nShield XC hardware security modules and Vormetric Application Encryption certified to security industry benchmark

Illumio 2.0 takes the complexity out of micro-segmentation (CSO Online) The company's “adaptive security platform” (ASP) helps businesses visualize the flows in a data center.

Telstra steps up cyber security ambitions with new operations centres (Financial Review) Telstra has taken a high-profile step in its bid to establish itself as a significant player in the booming global cyber security market.

Telstra lifts lid on security (The Australian) Telstra has expanded its local cybersecurity footprint with its Sydney security operation centre officially open for business and its Melbourne counterpart ready to come online next month.

Cybersecurity Technology Supplier Claroty Inks Another Large Partnership (Automation World) Schneider Electric and Claroty partner to address industrial control system safety and cybersecurity.

Malwarebytes releases versions for macOS, Android (iTWire) Security vendor Malwarebytes has released versions of its anti-malware software for macOS and Android. The company said Malwarebytes for Mac included...

Kaspersky IoT Scanner wants to secure your smart home (IT Pro Portal) Free download monitors your smart home network, and protects against possible botnet attacks.

ZeroDown® Software joins forces with Fortinet to Deliver Always Available and Always Secure Services for the Cloud (Benzinga) ZeroDown Software announced today that it has joined Fortinet's Technology Alliance Partner program, paving the way for ZeroDown's Multi-Cloud with Business-Continuity services to...

Maryland Cyber Jobs platform takes a skills-based approach to hiring (Technical.ly Baltimore) The Cybersecurity Association of Maryland is partnering with SkillSmart on the new tool.

Atomicorp Releases WAF Rule Set for ModSecurity At No Cost (Benzinga) Atomicorp provides the industry leading ModSecurity Web Application Firewall (WAF) Rules and is now offering a substantial portion at no charge to users. Without Rules,...

Verizon ramps up cloud cybersecurity with Check Point pact (FierceTelecom) Verizon is giving its enterprise customers another option to ensure cloud security by adding Check Point’s software to its growing Virtual Network Services suite.

New ship cyber security program unveiled (Marine Electronics & Communication) Shipowners have another solution to thwart cyber attacks on their vessels and offices after Port-IT launched a new service. The company worked with WatchGuard to create a unified threat management package for maritime.

GoDaddy Launches TrustedSite Certificates with McAfee Integration (Web Host Industry Review) The McAfee seal increases trust and increases online conversions by up to 10 percent, GoDaddy says. Read More

KB Life employs AI to enhance security posture (Enterprise Innovation) As one of the largest Korean insurance companies in the country, KB Life Insurance serves over 400,000 customers across 34 branches offering life, health and critical illness products.

Technologies, Techniques, and Standards

Wanted: Metrics for Measuring Cyber Performance and Effectiveness (GovTechWorks) Intense worries about cybersecurity mean system owners are stacking up cyber tools to help protect their organizations, often duplicating features and capabilities in the process.

GDPR and Information Security Arbitrage (International Policy Digest) The European Union's General Data Protection Regulation, or GDPR, will have far reaching ramifications for the UK and Europe.

GDPR Compliance Preparation: A High-Stakes Guessing Game (Dark Reading) It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.

Prepare for the EU Data Protection Law – Start Here (Heimdal Security Blog) The new EU Data Protection Regulation will come into full effect in May 2018. Here's how to start preparing for it:

How to protect against data breaches and comply with Delaware law (Delaware Business Times) The Better Business Bureau reports that as of June 30 there have already been 2,227 data breaches this year resulting in the theft of more than 6 billion records — exceeding the number for all of 2016.

Germany Has Created the World’s First Ethical Guidelines for Driverless Cars (Motherboard) These robots are going to have to make some tough choices.

The 3 Most Common Misconceptions About Cyber Defense -- 'Culture, Complexity, Commitment' (Forbes) Traditionally, tacticians in war have said, “The best defense is a good offense.” However, that statement couldn’t be farther from the truth when it comes to creating a cyberwar defense strategy.

Enterprise security needs a Mother of Dragons to keep attackers out (CSO Online) Some Game of Thrones defense strategies you can apply to your organization's cybersecurity strategy

Netskope says shadow IT and security can co-exist (iTWire) "The credit card is mightier than the firewall,"  says Netskope's Scott Hogrefe, referencing the ease in which conventional IT departments can be...

Disaster recovery vs. security recovery plans: Why you need separate strategies (CSO Online) Responding to a cyber security incident has its own unique objectives and requires its own recovery plan.

Ransomware: The Tripflare in the Modern Cyberwar (Dark Reading) With the frequency and scale of breaches on the rise, and our legacy security failing to protect us, is ransomware the catalyst we need to trigger improvement in our security postures?

Living in an Assume Breach world (Help Net Security) Watch for enemies within and without, while being ready to respond calmly and totally at a moment’s notice. This is living with the Assume Breach mindset.

Applying proper cloud access control to prevent data exposures (SearchCloudSecurity) A misconfigured Amazon S3 bucket has been behind several recent data exposures. Here's how to set up proper cloud access control.

How Startups Can Source Data To Build Machine Intelligence (Forbes) Data is the fuel of the new AI-based economy.

Using Phishing Intelligence to Reel In Advanced Threats and Protect Corporate Networks (Security Intelligence) By integrating phishing intelligence with an SIEM solution, security analysts can proactively monitor APTs and manage risks related to phishing attacks.

Design and Innovation

qBitcoin: A Way of Making Bitcoin Quantum-Computer Proof? (IEEE Spectrum) Like many other encryption-dependent things, Bitcoin could be vulnerable to hacks by future quantum computers. qBitcoin would use quantum cryptography to keep it safe

This Website Only Works When You’re Offline (Motherboard) Everybody’s gotta log off sometime.

System-of-Systems Approach to Securing the Data Center on Wheels (Infosecurity Magazine) We are rapidly approaching a point in which the automobile will be built around the software, as opposed to the other way around.

General Atomics sheds light on the future of unmanned tech (Defense News) Swarming, automation and an improved version of the MQ-9 Reaper are just some of the technologies where General Atomics is making investments.

Research and Development

A step toward practical quantum encryption over free-space networks (Help Net Security) Researchers have sent a quantum-secured message containing more than one bit of information per photon through the air above a city.

Academia

What Cyberthreats Do Higher Education Institutions Face? (Forbes) It seems there's an endless stream of media coverage on all of the companies that have become been victimized by ransomware attacks. But business isn't the only sector with a target on its back ...

Nominum and CIRA Create (Canada Newswire) CIRA's "Powered by Nominum" D-Zone DNS Firewall protects teachers, students and administrators from ransomware and...

Legislation, Policy, and Regulation

Snoopers’ Charter Could Scupper UK-EU Data Flows: Experts (Infosecurity Magazine) Government releases paper on post-Brexit data transfers, but ignores surveillance apparatus

Protecting Financial Data in Cyberspace: Precedent for Further Progress on Cyber Norms? (Just Security) In terms of norm identification, few issues have proven more problematic than cyber operations targeting data, whether in peace or war. Of particular note are those involving financial data, in large part because of the interdependency of the global financial system.

BIS Implements Wassenaar’s Note 4 Amendment: Accentuate the Positive (ExportLawBlog) Last week the Bureau of Industry and Security published a final rule implementing the changes adopted by the December 2016 Wassenaar Arrangements Plenary meeting.  Most of these changes are the usu…

Cyberattacks, not North Korea, pose greatest security threat (TheHill) OPINION | Targeted cyberattacks by state-sponsored advanced persistent threat (APT) groups and terrorist and criminal non-state actors are being overlooked.

We need digital IDs to beat cyber fraudsters (Times) Identity fraud is a nasty crime, but not a new one. In AD69 at least two contenders for the Roman throne impersonated the missing emperor Nero (who had in fact committed suicide a year earlier)...

Could Offering Spy Secrets To State Officials Help Safeguard Future Elections? (NPR) Congress could arrange for state elections officials to view high-level secrets about potential threats to their elections. First, they need security clearances.

At CIA, a watchful eye on Mike Pompeo, the president’s ardent ally (Washington Post) The director’s tendency to play down Russian interference in the 2016 election is seen as a nod to Trump.

Litigation, Investigation, and Law Enforcement

FSB Agents Arrested for Giving CIA Information About Russian Hackers (BleepingComputer) A Russian television station — TV Rain — claims to have obtained insider information about the arrests of Sergey Mikhailov, a Russian intelligence agent that lead the FSB's Center for Information Security, and Dmitry Dokuchayev, also an FSB agent and Mikhailov's deputy.

FBI arrests Chinese national connected to malware used in OPM data breach (CNN) The FBI has arrested a Chinese national who is facing charges related to the malware used in the 2015 data theft from the Office of Personnel Management computer systems ...

Microsoft Wins Court Approval to Combat Fancybear Hackers (WinBuzzer) Microsoft has won the right to prevent Fancybear hackers from using malicious domains with the company’s name. The trademark

Verizon: US government requests for phone records on the up (Naked Security) Cellphone provider warns that it’s increasingly being asked to provide huge and broad data dumps – such as records of every phone that passed by a given tower

Additional Release of FISA Section 702 Documents (IC on the Record) Today the ODNI, in consultation with the Department of Justice, is releasing additional FISA Section 702 documents.

Some In Congress Don't Get The "Gravity" Of Russian Election Meddling, Former CIA Director Said (BuzzFeed) John Brennan, CIA director under President Barack Obama, also bemoaned a "barrage" of "inaccurate and misleading" news reports. He made these statements in an internal memo to CIA

FBI's Manafort raid included a dozen agents, 'designed to intimidate,' source says (Fox News) The FBI’s July raid on former Trump campaign chairman Paul Manafort's Virginia home lasted 10 hours and involved a dozen federal agents, who seized documents labeled “attorney-client,” according to a source close to the investigation.

DoJ Subject to Strict Oversight in Anti-Trump Site Investigation (Infosecurity Magazine) DoJ Subject to Strict Oversight in Anti-Trump Site Investigation. Judge ruling aims to protect First and Fourth Amendment freedoms

Your personal data is yours & nobody else’s (Economic Times Blog) Raise a toast to nine judges of the Supreme Court (SC) who have said your right to privacy is fundamental, ranking right up there with rights to life and freedom of expression. Privacy as a...

Cybercrimes in Russia Rise Sixfold Over 3 Years – Prosecutor General (Sputnik News) The number of cyber crimes committed in Russian from 2013 to 2016 has gone up by six times, Russian Prosecutor General Yury Chayka said on Thursday.

Report Calls for New Cyber-Police Academy to Boost Skills (Infosecurity Magazine) Report Calls for New Cyber-Police Academy to Boost Skills. Thinktank Reform claims major changes are needed to UK law enforcement

Energy firm slapped with a fine after making 1.5m nuisance calls (Naked Security) Think you’ve opted out of robocalls from marketers? So did the people who complained – and got the offender hit with a fine

Hacked Off (Splash 24/7) Does shipping need to thrash out a new legal framework regarding cyber attacks?

Megaupload execs’ extradition may be at risk after new spying revelations (Ars Technica) GCSB couldn't say more without jeopardizing the national security of New Zealand.

Convicted felon Martin Shkreli finds novel way to be a jerk online (Ars Technica) He has offered to sell a New York Post reporter's domain name for $12,000.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Create and Maintain a Secure Facility: It Takes a Village (Ashburn, Virginia, USA, August 30, 2017) Obtaining and maintaining a facility clearance is a major obstacle faced by government contractors seeking prime contract awards. Hosted by Telos Corporation, a 2017 Cogswell Award winner, this event will...

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and...

Cyber Security Indonesia 2017: Shaping National Capacity for Cyber Security (Jakarta, Indonesia, December 6 - 7, 2017) Cyber Security Indonesia 2017 exhibition and conference, brought to you by the organisers of the Indonesia Infrastructure Week, will bring cyber security solutions providers together with key government...

Upcoming Events

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

DSEI 2017 (London, England, UK, September 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.