skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Sources in East Asia are calling attempted raids on South Korean Bitcoin exchanges a North Korean operation. Pyongyang has a history of turning to online crime to meet its financial needs. This may be the latest instance of such a campaign.

The ransomware that hit NHS Lanarkshire has been identified as "Bit Paymer," a fairly recently discovered strain (samples were posted to Virus Total on July 11th). Bit Paymer is regarded as well-coded malware devised by programmers of some ability. NHS Lanarkshire reports that its operations have largely returned to normal.

Scammers are using fraudulent Hurricane Harvey relief efforts as both con games and phishbait. Some have registered domains to assist their bunco.

Other phishbait being dangled includes convincing but bogus emails from the US Internal Revenue Service. 

Comparitech researchers have found a waterholing come-on boosted by high Google search rankings. If you wish to learn how to "mix/tumble/launder Bitcoin" (and you probably shouldn't), an outfit called Darkwebmarkets will give you a good, concise tutorial in this dubious art. Unfortunately it will also take you to malicious sites that will divest you of your cryptocurrency.

Forcepoint researchers have also found a threat to cryptocurrency owners circulating in the wild, this one an evolved version of the well-known Trickbot banking Trojan.

The Onliner spambot, known for distributing the Ursnif banking Trojan, is found to hold some 711 million email addresses and 80 million SMTP credentials.

The US FDA has approved a firmware patch for St. Jude pacemakers (affecting 465 thousand patients).

Notes.

Today's issue includes events affecting Australia, China, European Union, Iran, Israel, Democratic Peoples Republic of Korea, Mexico, Russia, Ukraine, United Kingdom, United States.

Bank of America needs your cyber security experience.

As one of the world's leading financial institutions, Bank of America has built an extraordinary team of cyber security professionals focused on defending critical financial services infrastructure. That team is growing and needs your experience. Find exciting and rewarding opportunities across the United States for ethical hackers, intrusion analysts, malware analysts, crypto architects and more.

In today's podcast, Robert M. Lee from our partners at Dragos offers some advice on cutting through the security hype. Our guest, Joseph Loomis, talks about incident response and the upcoming IR17 event

We've also got a special edition of the podcast up: this one's on security frameworks, with special attention to the NIST cyber framework.

And you'll want to check out Recorded Future's latest podcast, produced in collaboration with the CyberWire, "Chasing Risky Internet Business," and learn about what to do when IP blocklists are obsolete (as they are).

Incident Response 17: IR17 The First Operational Community-Driven Incident Response Conference (Pentagon City, VA, USA, September 11 - 12, 2017) IR17 is open to both commercial and government professionals. Join us to learn tips and best practices from industry leaders. IR17 features 30+ hours of practical training, 36 breakout sessions designed for all levels of experience, and you will leave the conference with a developed incident response plan.

Cyber Security Summit: New York and Boston (New York, New York, USA, September 15, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, Arbor Networks, CenturyLink and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Cyber Attacks, Threats, and Vulnerabilities

North Korea Accused of Stealing Bitcoin to Bolster Finances (Security Week) North Korea (DPRK) appears to be targeting bitcoin (both users and exchanges) as a means to counter the increasing effect of international sanctions. Earlier this month the UN Security Council unanimously imposed new sanctions targeting the country's primary exports. Dwindling coal exports to China will be particularly severe, and DPRK's export revenues will likely be slashed by $1 billion.

Israeli firm sees the spy agencies behind the sexy images (Times of Israel) Tel Aviv-based ClearSky tells tale of pretty women luring social media friends into networks of deceit in bids to steal data

Scammers Already Taking Advantage of Hurricane Harvey, Registering Domains (SurfWatch Labs) The physical damage from Tropical Storm Harvey is expected to spread further in the coming week as the storm continues to move along the Gulf Coast. At least 10 people in Texas have been killed …

How To Watch Out For Cyber Scams Related To Harvey (Refinery 29) Because cyber scams are common after disasters, the Department of Homeland Security issued a warning Monday to watch out for "malicious cyber activity."

This new strain of ransomware was to blame for hospital cyberattack (ZDNet) NHS Lanarkshire was forced to take systems offline and cancel appointments after being infected with a new variant of ransomware.

Bit Paymer Ransomware Hits Scottish Hospitals (BleepingComputer) Several hospitals part of the NHS Lanarkshire board were hit on Friday by a version of the Bit Paymer ransomware. The infection took root on late Friday, August 25. NHS Lanarkshire officials acknowledged the incident right away.

Petya expands its scope: A global ransomware threat (Trend Micro: Simply Security) One of the first steps in guarding against ransomware infections is remaining in-the-know about emerging threats and attack styles. Now, a new threat has come to the surface: Petya.

IRS Warns of Emails Spreading Ransomware (BleepingComputer) The Internal Revenue Service (IRS) is warning US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware.

Warning: Darknet Markets Bitcoin mixing tutorial is a phishing scam (Comparitech) SCAM ALERT: A popular tutorial on Darknet Markets [dot] org, which appears at the top of Google results for "how to mix bitcoin", contains phishing links.

Trickbot Goes After Cryptocurrency (Forcepoint) Forcepoint Security Labs have encountered an ongoing Trickbot campaign that appears to target crypto-currencies. Trickbot is a banking Trojan that is traditionally known to target financial institutions. Recently, we have observed Trickbot targeting Paypal and expanding its list of target institutions to include those from Nordic countries.

Massive ‘Onliner’ Spambot Holds 711 Million Email Addresses (Infosecurity Magazine) Massive ‘Onliner’ Spambot Holds 711 Million Email Addresses. Huge discovery as researchers investigate banking trojan campaign

Strains of Mutant Malware Increasingly Evading Anti-Virus to Rob Bank Accounts, Says Akouto (Payment Week) An analysis of recent attacks finds a sharp increase in the use of new strains of malware capable of bypassing traditional anti-virus according to cybersecurity experts from Akouto. The majority of the analyzed attacks aimed to harvest confidential information and steal money through online banking fraud. The first sign …

Intel ME controller chip has secret kill switch (Register) Researchers find undocumented accommodation for government customers

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA (BleepingComputer) Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs.

Kaspersky-Russian ties still unclear despite FBI push (SearchSecurity) Alleged Kaspersky-Russian ties haves led the FBI to reportedly attempt to convince private companies to abandon Kaspersky products, but some experts want more proof.

Two Million CeX Customer Accounts Breached (Infosecurity Magazine) Two Million CeX Customer Accounts Breached. UK tech retailer says no financial info was exposed

Researchers Can't Explain Why WAP-Billing Trojans Are Making a Comeback (BleepingComputer) After years of silence, WAP-billing trojans are making a comeback, with four new strains becoming active in the second quarter of 2017, targeting Russia and India primarily.

Shellshock Still in the Crosshairs (Dark Reading) Spike in scans for the flaw spotted en masse in Q2.

USB Malware Implicated in Fileless Attacks (TrendLabs Security Intelligence Blog) In early August we discussed a case where a backdoor (BKDR_ANDROM.ETIN) was being installed filelessly onto a target system using JS_POWMET.DE, a script that abused various legitimate functions. At the time, we did not know how the threat arrived onto the target machine. We speculated that it was either downloaded by users or dropped by other malware.

SAP point-of-sale systems were totally hackable with $25 kit (Register) Researchers able to hijack server and steal card details

Google Removes 300 Android Apps That Hacked Phones For DDoS Attacks (Song Sound Store) Google Removes 300 Android Apps That Hacked Phones For DDoS Attacks http://ift.tt/2wIXarL Google Removes 300 Android Apps That Hacked Phones For DDoS Attacks Recently, a team of researchers from Google, Akamai, CloudFlare, Flashpoint, RiskIQ and other security organizations detected that several delivery networks and content providers were experiencing DDoS attacks from more than 100 of …

Threat Spotlight: Office 365 Account Compromise — the New “Insider Threat” (Barracuda Networks) Microsoft Office 365 has become so ubiquitous—with more than 100 million monthly active subscribers—that it’s almost become part of our identities particularly inside the network with emails circulating internally.

Chasing Risky Internet Business (Recorded Future) Security professionals need to protect their networks from malicious traffic. With IP blocklists becoming obsolete, a more sophisticated approach is needed.

Are you an adrenaline junkie who takes risks with security? (Naked Security) How much of a link is there between risky online behavior and taking care with your security? A researcher has been trying to find out

UK emergency services are unprepared for DDoS mitigation (Computing) Two-fifths of critical infrastructure providers have not completed basic cyber security preparations

Cisco unveils LabVIEW code execution flaw that won't be patched (Help Net Security) Cory Duplantis of Cisco Talos unearthed a LabVIEW code execution flaw which can be triggered by the victim opening a specially crafted VI file.

Security Patches, Mitigations, and Software Updates

FDA Approves Firmware Fix for St Jude Pacemakers (Infosecurity Magazine) FDA Approves Firmware Fix for St Jude Pacemakers. Abbott Laboratories continues security update program

465,000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says (Motherboard) A painful reminder that a future where the internet is in every device—even the most critical one—can be disastrous.

Advantech fixes serious vulns in WebAccess HMI/SCADA software (Help Net Security) Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible.

Google Reminding Admins HTTP Pages Will Be Marked 'Not Secure' in October (Threatpost) Google began sending out notices to site owners this month who haven't yet migrated from HTTP to HTTPS warning them that in October their sites will be marked "NOT SECURE."

Microsoft persuades customers to upgrade to Windows 10, citing increasing security threats (Neowin) Microsoft has published a blog post detailing the threat mitigation techniques available in Windows 10, in order to persuade customers to upgrade to the latest version of the Windows operating system.

Android 7.1.1 Nougat Update Comes To Verizon Moto Z Phones (AndroidHeadlines.com) Verizon’s Moto Z Droid and Moto Z Force Droid phones have started to receive the Android 7.1.1 Nougat update via OTA (over-the-air) along with the July 2017...

Android Oreo for Verizon Pixel Is Out Just Days After Google Release (Wccftech) Android Oreo for Verizon Pixel: Verizon starts rolling out Android 8.0 to its Pixel and Pixel XL just days after Google's official release!

Patching Problems, but is Runtime an Attractive Solution (Infosecurity Magazine) Move security controls to inside the runtime for visibility.

Cyber Trends

The Doyle Report: The One Truth Cybersecurity and Healthcare Have in Common (MSP Mentor) If we were to collectively apply what we already know consistently and thoroughly, we could blunt a great deal of cybercrime says top Verizon researcher.

Your Business Could Have Been a Victim of a Cyber Attack Without You Even Knowing (Entrepreneur) Forty-five percent of small-business owners were unaware that they had been compromised.

Security is important - so why aren't SMBs doing anything about it? (Computing) Two-thirds of mid-sized businesses agree that cyber is a top priority, but the same proportion have no intrusion detection

Online threats lead to real-world harm, say security experts (CNBC) Our lives in the physical world are no longer shielded from online behavior, cybersecurity experts say

The Security Dilemma of Cyberspace: Ancient Logic, New Problems (Lawfare) A review of Ben Buchanan's The Cybersecurity Dilemma: Hacking, Trust and Fear Between Nations (Oxford University Press, 2017).

Marketplace

LookingGlass Cyber Solutions Raises $26.3 Million in Mezzanine Funding Round (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced a capital raise of $26.3 million, comprised of m

SolarWinds MSP Buys Email Security Provider To Build Up Its Threat Intelligence Muscle (CRN) Although SolarWinds MSP has mail antivirus capabilities today, acquiring SpamExperts will provide more robust detection capabilities thanks to their rich threat intelligence engine that it is continuously updating.

Does Symantec’s Acquisition Spree Indicate a Trend in the Security Space? (Market Realist) Strategic acquisitions to boost position in competitive cybersecurity space

Why Symantec Sold Its Web Security Business to DigiCert (Market Realist) Earlier in this series, we discussed Symantec’s (SYMC) acquisition of Fireglass and how it could enhance the company’s Integrated Cyber Defense platform. Along with its fiscal 1Q18 earnings release, on August 2, 2017, Symantec announced that it sold its Website Security business and related PKI (public key infrastructure) assets to DigiCert.

Cisco Systems: When Will It Turn Around? (Seeking Alpha) Cisco posted a quarter of revenue and earnings decline, as the company's transformation is multi-year and ongoing. Guidance is for continued declines in revenue

Finjan Announces Formation of New Subsidiary, Finjan Blue (Investing News Network) Finjan Holdings (NASDAQ:FNJN) has announced that it has formed a new subsidiary, Finjan BLue, a wholly owned subsidiary of Finjan Holdings, that has entere

Finjan (FNJN) Buys IBM Cybersecurity Patents to Monetize (Zacks SCR) Finjan announced that its new wholly owned subsidiary, Finjan Blue (NASDAQ:FNJN), entered into a patent assignment and support agreement with IBM on August 24, 2017. Finjan Blue acquired select IBM patents in the security sector in exchange for $8.5 million cash, with $2.0 million already paid on that date, and $6.5 million to be paid over the

Splunk sees growth opps in security replacement and GDPR (Diginomica) A strong second quarter for Splunk, with cloud, security and GDPR as potentially big growth areas.

Mike Cosgrave: CACI Eyes Opportunities in Cybersecurity Integration for DoD, IC Platforms (GovCon Wire) Mike Cosgrave, senior vice president of the cyber development group...

Trend Micro Announces Mobile Pwn2Own Contest With Prize Pool of Over $500,000 (iClarified) Trend Micro has announced the Zero Day Initiative’s Mobile Pwn2Own contest taking place November 1-2 during the PacSec 2017 Conference in Tokyo, Japan.

Cyberspace security firm decides against tax abatements (The Union-Recorder) A cyberspace security firm with plans to move its operations from Atlanta to Milledgeville has decided against tax abatements from three different local government entities.

ZTE Hires US Official to Deal With US Govt (Light Reading) Chinese vendor recruits US regulatory official to lead dealings with US government in a market that continues to restrict its activities.

Products, Services, and Solutions

AlgoSec Drives Digital Transformation by Aligning Security Management with Business Processes (GlobeNewswire News Room) AlgoSec Security Management Solution v 2017.2 Links Cyber Security Vulnerabilities with Business Processes Subject to PCI-DSS; Extends Device Support for Cisco Firepower and Microsoft Azure

Silent Phone 6.0 Ensures Maximum Workforce Productivity for Enterprise (BusinessWire) Silent Circle today announced the availability of Silent Phone 6.0, reinforcing its leadership position in the Secure Unified Communications market.

Announcing Recorded Future's New Training Program (Recorded Future) Recorded Future is launching a comprehensive threat intelligence training program complete with seminars, workshops, and a certification course.

iOS: ‘Superior mobile platform for business,’ says Accenture (Updated) (Computerworld) Apple’s moral mission to grow the economy just won even more support as Accenture joins the iOS in the enterprise mission.

IBM returns to virtual server data protection (Computing) Spectrum Protect Plus uses VADP as well as blockchain

StorageCraft Introduces Unparalleled $100K Recovery Guarantee (PRNewswire) Today at VMworld 2017 in Las Vegas, StorageCraft®, whose mission is to...

Nok Nok Labs Delivers Frictionless Authentication and Enables Secure Payments to PCs (Business Insider) Nok Nok Labs, an innovator in modern authentication and a founding member of the FIDO (Fast IDentity Online) Alliance, today announced that its NNL™ S3 Authentication Suite (S3 Suite) interoperates on the latest 8th Gen Intel® Core™ processors with Intel® Software Guard Extensions (Intel® SGX) technology.

Microsoft Launches the Security Compliance Toolkit 1.0 (Petri) In this Ask the Admin, Russell Smith explains why SCM was killed off and how the Security Compliance Toolkit stacks up in comparison.

Dashlane Supports U2F on New 8th Gen Intel® Core™ Processors (Business Insider) Today, password manager Dashlane announced a collaboration with Intel for built-in Universal 2nd Factor (U2F) support as part of new 8th Gen Intel® Core™ processors.

Juniper Networks Introduces Contrail Security to Help Enterprises Protect Applications in Any Cloud (Investing News Network) Juniper Networks ( NYSE:JNPR) has announced Juniper Contrail Security, a new security and microsegmentation solution designed to allow enterprises and Soft

Fortinet FortiGate Virtualized Security Available for VMware Cloud on AWS (NASDAQ.com) Provides secure application mobility and consistent policies across enterprise hybrid clouds

LogicMonitor Announces Support for Kubernetes, Becomes the Only End-to-End Monitoring Platform for Kubernetes in a VMware-Powered Infrastructure (Sys-Con Media) LogicMonitor, the leading SaaS-based performance monitoring platform for complex, hybrid IT infrastructure, today announced support for Kubernetes.

Technologies, Techniques, and Standards

Cloud Security Alliance Offers Metrics for Cyber Resiliency (Dark Reading) As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.

Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic (Threatpost) Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices.

Three Ways to Protect Your Supply Chain From Cyber-Attack (Maritime Executive) Threats on cyber security serve as wake-up calls to businesses across industries. When threats or attacks hit close to home,  like the recent

Majority of boroughs unable to meet GDPR 'right to be forgotten' requirements (Computing) Seven out of ten boroughs unable to identify all personally identifiable information, warns M-Files

DMARC should be catnip for email security – why aren’t firms using it? (Naked Security) DMARC isn’t widely adopted despite the protections it offers for email – so what are the problems with it?

Monitoring logons 'the most effective way to detect data breach' (SC Media UK) Monitoring corporate logins described as the most effective way to detect a data breach within an organisation.

When AI and security automation become foolish and dangerous (Help Net Security) When it comes to network security, fully automating the tasks of a security analyst can be a dangerous and foolish decision for a variety of reasons.

Multi-vector Threats are Driving Convergence of Security Operations (PRNewswire) In a recent article released in the "Cyber Security: A Peer-Reviewed...

Multi-vector threats and the argument for greater convergence (Cyber Security) Due to technological innovations and priorities to manage risk at the enterprise level, convergence is occurring between physical and information security functions, responsibilities and missions.

Design and Innovation

Crowdsourced gaming of Google Translate dubs Kim Jong Un “Mr. Squidward” (Ars Technica) User-guided learning opens up opportunity for shenanigans.

Research and Development

New Technology Aims to Avoid GPS Jamming Threats (SIGNAL Magazine) Air Force hopes the new tool will help ground troops bypass GPS-contested environments.

DARPA wants who's who of cyberspace (Fifth Domain) DARPA wants to know who can do what when it comes to cyber research.

Finding Aid to NSA History Collection Declassified (Federation of American Scientists) The National Security Agency has declassified the finding aid for a collection of thousands of historically valuable NSA scientific and technical records that were transferred to the National Archives (NARA) last year.

Academia

Uni degrees have nothing to do with cybersecurity innovation: Malwarebytes founder (CSO) Relying on universities to fill the cybersecurity skills gap will leave companies struggling to fill out their teams, the founder of a global endpoint-security company has warned as he considers new strategies to fill out staff for the company’s new Australian operation.

Training Courses for Aspiring Cybercriminals Put Security Education To Shame (Dark Reading) Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.

Legislation, Policy, and Regulation

US Special Rep to Ukrainian negotiations Kurt Volker: 'The status quo is not good for anybody' (Deutsche Welle) In a DW interview, Kurt Volker pledges that Washington will not strike a separate deal with Moscow over the heads of Europeans and Ukrainians - but says it is good that all agree the current situation must improve.

Government Efforts to Weaken Privacy are Bad for Business and National Security (Infosecurity Magazine) Relaxed security standards will lead to a decrease in demand for American-made products.

Government wants fast resolution to Brexit's EU data-sharing problem (Computing) New paper insists that cutting cross-border data flows would harm the EU as much as the UK

DoD issues rules setting up new pay, personnel system for cyber workforce (FederalNewsRadio.com) The Pentagon's new Cyber Excepted Service will extend the probationary period for new employees to three years.

Several resign from Trump’s cyber advisory council (Fifth Domain) Several members from the National Infrastructure Advisory Council resigned en masse in response to a variety of actions by the president.

Trump cybersecurity advisors resign, painting bleak picture of US cyber preparedness (TechRepublic) Several members of the National Infrastructure Advisory Council resigned last week, and that should make us all concerned for the state of US cyber attack preparedness.

Tillerson moves to close State cyber office (TheHill) Letter outlines reorganization proposal for department.

Today is your last chance to comment on the proposal to kill net neutrality (TechCrunch) With more than 20 million comments, the FCC's inaptly named "Restoring Internet Freedom" proposal to gut net neutrality rules as we know them, is the most..

Litigation, Investigation, and Law Enforcement

Mexican Governor Spied on President With Hacking Team Spyware, Lawsuit Alleges (Motherboard) A former intelligence officer brings to light yet more evidence of surveillance abuses in Mexico.

Cyber experts were blocked in their push to patch voting systems in 2016 (Miami Herald) Cybersecurity experts on a federally-supervised team, fearing a Russian attack, scrambled last summer to draft guidelines for state and local election officials to patch the most obvious vulnerabilities in the nation’s voting systems. Their recommendations were blocked, and still aren’t out.

Robert Mueller's team subpoenas Paul Manafort's former lawyer, spokesman (Washington Examiner) The federal investigators requested documents and testimony from Akin Gump attorney Melissa Laurenza, who represented Manafort until recentl...

Donald Trump Jr. set to testify before Senate Judiciary panel (POLITICO) The committee recently set a date to privately question the president’s eldest son about his meeting with a Kremlin-linked lawyer.

Jeff Sessions could testify before Senate Judiciary Committee as early as September (Washington Examiner) Sessions' appearance before the Senate Judiciary Committee would come amid numerous congressional and Justice Department investigations.

Facial recognition: how many rogue drivers has it stopped in New York? (Naked Security) The city says it’s arrested more than 4,000 people thanks to facial recognition – but the technology and its implementation remain problematic

In the Trenches of Trump’s Leak War (The Hive) How the administration has changed the game between investigative reporters and their government sources.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

cybergamut Tech Tuesday: The Scary Truth About Online Anonymity (Elkridge, Maryland, USA, September 5, 2017) In this presentation, Zuly Gonzalez of Light Point Security explores the various tools used for anonymous web browsing, the type of information that can be leaked during your online research to reveal...

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity...

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their...

Upcoming Events

Create and Maintain a Secure Facility: It Takes a Village (Ashburn, Virginia, USA, August 30, 2017) Obtaining and maintaining a facility clearance is a major obstacle faced by government contractors seeking prime contract awards. Hosted by Telos Corporation, a 2017 Cogswell Award winner, this event will...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

DSEI 2017 (London, England, UK, September 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.