skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

WikiLeaks' site has been attacked and defaced by OurMine, the Saudi-based hackers whose public stance is that they're grey hat pentesters, freelancing into vulnerable sites for the general good. This time, however, the defacement indicates it's personal, an instance of long festering bad blood between OurMine and WikiLeaks.

It's about time for more documents to emerge from WikiLeaks' Vault7, but as of this writing, there's nothing yet.

ESET researchers have more on Turla, the Russian cyberespionage campaign that's returned this summer to prospect diplomatic and defense industry targets in Europe, the Middle East, and South America. ESET has determined that the threat group uses a second backdoor, "Gazer," in addition to the ones familiar from Turla's WhiteBear toolkit.

Insecure APIs trouble Instagram (some high-profile accounts have been compromised) and the US Federal Communications Commission (where jokers probably dissatisfied with how net neutrality regulations are playing out have installed Rick and Morty gifs).

Twitter bots are serving information operations, amplifying some voices and pushing some memes, and intimidating those their masters aren't influencing.

Add House of Cards to the list of television hacks, alongside Game of Thrones. Some of the show's scripts and other production information have been compromised, but this appears to be inadvertent exposure as opposed to focused criminal attack.

In patching news, a cross-site scripting flaw in the Woocommerce WordPress plugin has been fixed. Siemens patches LOGO, and patients with St. Jude pacemakers are advised to see their doctor for a firmware update.

Special counsel's election-hacking inquiry continues.

Notes.

Today's issue includes events affecting Australia, China, Germany, Pakistan, Russia, United Kingdom, United States.

A note to our readers: Cylance's interview with Dr. Jessica Barker (produced in partnership with the CyberWire) is up. From the perspective of her background in sociology and civic design, Dr. Barker discusses the human side of cybersecurity.

Bank of America needs your cyber security experience.

As one of the world's leading financial institutions, Bank of America has built an extraordinary team of cyber security professionals focused on defending critical financial services infrastructure. That team is growing and needs your experience. Find exciting and rewarding opportunities across the United States for ethical hackers, intrusion analysts, malware analysts, crypto architects and more.

In today's podcast we hear from our partners at Terbium Labs, as Emily Wilson shares her thoughts on dark web souk Alpha Bay's closure. Our guest is Mike Kearney from Deloitte, who talks with us about predictive reputation protection.

Incident Response 17: IR17 The First Operational Community-Driven Incident Response Conference (Pentagon City, VA, USA, September 11 - 12, 2017) IR17 is open to both commercial and government professionals. Join us to learn tips and best practices from industry leaders. IR17 features 30+ hours of practical training, 36 breakout sessions designed for all levels of experience, and you will leave the conference with a developed incident response plan.

Cyber Security Summit: New York and Boston (New York, New York, USA, September 15, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Darktrace, Arbor Networks, CenturyLink and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

3rd European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) CYBERSEC is a unique Europe-wide, annual public policy conference dedicated to strategic aspects of cybersecurity. Conference’s mission is to foster the building of a Europe-wide cybsersecurity system and create a dedicated collaborative platform for governments, international organisations, and key private-sector organisations.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Cyber Attacks, Threats, and Vulnerabilities

WikiLeaks official website hacked by OurMine hacking group (HackRead) The official website of whistleblowing platform WikiLeaks was hacked Thursday morning by OurMine, a Saudi Arabia based hacking group. The hackers left a de

WikiLeaks attacked by OurMine: what are the lessons? (Computing) The apparent defacement of WikiLeaks' website this morning reveals how rudimentary attacks can still have short-term impacts.

Cyberespionage group uncovered by ESET research targeting embassies (WeLiveSecurity) ESET researchers have uncovered a previously undocumented backdoor is been used to spy on consulates and embassies worldwide by cyberespionage group Turla.

New Backdoor Trojan Deployed in Cyber-Espionage Campaign Targeting Embassies (BleepingComputer) A cyber-espionage group believed to be operating out of Russia for the past two decades has deployed a new backdoor trojan on computers at embassies in Southeast Europe, former Soviet states, and some South American countries.

Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies (Threatpost) The Turla APT's WhiteBear toolset was used to attack defense organizations as recently as June, and diplomatic targets during most of 2016.

Gazing at Gazer (ESET) Turla's new second stage backdoor.

Twitter Bots Use Likes, RTs for Intimidation (KrebsOnSecurity) I awoke this morning to find my account on Twitter (@briankrebs) had attracted almost 12,000 new followers overnight.

New Locky Variant 'IKARUSdilapidated' Strikes Again (Threatpost) For a second time this month, a Locky ransomware variant called IKARUSdilapidated is part of a calculated phishing attack targeting office workers with fake scanned image attachments.

Active ransomware attack uses impersonation and embedded advanced threats (Barracuda) In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.” Here is a screenshot of the email with the addresses redacted:

Ransomware is Going More Corporate, Less Consumer (Dark Reading) Cybercriminals on average charge $544 for ransom per device, signaling a new sweet spot for payouts.

Phishing Emails Undetected by 97 Percent of People (Inside Counsel) Today, phishing emails are behind 97 percent of cyberattacks, yet recent research reveals 97 percent of people cannot identify those phishing scams, putting the companies they work for at risk. In fact, out of 5,000 emails, one of them is likely to be a phishing email that causes damage. Victims may not know they've become one for up to a year.

SMBs beware! This is how automated software updates spread malware (Computing) Why you should never trust automatic updates

How Hackers Hide Their Malware: Advanced Obfuscation (Dark Reading) Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.

The Active Directory Botnet (Dark Reading) It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.

DDoS attacks blamed on 70,000-strong Android botnet (IT PRO) Security researchers discover Mirai-style 'WireX' botnet

New malware turns smartphones into cyberattackers (Boston Globe) Tens of thousands of Android phones were recently infected with WireX, a new kind of malware that hides inside apparently legitimate apps, converting phones into computer-killing zombies.

Researchers say Intel's Management Engine feature can be switched off (ZDNet) Updated: Researchers have shown how Intel's all-powerful Management Engine in its CPUs could be disabled.

Why Should We Trust DJI? (sUAS News - The Business of Drones) The historical relationship between the Chinese and United States is steeped in espionage. A quick search of sUAS News website will reveal an article going back to 2013:   “QinetiQ North America was attacked by a Shanghai-based hacker group from 2007 to 2010, Bloomberg reported on Thursday. The hacking collective has been coined the ‘Comment …

It Still Takes 2 Minutes to Have Vulnerable IoT Devices Compromised Online (BleepingComputer) Almost a year after the emergence of the Mirai botnet, smart devices are still facing a barrage of credential attacks, and a device left connected to the Internet with default credentials will be hijacked in about two minutes.

UK infrastructure failing to meet the most basic cybersecurity standards (Register) We're all doomed

"House of Cards" publisher exposes gigabytes of sensitive client files (ZDNet) A backup drive on the agent's network exposed gigabytes of sensitive client data -- including unpublished books, invoices, details of royalty payments, and contracts.

Instagram says high-profile users targeted in cyber attack (NBC4i.com) Instagram alerted its verified users Wednesday of a security breach it said was due to a bug in its own software.

Attackers exploited Instagram API bug to access users' contact info (Help Net Security) Individuals obtained unlawful access to a number of high-profile Instagram users' contact information by exploiting a bug in an Instagram API.

Hacking Retail Gift Cards Remains Scarily Easy (WIRED) One security researcher reveals the secrets of simple gift card fraud.

People Are Making the FCC Host 'Rick and Morty' GIFs (Motherboard) What is going on?

FCC “apology” shows anything can be posted to agency site using insecure API (Ars Technica) FCC API could be misused to host malware on FCC's domain.

Wells Fargo uncovers up to 1.4 million more fake accounts (CNNMoney) Wells Fargo has uncovered up to 1.4 million more fake accounts after digging deeper into the bank's broken sales culture.

Your website is a window into your network — and guess who's looking? (Techaeris) Websites and the servers that host them are vulnerable to attack, and so too are the networks that are connected to them.

Security Patches, Mitigations, and Software Updates

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin (Threatpost) Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks (Threatpost) Siemens fixed a session hijacking vulnerability in its LOGO! logic module Wednesday but says a second issue, one that could help facilitate a man-in-the-middle attack, has no fix currently.

Siemens patches one security vuln, leaves folks to block second (Register) LOGO owners on alert

St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall' (Dark Reading) The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.

Welcome to 2017: Pacemaker Patients Told to Visit Doctors to Receive Security Patches (BleepingComputer) Patients with pacemakers manufactured by Abbott — formerly St. Jude Medical's — are advised to reach out to their doctors and inquire about the availability of a security update for their implanted medical devices.

Blizzard vows tougher policies to punish Overwatch trolls (Ars Technica) Temporary "silences" to become suspensions, permanent bans will come more quickly.

Cyber Trends

Cybersecurity is Standard Practice for Most Large Companies, New Survey Finds (ISEBOX) Even with protocols in place to prevent cyber attacks, enforcement by management can be lax

Payment security: What are the biggest challenges? (Help Net Security) Discover how your industry fares on payment security and where the biggest challenges lie, requirement by requirement, according to Verizon.

Marketplace

UK Firms on GDPR Hiring Spree but Gaps Persist (Infosecurity Magazine) UK Firms on GDPR Hiring Spree but Gaps Persist. Reports suggest many have yet to begin compliance

The first ICO unicorns are here (TechCrunch) It was always like to happen, but the speed in which the first ICOs worth more than $1 billion have arrived is surprising. Today both Omise GO (OMG) and..

Right to Privacy to Boost the Encryption Market in Five Years: Carlos Moreira, WiseKey (DATAQUEST) Carlos Creus Moreira, CEO, WiseKey who has spent most of his time as a UN expert on IT and eSecurity was recently in India. His visit to India coincided with...

This former CIA analyst has signed big deals — and $40 million in new funding — for his internet monitoring startup (TechCrunch) Tim Junio knew as a high school student that he wanted to join the CIA. He even wrote as much in his college application to Johns Hopkins University, where he..

Siemens kooperiert mit ISA im Bereich Industrial Cyber Security (IT Times) Der deutsche Technologiekonzern Siemens AG arbeitet mit der International Society of Automation zusammen, um das Bewusstsein für Cybersicherheit im Industrie 4.0. Zeitalter zu schärfen.

Qualcomm Joins the IoT Cybersecurity Alliance (Qualcomm) Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated (NASDAQ: QCOM), joins AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic as part of the IoT Cybersecurity Alliance formed earlier this year. The purpose of the group is

KeyW rides opportunity 'bubble' post Sotera deal (Washington Technology) KeyW Corp. continues to lay down the foundation it believes will drive success from its combination with Sotera Defense Solutions.

BKAV puts faith in tapping high-end phone market (Viet Nam News) BKAV Technology Group spent eight years and VNĐ500 billion (US$22 million) to make the first “Made in Việt Nam, Designed by BKAV’ smartphone. Việt Nam News speaks with Nguyễn Tử Quảng, chairman and CEO of the company, about its latest offering, the luxury Bphone 2017.

A first look at the Augusta Cyberworks Campus and the jobs that are following (WJBF-TV) Locals watched history meet the future Tuesday night at the old Sibley Mill.

CACI International (CACI) Seccures $51M Task Order from U.S. Air Force Cyberspace Operations for Software Development Support (Street Insider) CACI International Inc (NYSE:CACI) announced today it has been awarded a $51 million task order to provide software development support to the 90th Cyberspace Operations Squadron (90th COS), a subordinate unit of the 24th Air Force, the Air Force’s component to U.S. Cyber Command. The three-year task order, awarded under the Network-Centric Solutions-2 (NETCENTS-2) contract vehicle, represents continuing business for CACI.

Prevalent Appoints Chief Software Architect to Executive Team (Benzinga) Industry veteran to drive strategic vision, next generation design for third-party risk management leader

Marco Corrent appointed to head Carbon Black ANZ channel (Channel Life) Carbon Black has appointed Marco Corrent as channel director for ANZ as the security vendor looks to broaden its ANZ channel scope.

Products, Services, and Solutions

Okta Integrates with Palo Alto Networks Next-Generation Security Platform to Automate End-User Security from the Okta Identity Cloud to the Enterprise and Back (Okta) Okta, Inc. (NASDAQ:OKTA), the leading independent provider of identity for the enterprise, today announced integrations with the Palo Alto Networks® Next-Generation Security Platform to provide security across cloud, on-premises and hybrid applications and data centers.

SecureAuth Continues to Raise the Bar on Passwordless Authentication with New Access Control Methods (SecureAuth) With new Link-to-Accept™ and YubiKey multi-factor authentication methods, SecureAuth is taking more organizations passwordless with the flexibility they need.

IRS to relaunch a more secure data retrieval tool on Oct 1 for 2018-19 FAFSA (CSO Online) After making security and privacy tweaks to the disabled data retrieval tool, the IRS will relaunch the DRT on Oct 1 for 2018-19 FAFSA applicants.

WISeKey WISeAuthentic Blockchain for Brand Protection and Monetization Revolutionizing the Luxury Industry - NASDAQ.com (NASDAQ.com) WISeKey International Holding Ltd ("WISeKey"), (SIX: WIHN) a cybersecurity IoT platform company, today announced that its WISeAuthentic solution for brand protection is now able to minimize counterfeiting and fraud by developing a trusted digital global blockchain ledger that includes the identity of the luxury object and tracks and protects any item of value.

Anomali, Phantom Partnership Provides Cybersecurity Automation and Orchestration (Marketwired) Joint customers can now automate threat hunting, investigations, alerts and response

Gemalto Announces Data Protection Solutions for VMware Cloud on AWS (Technuter) Gemalto, the world leader in digital security, today announced its SafeNet data encryption and key management solutions are now available to customers of VMware Cloud™ on AWS.

VeloCloud's SD-WAN security program adds more partners (SearchSDN) VeloCloud expands its SD-WAN security program, and Verizon adds SD-WAN from Versa Networks into its managed software-defined branch service offering.

Technologies, Techniques, and Standards

Why The New NIST Guidelines Are Not Enough (Infosecurity Magazine) Industry should be working to create better and more secure technology that is also easier for consumers to use.

Cyber products to get further scrutiny under new DHS plan (FederalNewsRadio.com) DHS issued an updated CDM supply chain risk management plan to help agencies be more confident in the cybersecurity products and services they are buying.

The true cost of unstructured 'dark data' in the GDPR era (Computing) Kazoup's Johan Holder warns that unmanaged, unstructured data will pose major risks to organisations when the GDPR comes into force in just nine months

One of These Things Is Not Like the Other (SIGNAL Magazine) Cyber hunt teams look to machine learning to sort true security alerts from false positives.

Not all machine learning is created equal (Computing) Kevin Gidney of Seal Software talks about the training and work that must go alongside machine learning

Remote KYC: A competitive advantage for mobile only banking (Mobey Forum) The required procedures for Know Your Customer (KYC) have finally broken free of branch-based face-to-face meetings, and now enable banks to use videoconferencing and biometrics to verify a customer’s identity remotely. This is a big deal...

Cybersecurity Is Not A One-Time Fix (CSO Online) A comprehensive approach to security helps beat cybercriminals at their game.

Design and Innovation

Assume self-driving cars are a hacker's dream? Think again (the Guardian) Autonomous vehicles have long been seen as a major security issue, but experts say they’re less vulnerable to hacks than human-controlled vehicles

Self-driving lorries to be seen on British roads (Software Testing News) The government has announced that by the end of next year major British roads will be used by small convoys of partially self-driving lorries.

Dr. Jessica Barker: Keep People in the Security Equation (Cylance) What is the role of real live human people in protecting your data and your network? Matt Stephenson spends some time with Dr. Jessica Barker to look at cybersecurity from a different angle: the human perspective.

Cyber-Security Firm Kaspersky Lab Envisions Moscow’s Future (Moscow Times) The 3D map of Moscow is also flush with “climatic domes,” inside which temperature and humidity are regulated

Research and Development

Mathematicians Race to Debunk German Man Who Claimed to Solve One of the Most Important Computer Science Questions of Our Time (Motherboard) Norbert Blum's solve for the infamous 'P vs NP' problem "passes many filters of seriousness," but does it hold up?

John Martinis Believes Quantum Computing Threat to Be Long Way Off (Bitcoin News) At a recent crypto event, Google’s John Martinis addressed the hypothetical threats posed by quantum computing, stating that we are still many years from

Academia

Hackers to compete in Australia's first defence cyber challenge (iTnews) Seeking to fill skills shortage.

NKU, U.S. Bank Announce 3-Year Scholarship Program (The River City News) U.S. Bank announced this week that it will continue its support of Northern Kentucky University's nationally-recognized cyber security program.

Cyber defense research designation could improve research opportunities (The Daily Wildcat) Last week, the University of Arizona was named a Center of Academic Excellence in Cyber Defense Research by the Department of Homeland Security and the National Security Agency. This designation was awarded to Eller’s School of Business’ Management Information Systems department and is following the UA’s newly created Masters program in Cybersecurity. 

CU Boulder, Lockheed extend research partnership aimed at developing new tech — and young minds (Boulder Daily Camera) Standing beneath a 26-foot research rocket suspended from the ceiling, officials from the University of Colorado and aerospace giant Lockheed Martin announced Tuesday an extended partnership aimed at building world-renowned technologies and training the next innovators of the future.

Universities struggle to provide cybersecurity education: Infographic (The CloudPassage Blog) The main reason for skills gaps? A “lack of qualified personnel” who can fill the role and a lack of universities providing cybersecurity education.

Legislation, Policy, and Regulation

Here Are the 41 Websites You Can't Access in Cuba (Motherboard) A new report looks at how the internet is censored on the island nation.

International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape (Dark Reading) After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.

Curbs on freedom of expression encourage militants: Babar (International News) Senator Farhatullah Babar Tuesday said that inability to hold security forces accountable in operations against violent extremism can result in alienating the affected people and directly...

Distorted history a major source of bigoted worldview: speakers (Daily Times) The distorted history that has been taught to children and youth has made them oblivious of real history. It is a major reason behind the state of disconnect from our progressive and pluralistic culture of the past as a nation.

US Gearing Up for Digital Arms Race (VOA) Key intelligence agency looking to artificial intelligence to maintain eroding edge

How the West can defeat the Kremlin’s lies (Time) In 1976, aged 22, I went with a student delegation to Prague. Then it lay behind an iron curtain that few of us thought would be lifted in our lifetimes. We had gone to meet the members of the...

Congress faces decision on whether to rein in controversial spying program (USA TODAY) Critics of the surveillance program known as Section 702 say it is being used to collect electronic data on Americans without a warrant.

Senate Dem blasts Trump on cyber readiness (FCW) The ranking Democrat on the Senate energy committee is again raising warning flags about critical infrastructure cybersecurity in the wake of resignations from a key advisory group.

Litigation, Investigation, and Law Enforcement

Huawei rejects allegations it bribed Solomons' PM (Radio New Zealand) Chinese telecommunications company Huawei has rejected allegations it bribed the Solomon Islands' prime minister for the contract to build an internet submarine cable between Honiara and Sydney.

Reality Winner, NSA contractor charged in leak case, asks court to suppress initial statement (The Washington Times) Attorneys for National Security Agency contractor Reality Winner have asked a court to suppress the statements she made to investigators prior to being taken into custody and charged with leaking classified intelligence.

Exclusive: Wasserman Schultz IT Staffer Banned From House Network Months Ago Still Has Active Account (The Daily Caller) A former IT aide suspected of stealing equipment and data from Congress still has an active, secret email account on the House computer system, even though he has been banned from the congressional network...

Will special counsel Mueller examine the DNC server, source of the great Russiagate caper? (Philadelphia Inquirer) When the Department of Homeland Security and the FBI learned of the hacking claim, they asked to examine the server. The DNC refused - and continues to deny law enforcement access to it.

Bank cyber attack suspect extradited from Germany to appear in British court (Reuters) A British man has been extradited from Germany after being accused of launching cyber attacks on the networks of Lloyds Banking Group and Barclays banks this year, the National Crime Agency said on Wednesday.

Ex-Diplomats Warn Against Extending Civil Liability to Bank in Suit by Terror Victims (New York Law Journal) Former U.S. diplomats are going to bat for the Jordan-based Arab Bank, arguing in papers filed this week with the U.S. Supreme Court in favor of affirming di...

Feds: Man jailed for not decrypting drives has “chutzpah” to ask to get out (Ars Technica) Prosecutors use Yiddish to describe man imprisoned 2 years for contempt of court.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

cybergamut Tech Tuesday: The Scary Truth About Online Anonymity (Elkridge, Maryland, USA, September 5, 2017) In this presentation, Zuly Gonzalez of Light Point Security explores the various tools used for anonymous web browsing, the type of information that can be leaked during your online research to reveal...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Insider Threat Program Management With Legal Guidance Training Course (Laurel, Maryland, USA, September 12 - 13, 2017) Insider Threat Defense will hold a two-day training class, Insider Threat Program (ITP) Management With Legal Guidance (National Insider Threat Policy (NITP), NISPOM Conforming Change 2). For a limited...

PCI Security Standards Council: 2017 North America Community Meeting (Orlando, Florida, USA, September 12 - 14, 2017) Join your industry colleagues for three days of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

DSEI 2017 (London, England, UK, September 12 - 15, 2017) Defence and Security Equipment International (DSEI) is the world leading event that brings together the global defence and security sector to innovate and share knowledge. DSEI represents the entire supply...

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and...

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.