skip navigation

More signal. Less noise.

Daily briefing.

Late last Thursday Google's Project Zero disclosed that Cloudflare (a major provider of a content delivery network, Internet security services, and distributed domain name server services) was leaking sensitive information online. The company has patched the memory leak bug responsible (the flaw is being called "Cloudbleed") and stresses that the problem with its caching infrastructure affected a relatively small set of the websites that use their DNS service.

Bitsight explains on its blog that Cloudflare's problems arose from an error in parsing logic that could lead to a buffer overrun that would output uninitialized memory content onto affected web pages. The websites potentially affected by Cloudbleed were those that had either email obfuscation, server-side excludes, or automatic HTTPS rewrites enabled.

Since popular services (said to include Uber, Fitbit, OK Cupid, and Patreon) use Cloudflare and since data have been leaking for some time, many researchers are advising users to assume their credentials have been exposed, and, of course, to change them.

Ransomware and DDoS remain fixtures of the threat landscape. F-Secure describes the "ruthlessness" of Spora ransomware's controllers. New "TrumpLocker" ransomware turns out to be VenusLocker in disguise.

In the ongoing Moscow cyber-treason trial, it emerges that one of the defendants, Ruslan Stoyanov, is accused of passing state secrets to US companies, notably to Verisign's iDefense cybercrime unit. The accusations date back to 2010, and were leveled by the Russian online payment company ChronoPay.

The FBI is being asked, again, how it gained access to the San Bernardino jihadist's iPhone.


Today's issue includes events affecting Afghanistan, Australia, Azerbaijan, China, Germany, Iran, Israel, Kazakhstan, Kyrgyz Republic, Mexico, Netherlands, Pakistan, Russia, Tajikistan, Turkey, Turkmenistan, United Kingdom, United States, and Uzbekistan.

In today's podcast, we hear from Ben Yelin, of our partners at the University of Maryland's Center for Health and Homeland Security. He talks us through the US Administration's current hiring freeze, and its effect on students in cyber security programs.

It's not too late to listen to our special 2017 prognostication edition, in which we talk to experts and even editors about where they see cyber security headed this year. 

Jailbreak Security Summit - Insecurity Tools (Laurel, Maryland, USA, April 28, 2017) Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Dateline RSA 2017

The Best of RSA Conference 2017 (BankInfo Security) Our objective, as the industry’s largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or

Salted Hash: RSAC 2017 Recap (CSO Online) Last week, Salted Hash was in California for the annual RSA Conference in San Francisco. The week was full of drama between the testing labs and endpoint protection firms, but aside from that we managed to have a few interesting conversations, here's a quick recap.

Awards, Product Launches, and More: Recap of RSA Conference 2017 (Recorded Future) At RSA Conference 2017 we met hundreds of you in the exhibit hall and launched exciting new aspects to our product. Let's recap last week's highlights.

Threat Intelligence: Use Cases, War Stories, and ROI (The CyberWire) Discussions with leading providers of threat intelligence on what they provide and how their customers use it, with some notes on the DNC hack.

The Internet of Awkward Things (The CyberWire) What security companies make of the risks posed by the Internet-of-things, with some calls for proportion and an optimistic outlook.

Passages: Secure virtual browser for malware isolation (Help Net Security) Passages is a secure virtual browser that provides complete protection from web-based attacks. Mac or Windows, everything the user does is protected.

Discover, catalog and protect all your apps (Help Net Security) Jason Kent from Qualys talks about how organizations are having lots of difficulty identifying the problems in their app infrastructure.

Blockchain's New Role In The Internet of Things (Dark Reading) With next gen 'distributed consensus' algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devices

Cyber Attacks, Threats, and Vulnerabilities

Bleeding clouds: Cloudflare server errors blamed for leaked customer data (CSO Online) While working on something completely unrelated, Google security researcher, Tavis Ormandy, recently discovered that Cloudflare was leaking a wide range of sensitive information, which could have included everything from cookies and tokens, to credentials. Cloudflare moved quickly to fix things, but their postmortem downplays the risk to customers, Ormandy said.

Major Cloudflare bug leaked sensitive data from customers’ websites (TechCrunch) Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from..

Cloudbleed: Which Websites Are Affected By The Cloudflare Bug? (LifeHacker) Last week we found out about Cloudbleed, a bug on Cloudflare services that resulted in data leakage from a number of websites. Here's a list of websites...

Cloudbleed: Breakdown of Cloudflare's Memory Leak (BitSight) Cloudflare announced a serious bug in its caching infrastructure that caused uninitialized memory to be printed on a number of customers’ websites.

Google Search Results Still Expose Sensitive Data Leaked by ‘CloudBleed’ Bug (Motherboard) Despite helping fix the bug, Google hasn’t cleaned up all the exposed leaked data from its search results.

What You Need to Do About the Massive Cloudflare Data Leak (Motherboard) Millions of websites may have been affected by Cloudbleed. Here’s what you should do to keep your accounts safe.

Cloudflare data leak...what does it mean to me? (SANS Internet Storm Center) The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed.

Russia Top Source Of Nefarious Internet Traffic (Dark Reading) Honeypot research from F-Secure shows majority of illicit online activity coming from IP addresses in Russia - also where ransomware is a hot commodity.

From Russia With Malware: "Boris" and "Natasha" (Wapack Labs) Wapack Labs research has revealed an association between the author of the BlackEnergy malware and ZORSecurity: one of the Russian companie...

Extensive Breach at Intl Airport (MacKeeper) In what should be considered a complete compromise of network integrity, New York’s Stewart International Airport was recently found exposing 760 gigs of backup data to the public internet. No password. No username. No authentication whatsoever.

SHA1 Collision Attack Makes Its First Victim: Subversion Repositories (BleepingComputer) It took only one day for the SHA1 collision attack revealed by Google on Thursday to make its first victims after developers of the WebKit browser engine broke their Subversion (SVN) source code repository on Friday.

Linus Torvalds rejected security warnings about SHA1 in 2005 (Computing) Free software evangelist John Gilmore to Torvalds in 2005: "SHA1 has been broken..."

World's Largest Spam Botnet Adds DDoS Feature (BleepingComputer) Necurs, the world's largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks.

Expect many more 300Gbps DDoS attacks (My B roadband) Akamai has released its Q4 2016 State of the Internet Security Report, which shows a dramatic increase in the number of DDoS attacks greater than 100Gbps.

Timeline of Mirai: the Internet of Things botnet (ComputerworldUK) Since its mid-2016 discovery, Mirai has evolved to become one of the most powerful security threats

0.2 BTC Strikes Back, Now Attacking MySQL Databases (GuardiCore) Last week we first tweeted that the GuardiCore Global Sensor Network (GGSN) has detected a wide ransomware attack targeting MySQL databases. The attacks look like an evolution of the MongoDB ransomware attacks first reported earlier this year by Victor Gevers. Similarly to the MongoDB attacks, owners are instructed to pay a 0.2 Bitcoin ransom (approx. …

4 Cybersecurity Risks We’ll Face With WhatsApp Status (Panda Security Mediacenter) Panda Security has detected a few potential risks that all users of this new version of WhatsApp Status should recognize.

Someone Is Selling Coachella User Accounts on the Dark Web (Motherboard) If you're a fan of flower headdresses, watch out.

Macs Feel More Crypto-Locker Ransomware Love (BankInfo Security) New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.

Ransomware 'customer support' chat reveals criminals' ruthlessness (CSO Online) Finnish security vendor F-Secure released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The transcripts give a whole new meaning to tech support.

The Evolution of Ransomware: Part 2 (Security Week) For most, ransomware attacks are the byproduct of uninformed users opening malicious attachments sent by devious and anonymous criminals.

Dynamite Phishing (SANS Internet Storm Center) Last week I ran across a very successful phishing campaign, what’s odd in most ways it was nothing special. The attacker was using this more like a worm, where stolen credentials would be used within the hour to start sending out a mass amount of more phishes. I've decided to call this "Dynamite Phishing" because there is nothing quiet about this at all.

Movie night? Nope. It's a fake iTunes receipt from phishers targeting Apple users (Graham Cluley) Beware fake iTunes receipts for movies you haven't purchased. When you try to dispute the purchase, you might find you're handing online criminals your personal information.

Twitter users, do you know who’s spying on your web-surfing habits? (Naked Security) Researchers have shown that’s it’s possible to de-anonymise Twitter users and track them around the web

Survey: Most Attackers Need Less Than 12 Hours To Break In (Dark Reading) A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder

Number of people hit by professional financial cyber attack grows after lull (ComputerWeekly) Kaspersky Labs reports that the number of people hit by financial cyber attack grew in 2016 after falling in the previous two years.

Fraud rises as cybercriminals flock to online lenders (CIO) The latest quarterly ThreatMetrix Cybercrime Report shows 1 million cyberattacks targeted online lending transactions throughout 2016, causing estimated losses of more than $10 billion.

Understanding and Combating the Evolving Attack Chain (Security Week) Adversaries continue to find new ways to operate, using varied techniques to accomplish their mission. And, unless you remain informed about these changes, it’s hard to defend against these evolving threats.

Hacker Group Defaces Hundreds of Websites After Hacking UK Hosting Firm (BleepingComputer) A hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster.

Cyber Trends

How IoT initiatives impact the IT infrastructure (Help Net Security) Internet of Things (IoT) infrastructure spending is making inroads into enterprise IT budgets across a diverse set of industry verticals.

IaaS: The Next Chapter In Cloud Security (Dark Reading) Organizations adopting IaaS must update their approach to security by using the shared responsibility model.

Cyber isn’t all that special, says NSA chief (C4ISRNET) The head of Cyber Command has warned against putting cyber on a pedestal.

NSA Deputy Director: Why I Spent the Last 40 Years In National Security (Time) In 1977 I was finishing my sophomore year of college, working two jobs to put myself through school, and thought, “There has to be a better way.” So I enlisted in the U.S. Army as a Signals Intelligence/Electronic Warfare Morse Intercept Operator, which didn’t tell me much but would let me earn money toward college through the GI Bill.

Ponemon Study Finds Cybersecurity Lacking In Oil & Gas Industries (Information Security Buzz) Ponemon has published research that looks at the state of cyber security, particularly in the Oil and Gas industry. Edgard Capdevielle, CEO at Nozomi commented below. Edgard Capdevielle, CEO at Nozomi Networks: “While the oil and gas industries aim to make improvements to their cyber security risk posture, it’s not straight forward and this recent …

Cyber attacks against financial services cost consumers £8bn in 2016, research reveals (The Telegraph) Online financial services and lending companies are increasingly being targeted by fraudsters and costing consumers millions of pounds around the world last year alone, according to research.


Demystifying cyber insurance (DU Press) ​Organizations continue to invest heavily in cybersecurity efforts to safeguard themselves against threats, but far fewer have signed on for cyber insurance to protect their firms afteran attack. Why not? What roadblocks exist, and what steps could the industry take to help clear them?

Security Awareness Training to Explode in Next 10 Years (Infosecurity Magazine) Fortune 500 and Global 2000 corporations will consider security awareness training as ‘fundamental’ to their cyber-defense strategies by 2021.

20 Cybersecurity Startups To Watch In 2017 (Dark Reading) VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.

Microsoft Wants Tech Industry to Tackle $3 Trillion Problem (The Motley Fool) Security breaches have gone beyond individuals and even companies to become a huge global issue.

Cisco's John Chambers Bets on Google and Citi-Backed Voice Security Startup (Fortune) He has invested and joined the board.

Peter Thiel’s Palantir Spreads Its Tentacles Throughout Europe (Bloomberg) The $20 billion data mining startup tripled revenue in Europe and plans to keep expanding there.

Palantir was dumped by key cybersecurity client Home Depot (CNBC) A handful of blue chip company have "raised doubts about (Palantir's) usefulness" Palantir, BuzzFeed reports.

These five Dutch cyber companies are in Maryland to learn, establish U.S. presence (Baltimore Business Journal) Five Dutch cyber companies have "soft landed" in Maryland and are staying through the end of March as part of a cooperative program between The Netherlands and the Maryland Department of Commerce.

U.S. Air Force Awards $875 Million for Cryptography and Information Assurance (SIGNAL Magazine) General Dynamics Mission Systems, Scottsdale, Arizona (FA8307-17-D-0006); Harris Corp., Rochester, New York (FA8307-17-D-0007); L-3 Systems Corp., Camden, New Jersey (FA8307-17-D-0008); Leidos Inc., Columbia, Maryland (FA8307-17-D-0009); Raytheon, El Segundo, California (FA8307-17-D-0010); Sypris Electronics LLC, Tampa, Florida (FA8307-17-D-0011); and ViaSat Inc., Carlsbad, California (FA8307-17-D-0012) have been awarded a combined not-to-exceed $875 million indefinite-delivery/indefinite-quantity contract.

Malwarebytes teams up with Cybersecurity Factory - Malwarebytes Labs (Malwarebytes Labs) Malwarebytes is proud to support Cybersecurity Factory, a 10-week summer program for early-stage cybersecurity companies.

Virginia Expands Cybersecurity Training for Veterans in Bid to Fill Vacant Positions Statewide (Government Technology) Two new VetSuccess Immersion Academies from the SANS Institute will augment the Cyber Vets Virginia initiative announced in November.

'Don't let them hack us': Here's what it's like working as the CIO for Elon Musk at SpaceX (Business Insider Australia) From Zip2 to Paypal, Tesla and SpaceX, Elon Musk’s businesses have revolutionised their industries.

Products, Services, and Solutions

Telstra to build Australia's first national internet of things network (CRN Australia) Also improving optical network.

Cisco helps businesses eliminate performance and protection trade-offs with next-generation firewall for the internet edge (Al Bawaba) Cisco helps businesses eliminate performance and protection trade-offs with next-generation firewall for the internet edge

Microsoft protecting Mexican people with new cybersecurity center (BetaNews) With all of the talk about border walls and immigration in the news lately, something very important sometimes gets forgotten in the discussion -- Mexicans are people. In other words, these folks are just as important as anyone else; they are not statistics. The same goes for everyone regardless of skin color, religion, region, or country. All humans matter.

Amid cyberattacks, ISPs try to clean up the internet (CSO Online) If your computer’s been hacked, Dale Drew might actually know about it. His company, Level 3 Communications, is a major internet backbone provider and routinely on the lookout for cyberattacks on the network level. From what they can tell, there’s a staggering 178 million IP addresses out there associated with malicious activity.

The Sixth Flag Announces Windows 10 Experience as part of Enterprise Offering (Sixth Flag) Windows 10 Experience VDI is now available for customers as a part of a series of enterprise features that the company will roll out during the first half of 2017.

Digital Defense, Inc. Highlighted on Managed Security 100 and MSP 500 (PRWeb) Cybersecurity company top ranked for cutting edge approach to delivering managed services

Carbon Black: It's Time For Next-Gen Endpoint Security (Silicon UK) Carbon Black believes now is the time to move on from traditional antivirus (AV) software and embrace the next generation of endpoint security.

Now Anyone Can Deploy Google’s Troll-Fighting AI (WIRED) Google subsidiary Jigsaw is now offering developers access to an API for its AI-based detector for abusive comments.

Technologies, Techniques, and Standards

Can the World Economic Forum's Cyber Security Principles Advance Cyber Resilience? (Security Week) A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.”

Advancing Cyber Resilience Principles and Tools for Boards (World Economic Forum) Cyber resilience and cyber risk management are critical challenges for most organizations today. Leaders increasingly recognize that the profound reputational and existential nature of these risks mean that responsibility for managing them sits at the board and top level executive teams.

Getting ready for the GDPR: what you need to know and how to prepare (Computing) Pillsbury Law experts provide breakdown on how law will affect your business.

Has fraud met its match? (CSO Online) New and dynamic authentication factors can help prevent identity theft. The idea of using a fingerprint reader to log on to a smartphone is nothing new, but the latest wrinkle is the pressure with which that finger pushes on the reader.

Famed Hacker Kevin Mitnick Shows You How to Go Invisible Online (WIRED) Want to become invisible online? Start with your emails.

Three Ways to Combat Shadow IT 2.0 (Security Week) While we can blame the cloud for shadow IT 2.0, SaaS isn’t the culprit this time.

Noise-Canceling Headphones for Your Threat Intel Team (Security Week) With transparency and customized scoring, you cancel out the noise that’s distracting your threat intelligence team

10 Essential Security Measures To Keep Your Online Banking Safe In 2017 (Dane County Credit Union) With all the cyber criminals out there, how can you protect your information? Here are 10 essential security measures you must take now.

How Those Impacted by the 2015 Cyber Attack Against Anthem Who Were Under 18 at the Time Can Get a Credit Freeze (BusinessWire) Anthem is offering a special minor credit freeze program to parents and legal guardians of minors whose information was involved in the 2015 cyber att

Design and Innovation

Tech to make background checks a little smarter (CNNMoney) Onfido is a startup that aims to streamline remote background checks and identity verification by using facial recognition technology.

If your TV rats you out, what about your car? (Autoblog) You drive. It watches.

Dropbox’s tool shows how chatbots could be future of cybersecurity (Naked Security) Open-source Securitybot works in Slack to make dealing with security notifications smoother


CyberTraining 365 and ICMCP Join Forces to Offer Expert Cyber Security Training and Decrease the Skills-Gap (Yahoo Singapore Finance) We are proud to announce our newest scholarship for the International Consortium of Minority Cybersecurity Professionals (ICMCP). Offering 100 ICMCP Members with 6 months of free access to our online academy, CyberTraining 365 hopes to give those new to cybersecurity the skills they need to further their career, while helping fill the cybersecurity skills-gap. ICMCP will be awarding over $33,000 worth of online cyber security training, from our academy, to their members, over the next two years.

Cyber Challenge begins at VMI (WDBJ) This is the first year for the event which combines an invitation-only cyber competition with learning and career opportunities in the cyber world.

Legislation, Policy, and Regulation

ECO summit to focus on transport, cyber linkages (DAWN.COM) The coming 13th summit of the 10-member Economic Cooperation Organisation (ECO) will focus on...

Would a new world accord make the lawless internet safe again? (McClatchydc) If the internet is unsafe now, experts say it will only get more insecure over the next decade. That is one of the reasons why Microsoft is calling for world to enact a Digital Geneva Convention.

Cyber sovereignty principles need to be quickly defined, say experts (The Indian Express) Cyber sovereignty principles need to be quickly defined to address not just national sovereignty and security but also balance conflicting state interests in cyberspace,

A Survey of Nation State Sponsored Hackers (Owl Cyber) The darknet is an unpredictable source of both white hat and black hat hackers working to develop malware, toolkits and viruses (MTVs) for any number of reasons - from political hacktivism to cyber crime.

Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare (Cipher Brief) Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate.

First Aussie cyber threat sharing centre opens in Brisbane (iTnews) Co-locates private, public sector experts.

Cyber Espionage Seen Expanding to Grasp Trump Policy Changes ( U.S. government agencies, think tanks and political groups should expect an increase in cyber espionage as countries like Iran try to grasp changing foreign and military policies under the new Trump administration, according to an executive with cybersecurity company FireEye Inc.

Rogers touts SOCOM as model for cyber command ( The head of U.S. Cyber Command says his organization should be elevated to a unified combatant command and have a centralized structure similar to that of U.S. Special Operations Command.

NSA head Rogers pushes to loosen reins on cyberweapons (TheHill) Adm. Michael Rogers — both head of the National Security Agency (NSA) and Cyber Command — is pushing for widespread changes to the U.S.'s treatment of cyber weaponry, including contracting private sector firms to develop arms.

Assessing US capabilities in cyberspace (Fifth Domain | Cyber) Among the proposals and directives outlined in the three drafts are four cyber reviews, including a full-scale assessment of the nation’s capabilities in cyberspace.

Trump national security adviser wants to avoid term 'radical Islamic terrorism', sources say (Guardian) HR McMaster felt phrase castigates ‘an entire religion’ and indicated ‘he’s not on board’ – a contrast with the president and many key staff members

Opinion: Will Trump sink Privacy Shield? (The Christian Science Monitor Passcode) If Trump walks back US surveillance reform, he could jeopardize a trade agreement with the European Union that ensures the free flow of data across the Atlantic.

FCC prepares to pull broadband privacy rules adopted last year (TechCrunch) FCC Chairman Ajit Pai announced his intention today to block a privacy rule adopted by the Commission late last year. Citing its disharmony with existing FTC..

Policy Experts Push To Make Vulnerability Equities Process Law (Threatpost) By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.

Navy developing preplanned cyber network incident procedures (C4ISRNET) The Navy is looking to develop procedures ahead of time in the case networks go down aboard ships afloat.

Information Warfare Breaks Regional, Geographic Boundaries at WEST 2017 (DVIDS) WEST 2017 concluded on Feb. 23 following three-days of speakers, panels, demonstrations and capability displays.

Congress wants more, better federal cyber workers despite hiring freeze ( House and Senate committees are going to prioritize oversight of how agencies hire and train their workforces to deal with cybersecurity.

Top bank executives required to vouch for cyber attack defences (Financial Times) World’s biggest banks and insurers have to meet New York regulator’s tough new rules

New UK laws address driverless cars insurance and liability (Register) 'Automated' vehicles – who pays for damage?

Litigation, Investigation, and Law Enforcement

Treason charges against Russian cyber experts linked to seven-year-old accusations (Reuters) Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation.

Kaspersky security expert charged with treason for sharing security data with Verisign (Computing) Seven-year-old allegations that Kaspersky employee passed on "secrets" to Verisign cyber crime unit

FBI urged to reveal how much it cost to unlock the San Bernardino iPhone (The Next Web) Associated Press, Vice Media and Gannett have asked US court to force the FBI to reveal how much it cost to unlock the iPhone from the San Bernardino case.

I’ll never bring my phone on an international flight again. Neither should you. (freeCodeCamp) A few months ago I wrote about how you can encrypt your entire life in less than an hour. Well, all the security in the world can’t save…

Sentenced to Prison For Telegram Posts (Iran Wire) The Revolutionary Court in the Kurdish city of Saghez sentenced four people to prison for “propaganda in support of Kurdish opposition parties” after they set up a group and channel on the Telegram messaging service.

How to Hunt a Lone Wolf (Foreign Affairs) To make one-off attacks less likely and prepare for those that do occur, governments should keep would-be terrorists isolated, build strong relationships between Muslim communities and law enforcement, monitor social media, and discredit the ideology that lone wolves embrace.

The Man Who Broke Ticketmaster - Motherboard (Motherboard) The most infamous ticket scalper of all time used bots to buy millions of tickets. Now he wants to stop them.

Can parental spyware keep kids safe online? (The Christian Science Monitor Passcode) Some law enforcement officials says it won't – and are discouraging parents from relying on a growing number of smartphone surveillance apps to guard against bullying and sexual predators.

Florida Man Pleads Guilty To Clinton Foundation Hack Attempts (Dark Reading) Timothy Sedlak also convicted in child pornography case and sentenced to 42 years in jail, Reuters reports.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

Upcoming Events

Second Annual International Security Conference (Riyadh, Saudi Arabia, February 27 - 28, 2017) The conference will facilitate national, regional and international collaboration between government, industry and critical infrastructure organizations. It will also feature investors who want to diversify...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, February 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army,...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.