skip navigation

More signal. Less noise.

Daily briefing.

Cylance has found a threat group operating against business and government targets in Japan. They're tracking the campaign as "Snake Wine," but the operation looks a great deal like APT 28, also known as "Sofacy," which, of course, became famous over the past year for its involvement in apparent attempts to either influence or discredit the US elections. Snake Wine has a lot in common (particularly its registration style) with attacks attributed to Russian intelligence services, but in this instance there's a degree of ambiguity, since some aspects of the campaign seem to be marked with China's spoor. The threat actors have adopted a variety of measures to baffle attribution. Their goal is a matter of speculation, but Cylance thinks there's a good chance Snake Wine is ultimately aimed at disinformation.

Personal data belonging to about 850 members of Singapore's military services have been stolen in an apparent attempt to penetrate that country's Defense Ministry. The theft was successful but the penetration wasn't. Authorities in Singapore believe the culprit is some state actor, with most signs pointing to China.

Google has disclosed another set of unpatched vulnerabilities in Microsoft's Internet Explorer and Edge browsers. While Google's Project Zero has been reticent about the details, lest they render exploitation easy, it's believed the flaws could render users vulnerable to remote code execution.

There are reports that stuffed animals from CloudPets, said to be Internet-connected, contain privacy flaws that record and report conversations in the toys' vicinity.

ESET patches its Mac antivirus.

Notes.

Today's issue includes events affecting Brazil, China, Czech Republic, European Union, Germany, Italy, Japan, Kazakhstan, Lebanon, Malaysia, Mexico, Russia, Singapore, Sweden, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

A note to our readers: while we concluded our dedicated RSA coverage with yesterday's issue, you may find an updated account of threat intelligence interesting if you haven't already seen it. We also have an article up recapping our conversations with some innovative companies; you may find any of them worthy of your attention.

In today's podcast we talk to our partner and friend Joe Carrigan from the Johns Hopkins University: he's here to give us all the straight dope on the Cloudbleed data leak. Our guest is Steve Grossman from Bay Dynamics on the equally timely issue of what we need to know about the New York State cyber regulations that take effect tomorrow. 

And we've also got two special editions up. One we've been telling you about: our 2017 prognostication special. The other one is new, just posted. It's a look at everything concerning artificial intelligence we heard discussed at RSA. 

Jailbreak Security Summit - Insecurity Tools (Laurel, Maryland, USA, April 28, 2017) Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Cyber Attacks, Threats, and Vulnerabilities

Nachrichtendienst: BND bespitzelte offenbar ausländische Journalisten (Spiegel) Von der britischen BBC über die Nachrichtenagentur Reuters bis zu einem Telefonanschluss der "New York Times": Nach SPIEGEL-Informationen hat der deutsche Auslandsgeheimdienst weltweit Medien überwacht.

Japan-Centric APT Campaign Targets Government (Infosecurity Magazine) The hackers believed to be behind the election-season hacking in the United States may have now set their sights on Japan.

The Deception Project: A New Japanese-Centric Threat (Cylance) Cylance has discovered another prolonged campaign that appears to exclusively target Japanese companies and individuals. To date, all observed attacks were the result of spear phishing attempts against the victim organizations.

Singapore: Defence Ministry comes under cyber attack, but no secrets leaked (Asian Correspondent) Cyber attackers have stolen basic personal data from about 850 Singapore national servicemen and employees in a possible attempt to access official secrets, the Defence Ministry said on Tuesday.

Singapore military hack ‘probably state sponsored’ (South China Morning Post) Breach of defence ministry’s ‘I-net’ system stole identity card information, telephone numbers and dates of birth of 850 people

Mexico’s misinformation wars (Medium) How organized troll networks attack and harass journalists and activists in Mexico

Syrian Rebels Are Using Snapchat to Sell and Show-Off Their Weapons (Motherboard) Why Snapchat is the perfect ephemeral weapons marketplace.

Google releases details, PoC exploit code for IE, Edge flaw (Help Net Security) Google has released details about a serious vulnerability in the Internet Explorer and Edge browsers, along with PoC exploit code.

Google Discloses Another ‘High Severity’ Microsoft Bug (Threatpost) Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.

126 vBulletin forums hacked; 819,977 accounts leaked on hacking forums (HackRead) vBulletin (vB) is an internet forum software widely used by website owners. Lately, there has been a critical vulnerability in the software's old versions

Carders capitalize on Cloudflare problems, claim 150 million logins for sale (CSO Online) A carder forum is advertising a special deal to VIP members. The website claims to possess more than 150 million logins, from a number of services including Netflix, and Uber.

Cloudbleed’s silver lining: the response system worked (Naked Security) There are points of contention but overall the researcher-to-vendor collaboration delivered

RATANKBA: Delving into Large-scale Watering Holes against Enterprises (Trend Labs Security Intelligence Blog) In early February, several financial organizations reported malware infection on their workstations, apparently coming from legitimate websites.

SHA-1 collision can break SVN code repositories (CSO Online) The recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system.

Germans, Czechs served with banking malware through SMS (Help Net Security) German and Czech Android users are getting served with a variant of the Marcher banking Trojan directly through text messages.

Cyber extortionists hold MySQL databases for ransom (Help Net Security) We have witnessed attackers holding MongoDB, CouchDB and Hadoop databases for ransom, and now they've set MySQL databases in their sights.

Attackers using cracked builder to duplicate and spread Betabot (Naked Security) Some attackers love Betabot malware but not all of them like paying for it

Millions of smart devices in Spain are vulnerable to attack (Help Net Security) Avast identified more than 493,000 smart devices in Barcelona and 5.3 million in Spain overall that are connected to the internet and vulnerable to attacks.

Avast Exposes Internet of Things Attack Risk in Barcelona, Home of Mobile World Congress 2017 (BusinessWire) A new Avast research experiment shows that half a million smart devices including webcams and baby monitors in Barcelona, home of Mobile World Congres

500,000+ devices have dangerous apps installed (Help Net Security) At Mobile World Congress (MWC) 2017, connected cars, the future of smart homes and, of course, the newest handsets are top of the agenda. Intel Security’s

1500 companies in over 100 countries hit by malicious Adwind backdoor RAT (Graham Cluley) More than 1,500 companies in over 100 countries have suffered an infection at the hands of the Adwind Remote Access Tool (RAT).

Analysis of a Simple PHP Backdoor (SANS Internet Storm Center) With the huge surface attack provided by CMS like Drupal or Wordpress, webshells remain a classic attack scenario.

More on Bluetooth Ingenico Overlay Skimmers (KrebsOnSecurity) This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes.

Password-Manager Apps (TeamSIK) There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords.

A (Fruit) Fly on the Wall: Surveillance Malware (Wapack Labs) The Fruit Fly malware is designed to exploit web cams that are used for surveillance. There are both Windows and Mac versions. A...

The Economical RAT: Luminosity.Link (Wapack Labs) The Luminosity.Link Remote Administration Tool (RAT) has been observed by a number of companies over the past year being spread ...

Wikipedia’s bot-on-bot battles that can last for years (Naked Security) Sustaining a grudge is a lot easier when you don’t have to take breaks. Or breathe.

Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages (Ars Technica) Publicly accessible database wasn’t even protected by a password.

Smart teddy bears involved in a contentious data breach (CSO Online) If you own a stuffed animal from CloudPets, then you may have been hacked. The company’s toys -- which can receive and send voice messages from children and parents -- have been involved in a serious data breach dealing with more than 800,000 user accounts.

iPhone Robbers Try to iPhish Victims (KrebsOnSecurity) In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone.

Tens of thousands of Chromebooks fail because of Symantec BlueCoat problem (ZDNet) Did your web access just go badly wrong when you upgraded to the Chrome web browser 56 or Chrome OS 56? The problem is probably in your web proxy.

Boeing Notifies 36,000 Employees Following Breach (Threatpost) A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse.

Online scammers target seniors during tax season (WVLT Local 8) Officials report that over two-thirds of U.S. seniors have been victim or target of at least one common online scam or hack.

Security Patches, Mitigations, and Software Updates

ESET antivirus cracks opens Apple Macs to remote root execution via man-in-middle diddle (Register) Get patching – fix available now

Microsoft Adds Technical Updates to SDL Site (Dark Reading) Microsoft releases a new round of updates and technical content additions to its Security Development Lifecycle website.

Cyber Trends

Threat Intelligence: Use Cases, War Stories, and ROI (updated) (The CyberWire) Ability to collect information can notoriously outstrip the ability to analyze that information into intelligence. And once you have the intelligence, what, exactly, are you supposed to do with it? After all, you haven't developed it merely to gratify curiosity. So what are the use cases? (Updated 2.27.17.)

Passcode at SXSW: Ad blockers, spies, hackers, and Hollywood (The Christian Science Monitor Passcode) From biometric tracking to smart cities to hackers on film, bookmark our four panels on digital security and privacy at this year's South by Southwest festival in Austin.

Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar (Threatpost) Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement.

New AT&T Research Finds 75% of Email Traffic Could Be Malicious (AT&T) And 50% of businesses have outdated cybersecurity protections

Password re-use is rampant among Millennials 18-30 (Infosecurity Magazine) More than half of respondents in a new survey are still trying to remember their passwords in their heads.

Marketplace

New Report: Businesses Suffer Serious, Measurable Damage From Data Breaches (Inc.) People who own, run, or work for businesses should take note of several findings of a recent Cisco study of the impact of data breaches.

Cyber Insurance Uptake Hampered By Skewed Data, Poor Communication (Dark Reading) Only 29% of US businesses have cyber insurance; Deloitte outlines steps for insurance companies to improve risk models, communication, and policy sales.

Salary Survey: What's a CISO Worth in 2017? (Bricata) Several benchmarks suggest CISO salaries are rising and top $200,000 dollars. The figure may seem sizable except when compared with the cost of exposed risks.

A year after Jasper acquisition Cisco expands the platform (TechCrunch) Just over a year ago Cisco bought Jasper Technologies for $1.4 billion, and with that transaction, created the company's IoT cloud business. This week, Cisco..

Strategic Cyber Ventures aims to build ‘supermax prison’ to halt hackers (Washington Post) The D.C.-based venture fund announced its fourth of at least eight investments Monday.

As OPM’s background bureau gets off the ground, could a bid protest stymie its efforts? (Federal News Radio) The Office of Personnel Management’s National Background Investigations Bureau (NBIB) is almost five months old and already embroiled in its first bid protest.

SS8 Among Key Vendors Making Up Security Analytics Ecosystem According to Independent Research Firm (Marketwired) SS8 BreachDetect recognized for using communication analytics to find compromised devices

Ad hoc Research Associates receives 8(a) certification from SBA Read more: http://www.digitaljournal.com/pr/3250203#ixzz4Zysl7g5F (Digital Journal) Ad hoc Research Associates, LLC is proud to announce that it has received 8(a) certification from the Small Business Administration (SBA).

Products, Services, and Solutions

Nehemiah Security's AtomicEye RQ Quantifies the Effects of Cyber Exploits (BusinessWire) Nehemiah Security, an internationally recognized supplier of cybersecurity software and services to enterprise and government organizations, today announced...

Big strides in Cloud security: IP whitelisting & required 2-Step Verification in Bitbucket (Atlassian) We live in an age where data breaches are very common. In the last three years major retailers to modern tech companies have experienced massive data breaches - yet CompTIA research shows that most companies are still not fully prepared against security threats and haven't taken necessary steps to overhaul their security measures.

LookingGlass ScoutPrime Becomes First Threat Intelligence Platform Compliant with STIX 2.0 (BusinessWire) LookingGlass™ Cyber Solutions, a leader in threat intelligence driven security, today announced that its ScoutPrime™ platform has successfully...

LockPath Announces Availability of GRC Buyer's Guide (Marketwired) Guide will help bring transparency to GRC software purchasing

eSentire Adds Cloud Visibility to Deliver Integrated Managed Detection and Response (Marketwired) 360-degree visibility across network, endpoint, and cloud enables unparalleled threat detection and response from fully nanaged security operations center (SOC)

Cisco Accelerates Digital Network Transformation with New Virtualization and Security Technologies (EMEAR) According to a newly released IDC study, organizations around the world are expected to triple the adoption of modern, automated networks over the next two years. To accelerate the journey to these digital-ready networks, Cisco is introducing new technologies that allow customers to virtualize and secure their networks.

Simility Achieves PCI DSS Service Provider Level 1 Compliance (Benzinga) Cloud-based fraud prevention solution achieves PCI Compliance to beef up customer data security from credit card fraud and hacking.

Not all threat intelligence is created equal (Help Net Security) Learn the difference between threat intel versus threat intelligence platforms, how threat intelligence changed over the past few years, and much more.

Hypori: First Virtual Mobile Device to Achieve NIST Certification (Video) - American Security Today (American Security Today) Hypori, has obtained the Federal Information Processing Standards (FIPS) 140-2 Level 1 certification for cryptographic modules from the National Institute of Standards and Technology (NIST), making it the first virtual mobile infrastructure (VMI) provider to receive the difficult certification for a virtual mobile device. The certification approves Hypori’s virtual mobile device as a method for federal …

Spirent extends security, performance testing leadership with CyberFlood (-Voice&Data) British telecommunications company Spirent Communications said that it has extended its lead in security and performance testing by introducing the industry’s first server-response fuzzing capability within CyberFlood, its premier security test solution.

DarkMatter launches secure mobile suite | The National (The National) DarkMatter’s Katim suite includes a secure mobile device with its own 'hardened' Android operating system, together with a secure communications application suite and cyber command centre.

Lidera Network Signs Agreement with Cylance to Distribute Artificial Intelligence-Based Cybersecurity Solution (BusinessWire) Lidera Network, IT value wholesaler, has signed a distribution agreement with Cylance® Inc. to offer its next-generation endpoint security solutio

Carbon Black extends reach with M.Tech partnership (CSO) Carbon Black, the leading provider of next-generation endpoint security, today announced a channel distribution agreement with M.Tech, a leading regional IT security solutions distributor.

Google's Ease-of-Use Email Encryption Project Goes Open Source (Dark Reading) E2Email, together with open source Key Transparency project, are meant to take on the challenges that have dogged end-to-end email encryption adoption for decades.

Google shifts on email encryption tool, leaving its fate unclear (CSO Online) Google is asking developers to take over its effort to make end-to-end email encryption more user friendly, raising questions over whether it’ll ever become an official feature in the company’s products.

Technologies, Techniques, and Standards

The CEO's Guide to Data Security - AT&T Cybersecurity Insights | Volume 5 (AT&T Cybersecurity Insights) Increasingly, organizations of all sizes are facing a growing variety of cyberthreats. Protect your data through innovation with AT&T Cybersecurity Insights: The CEO’s Guide to Data Security.

Rewriting the rules on how to protect against evolving adversaries (Help Net Security) Hackers are getting better at exploiting your organization's increasingly complex IT environment. Adversaries are using highly customized attack campaigns

Who should be on an insider risk team? (CSO Online) Catching an insider taking confidential information doesn't happen by chance, and policies and procedures must be in place to know what to do when an insider is caught.

What should an insider risk policy cover? (CSO Online) To protect from liability concerns, enterprises need something in writing so that everyone knows what to do upon finding an insider threat. Here are some suggestions from security experts.

Measuring the Detection and Response Gap (ThreatConnect) Despite efforts to stockpile the best technology and assemble an army of defenders, today’s security organizations struggle with inefficiencies.

The Top Six Obstacles to Adoption of the Industrial Internet of Things (Mocana) The following aspects show how many hurdles will be surmounted to open the inevitable future of the IIoT.

In Cybersecurity, Language Is a Source of Misunderstandings (Dark Reading) To successfully fight threats across industries, we must all use the same terminology.

Addressing pain points in governance, risk and compliance (Help Net Security) The end goal with GRC implementation is to streamline the general day-to-day processes of activities, and support collaborative efforts between departments.

20 Questions for SecOps Platform Providers (Dark Reading) Security operations capabilities for the masses is long overdue. Here's how to find a solution that meets your budget and resources.

Regardless of where it is stored, it's your data in their cloud. (Infosecurity Magazine) Regardless of where it is stored, it's your data in someone else's cloud.

Learning Cryptography Through Bitcoin’s Proof of Existence Feature (Nigeria Today) Proof-of-existence (PoE) is a utility built into the Bitcoin blockchain that allows anyone to store records in an immutable fashion.

Paranoid Spouses Can Spy on Partners' iOS 10 Devices with iCloud Backups (Motherboard) In this case, you still need the target's Apple ID and password.

Design and Innovation

Roundup: Conversations with Innovators (The CyberWire) While at RSA 2017 we spoke to a number of companies, and we've recounted what we learned in our other coverage. But we also wanted to present a roundup of some of the more interesting and innovative start-ups we caught up with before, during, and after RSA. Here are some firms worth your attention.

Opinion: The tech behind Bitcoin could reinvent cybersecurity (The Christian Science Monitor Passcode) Blockchains track, record, and secure transactions made within the virtual currency Bitcoin. They can also help defend many critical systems from devastating cyberattacks.

Google! Here's how to achieve 'really intelligent search' (Computing) Peter Cochrane examines how to bring AI to bear on search engines - but do Google et al really want to make search more efficient?

Academia

Cyber attack simulation unearths fresh talent (The Engineer) This year’s first Cyber Security Challenge UK has taken place, with 30 of the country’s top amateur cyber practitioners coming together to defend against a simulated attack. Hosted by Protection Group International (PGI), the event saw teams attempting to thwart a cyber attack on a connected car company, similar to the 2016 Mirai DDoS IoT...

Coding, Cybersecurity Classes Give Hawaii Teens Head Start on IT Career Path (Government Technology) Four students from Waipahu High School are on track to work part time at the National Security Agency’s Hawaii office while they are seniors.

Legislation, Policy, and Regulation

The failure of EU's regulation on cyber-surveillance tech exports (Help Net Security) A report shows how EU regulation has failed to prevent authoritarian regimes from getting their hands on cyber-surveillance technology.

Sweden to scale up cyberwar defense funding (Fifth Domain | Cyber) Sweden is set to earmark increased budgetary funding to strengthen its cyberwarfare defense infrastructure and increase the country’s capability to protect critical infrastructure.

Cyberwar, US, Russia and the non-State Actors: Frenemies with Benefits? (Cyberint) The growing tension between Russia and the US on the cyberfront has opened a Pandora box of cyberthreats. Are we on the verge of the “cold cyberwar”?

Russia looks for positive signals in Trump's speech to Congress (Reuters) Russia's deputy foreign minister said on Tuesdays that relations with the United States were at their lowest ebb since the Cold War, but hoped they could improve under U.S. President Donald Trump.

NSA, Cyber Command structure should remain the same (TheHill) OPINION | THe U.S. can learn from Israel.

FCC Chairman pledges to roll back net neutrality regulations during European address (TechCrunch) As Ajit Pai took the stage for a speech at Mobile World Congress in Barcelona this morning, CNBC anchor Karen Tso noted that the newly appointed FCC..

US regulator set to tamp down on privacy rules (The Christian Science Monitor Passcode) The Federal Communications Commission will announce plans to delay Obama-era privacy regulations that would push broadband companies to institute stronger standards for protecting consumers' data.

Litigation, Investigation, and Law Enforcement

Yahoo offers new details on breaches to Senate committee (TechCrunch) Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving..

Samsung head Lee Jae-yong charged with bribery, embezzlement and hiding assets overseas (Computing) Four other Samsung executives also charged

IT admin was authorized to trash employer’s network he says (Naked Security) It’ll make you think twice about hitting the delete key

Two Charged In Gas Station Card-Skimming Scheme (Dark Reading) Two individuals face federal charges for skimming debit card information from gas station pumps across multiple states.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Inaugural Yorkshire and Humber Cyber Protect Business Conference (Leeds, England, UK, February 28, 2017) The aims and objectives of this conference are to raise cyber awareness built around the 10 steps to cyber security, provide an environment and opportunity for professionals to network and share experiences...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army,...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.