skip navigation

More signal. Less noise.

Daily briefing.

Trustwave and Forcepoint are tracking the evolution of Carbanak through the gang's use of legitimate Google services. They're also following Carbanak's expansion of its target set from financial services to the retail and hospitality sectors.

There's a fair amount of extortion news at week's end. Ransomware criminals who've been hitting Elasticsearch and MongoDB databases have begun to devote similar attention to CouchDB and Hadoop. The tools for attacking MongoDB and Elasticsearch, as well as a list of vulnerable installations, are now being sold by "Kraken0" on the black market for about $500. Elsewhere in the criminal souks, Satan ransomware-as-a-service is being offered to criminals who lack the time, resources, or technical chops to come up with their own attacks. They offer a wizard to walk aspiring crimelords through the process. (Bleeping Computer has the details through researcher "Xylitol.")

Fortinet has discovered a new strain of Android ransomware that targets Russian-speaking users. It's unusual in at least two respects. First, its demand is very large—₽545,000, or about $9100—at least an order of magnitude more than the cost of the Android devices whose screens it locks. Second, it asks for payment by credit card as opposed to the customary cryptocurrency.

Locky ransomware makes a minor comeback, but may be on its way to supersession by Spora.

An unusually repellent extortion attack hits the Indiana cancer services not-for-profit Red Door. Back your files up.

There's apparently some big event going on about forty miles south of us today. What'd we miss?

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, Georgia, Iceland, Russia, Sweden, Ukraine, United Kingdom, United States.

In today's CyberWire podcast we hear from our partners at Terbium Labs, whose Emily Wilson addresses the perception that the dark web is full of terrorists. (It's full of a lot of other people, too.) Today's guest, Simone Petrella from CyberVista discusses workforce issues and the continuing challenge of filling the cyber gap.

A special edition of our Podcast is currently available. It covers buying cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Cyber Security Lunch & Learn (Norfolk, VA, USA, February 2, 2017) Learn how to build a better security incident response program in 2017 from a SANS instructor and enterprise CISO! Earn CPE Credits.

Women in Cyber Security (Tucson, AZ, USA, March 31 - April 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Public Urged To Help DDoS Trump’s Inauguration In Protest (IS Buzz News) A software engineer is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service (DDoS) attack, an illegal act under federal law. IT security experts from DomainTools, Imperva and NSFOCUS IB commented below.

The emergence of the 'cyber cold war' (CNN) A spectre is haunting the West -- the spectre of cyberwar

Squirrels Keep Menacing the Power Grid. But at Least It’s Not the Russians (Wired) Nearly four years ago, Cris Thomas began documenting attacks on the US power grid. The number of incidents was eye-popping; over 1700 in all, impacting nearly five million people. The perpetrators? Squirrels. And birds. Assorted rodentia. Some industrious frogs, too

The Changing Face of Carbanak (Threatpost) Months of ramped up Carbanak activity that includes a new host of targets and new command and control strategy has reinvigorated attention on a criminal outfit that may have at one time stolen up to $1 billion from banks worldwide

Cybersecurity Experts Uncover Dormant Botnet of 350,000 Twitter Accounts (MIT Technology Review) A massive botnet secretly infiltrated the Twitterverse in 2013 but has lain mysteriously dormant since then, say researchers

Attackers start wiping data from CouchDB and Hadoop databases (CSO) After MongoDB and Elasticsearch, attackers are looking for new database storage systems to attack

MongoDB Ransomware is being sold online (The Next Web) January has been a rough month for anyone that a.) uses the popular MongoDB database software, and b.) doesn’t really know how to secure it

New Satan Ransomware available through a Ransomware as a Service (Bleeping Computer) A new Ransomware as a Service, or RaaS, called Satan has been discovered by security researcher Xylitol. This service allows any wannabe criminal to register an account and create their very own customized version of the Satan Ransomware

Android Ransomware Locks Phone and Asks for Credit Card Number (Bleeping Computer) A new ransomware family is targeting Android devices, locking access to the screen, and constantly pestering the user to enter his payment card details

Locky Limps Back into Action After Lull (Threatpost) Researchers say Locky spam volumes are limping back into action with two new and tiny campaigns that could reveal telltale signs of a future full-scale attack

Spora ransomware could become the new Locky (Help Net Security) A recent decrease of Locky ransomware infections has been tied with the lack of activity of the Necurs botnet, which is used to deliver the malware directly to potential victims’ email accounts

Cyber Criminals Held Cancer Services Computers for Ransom (HackRead) The targeted computers belong to “Little Red Door” Cancer Services from East Central Indiana

Ransomware Hits Little Red Door: Four Questions You Should Ask (Muncie Journal) In the light of the recent events involving the compromise of the Little Red Door’s company server, data, and privacy, I thought this would be a great time to note some safety tips for all of the non-profits out there when it comes to protecting your data. But first, you should understand that Little Red Door is not alone. The ransomware style of hacking which involves breaking into your systems and stealing your data away from you with a threat to either destroy it or leak it if you don’t pay the ransom is growing

Behind the Scenes of a Phishing Campaign (Imperva Cyber Security Blog) In a previous Imperva Hacker Intelligence Initiative (HII) report we delved into some of the financial aspects of phishing and credential theft

Hackers Hack Hacking Forum As Soon As It's Launched (Motherboard) Possibly one of the most embarrassing things that can happen to a hacking forum is getting hacked

Facebook, Researcher at Odds Over Messenger Issue (Threatpost) Facebook is dismissing claims by a researcher who says multimedia content such as audio-based messages sent via its Facebook Messenger service can be intercepted by a third-party under certain conditions

Control system cyber incidents have injured and killed people in medical applications (Control Global) Control system cyber security is often thought of as affecting the electric grid or energy systems. However, control system cyber security is much more than just the electric grid. When reading the blog, think not just medical devices, but any control system application in any industry. The issues identified below: inappropriate software, unanticipated interactions, and lack of appropriate training have been the root cause of numerous control system cyber incidents in multiple industries (my database of control system cyber incidents in now more than 900)

Most employees use unsanctioned group chat tools (Help Net Security) Employees are sharing sensitive company information using group chat tools that are not officially sanctioned for use, according to SpiderOak

Rsync errors lead to data breach at Canadian ISP, KWIC Internet (CSO) Credit card details, databases, emails, and personal information backed up to public servers

DFM hit by cyber attack (Financial Times Advisor) Hawksmoor Investment Management has sought to reassure clients after it was the victim of a cyber attack earlier this week

Security Patches, Mitigations, and Software Updates

What the end of Patch Tuesday means for businesses (Naked Security) Microsoft will shake up its long-standing patching process next month, replacing its monthly Patch Tuesday security bulletins (also known as Update Tuesday) with a new database and all-encompassing automatic updates

Cyber Trends

How to wake the enterprise from IoT security nightmares (CSO) IoT security costs to climb

Businesses worried about hacks via mobile and IoT - but aren't doing much to stop them (ZDNet) Ponemon Institute research claims budgets often mean security of new technologies takes a back seat

Marketplace

IBM thinks the 'the debate is over' on artificial intelligence — but this exchange says otherwise (CNBC) Wall Street is still waiting for the cash to roll in

2 Stocks Set to Rise During 'Cold War II' (The Street) Geopolitical gamesmanship is flaring anew between America and Russia, which spells persistent long-term demand for cyber security products

Fortinet Looks Undervalued in the Age of Trump (Small Cap Network) Our Elite Opportunity Pro newsletter has suggested mid cap cyber security solutions stock Fortinet Inc (NASDAQ: FTNT) as a new long term idea as we believe it to be undervalued around current levels plus Trump has made cyber security a major focal point

Imperva: More Upside With Incapsula? (Seeking Alpha) The cloud security market is one of the fastest growing cyber security segments. Imperva offers best-of-breed web security solutions to capture future growth. Does Imperva deserve a better valuation?

Gigamon to open Dutch office as it targets security success (Channelnomics) Freshly appointed EMEA vice president Gerard Allison discusses 2017 plans

Avaya files for bankruptcy protection, CEO calls it the 'best path forward' (CRN) Avaya has confirmed that it has filed for Chapter 11 bankruptcy protection in a move chief executive Kevin Kennedy said was "the best path forward"

Pentagon advances cloud strategy with on-prem services from Smartronix, Dell (ZDNet) The Defense Department is aiming to consolidate workloads with a new on-premise managed services contract

Diligent selected for U.S. Air Force COMSEC/CCI tool program (Military Embedded Systems) U.S. Air Force officials selected Diligent Consulting Inc. for the Air Force Communications Secure (COMSEC) and Controlled Cryptographic Items (CCI) Accountability and Tracking (COMSEC/CCI) Tool program. A contract worth over $1.5 million under the NETCENTS-2 Application Services Small Business IDIQ vehicle

root9B Awarded 5-Year Training Subcontract Supporting Department of Defense (WALB 10 News) root9B, a root9B Holdings Inc. (NASDAQ: RTNB) company, and leading provider of advanced cybersecurity services and training for commercial and government clients, announced today that it is part of a team with Chiron Technology Services, Inc. that was awarded a Department of Defense (DoD) training contract. This contract is an indefinite-delivery/indefinite-quantity (IDIQ) contract, and has a period of performance of 5 years, with a ceiling value of $50 million

Dr. Bill Anderson Named Chief Executive Officer of OptioLabs (BusinessWire) OptioLabs promotes Chief Product Officer and mobile security expert

Products, Services, and Solutions

Frost & Sullivan Vulnerability Management Report Names Digital Defense, Inc. Industry's "Best Scanning Engine" (Yahoo! Finance) Digital Defense, Inc., a leading provider of Vulnerability Management as a Service (VMaaS™), today announced that Frost & Sullivan identified Digital Defense's patented scanning technology as the best in the industry, according to its recent Vulnerability Management (VM) Global Market Analysis

Kali Linux certification, first official Kali book on the horizon (Help Net Security) The Kali Linux distribution celebrates its 10th anniversary this year. The hugely popular open source project, maintained by Offensive Security, announced today that its new Kali Linux Certified Professional (KLCP) will debut in Black Hat USA 2017. The KLCP is the first and only official certification program that validates one’s proficiency with the Kali Linux distribution

SkillSmart and ICMCP Announce Partnership to Address Cybersecurity Issues Through Increased Diversity Hiring (PR[.]com) The International Consortium of Minority Cybersecurity Professionals (ICMCP) is working with SkillSmart, a skills-based platform, to increase efforts to address the gross underrepresentation of women and minorities in the Cybersecurity industry

Panda Security’s Adaptive Defense 360 – Cannot Fail to Record Malware (SAT Press Releases) As Adaptive Defense 360 classifies all executed processes, it cannot fail to record any malware

WISekey and Lykke to Integrate Cybersecurity and Trading Apps (Finance Magnates) Lykke will integrate the WISeKey identity and security stack into its digital bitcoin wallets and software

ProtonMail Is Now Available via a Tor Address to Avoid Global Censorship (Bleeping Computer) ProtonMail, today's largest provider of encrypted email services, has announced today a Tor URL that users can utilize if the service is blocked in their country by ISPs or the central government

ID Tech Releases SRED Contactless EMV Reader: Vivopay Kiosk III SRED (AB Newswire) ID TECH, a leading manufacturer of secure payment solutions, mobile payment readers, point of sale peripherals, and digital signage, is proud to announce the release of its newest NFC/Contactless EMV reader, the ViVOpay Kiosk III SRED

New infosec products of the week​: January 20, 2017 (Help Net Security) Twistlock 1.7 comes with new runtime defense architecture... Carbon Black releases Cb Response 6.0... New IPsec VPN-Client from HOB... SOTI simplifies unified endpoint management and remote support with MobiControl 13.3... Benchmark third-party cyber risk with CyberGRX

Technologies, Techniques, and Standards

Advancing a standard format for vendors to disclose cybersecurity vulnerabilities (Help Net Security) Technology providers and their customers are joining forces to advance a standard format for vendors to disclose cybersecurity vulnerabilities

Apple’s malware problem is accelerating (Help Net Security) For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the perceived invulnerability of Macs to all manner of computer nasties may not have any grounding in reality – or at least, not anymore

For the sake of national security, Donald Trump needs to trade in his cellphone (Recode) He’s going to have to give up most of the features that make a smartphone smart

Why Containerisation Matters More Than Ever Before (Infosecurity Magazine) Enterprise mobility has come a long way in the past two decades. When the concept was first coined, it meant giving a select number of staff corporate mobile devices with email access, or possibly going so far as to equip them with a laptop for occasional home or remote usage. Few would have predicted it would ultimately mean staff sat in the office while accessing the corporate network via their personal smartphone, checking their emails while walking from one meeting room to the next, setting up their tablet as a second screen on their desk or uploading documents to their personal cloud to be accessed on their journey home

It’s Game Time (Again) For War Gaming (SIGNAL) The technique is on the rebound as educators prepare digital natives for future conflicts

Design and Innovation

Code Development Still not Seeing Security Involvement (Infosecurity Magazine) Code development should have security built in from the start to avoid headaches further along the line, and tools and processes exist to make this possible

Google Uses Cryptographic Signatures, Prevents NSA Backdoor (The Merkle) Google, the technology company overseen by the US$561 billion parent corporation Alphabet, recently released a document entitled “Google Infrastructure Security Design Overview” to provide an overview of how security measures are implemented into Google’s global scale infrastructure

Why the U.S. needs a Smokey Bear of cybersecurity (CNN Money via NBC2) When it comes to dangerous things, the U.S. government has some pretty clever taglines and mascots

Research and Development

Your Heartbeat Could Be a Better Password Than Whatever You’re Using Now (Motherboard) People are notorious for using very bad passwords, so maybe we should be using our heartbeats to unlock our sensitive data instead

Air Force Investing in Deceptive Cyber Technology (Fifth Domain) Once an adversary successfully enters a network, the name of the game is damage mitigation. And this is why the Air Force is interested in deceptive cyber tools

Legislation, Policy, and Regulation

Russia’s radical new strategy for information warfare (Washington Post) Last February, a top Russian cyber official told a security conference in Moscow that Russia was working on new strategies for the “information arena” that would be equivalent to testing a nuclear bomb and would “allow us to talk to the Americans as equals"

Russia Fears That Trump Won’t Be Such a Great Deal After All (Bloomberg) Top officials fret furor in U.S. over hacking could hurt thaw. Doubts about Trump hints that sanctions could be eased

Chinese Are Masters at Blackmailing – Each Other (Foreign Policy) Chinese spies might not be Russians' equals when it comes to compromising foreigners, but they're masters at the home game

Could Iceland’s Hacker-founded Pirate Party be the Future of Politics? (Panda Security) So, Donald Trump is president of the leading world power. Yes, that really happened. While the jury is still out on the reasons behind the new president’s rise to power, many believe it’s down to a sense of apathy towards left wing politicians, in this case Hillary Clinton and the Democrats, who would otherwise be the traditional harbingers of progress and change

The Current State of Cyber Security in Canada (Duo) The most current Canadian Cyber Security Strategy may be from 2010, but recently the Government of Canada is working toward renewing its approach to cyber security by holding a public consultation to review measures to protect critical infrastructure and Canadians from cyber threats

Outgoing Homeland Security Chief: Cyber Security Has Improved But More Work Remains to Be Done (JD Supra) Following an election season characterized by missing emails, private servers and personal laptops, and amidst pervasive allegations of Russian cybercrimes, outgoing Secretary of Homeland Security Jeh C. Johnson issued an exit memo outlining the cybersecurity strides made by the Department of Homeland Security (DHS) during the Obama administration. Despite acknowledging “tangible progress,” Johnson warned that “more work remains to be done"

Hacking the Army (TechCrunch) Amid fears about political hacking, the Army needs hackers more than ever

Litigation, Investigation, and Law Enforcement

Intercepted Russian Communications Part of Inquiry Into Trump Associates (New York Times) American law enforcement and intelligence agencies are examining intercepted communications and financial transactions as part of a broad investigation into possible links between Russian officials and associates of President-elect Donald J. Trump, including his former campaign chairman Paul Manafort, current and former senior American officials said

Chelsea Manning to Obama: Thanks for ‘giving me a chance’ (The Hill) Former Army soldier Chelsea Manning on Thursday tweeted her gratitude to President Obama after he commuted her prison sentence

Why Obama Made the Wrong Call on Chelsea Manning (Foreign Policy) I do not often disagree with my good friends, the legal sharpshooters over at Lawfare. Ben Wittes, a senior fellow in governance studies at Brookings, Susan Hennessy, also a fellow there, and the other contributors have going the most important conversation anywhere on issues of national security and law. Yet I believe they are overlooking an important national security ramification of their argument in favor of clemency for convicted leaker Chelsea Manning. In particular, they are prejudicing the views of civilian approaches to justice over those of the military, in which Manning was a voluntary participant and by the legal standards of which she has already been treated leniently

Assange seeks to discuss his US extradition with the feds (CSO) Assange offered to be extradited to the US if President Obama granted clemency to WikiLeaks source Manning

Microsoft’s standing to sue over secret US data requests in question (CSO) The company has objected in a lawsuit to unreasonable US government requests for customer data

Mirai botnet creator unmasked: US university student named by security blogger Brian Krebs (Computing) Mirai malware evolved to "promote" a Minecraft protection racket, claims security blogger Brian Krebs

Operator of DDoS protection service named as Mirai author (CyberParse) Krebs says he’s fingered author of epic IoT web assault code

Facebook Banned This Canadian Surveillance Company From Accessing Its Data (Motherboard) A small Canadian company selling social media monitoring tools to police, Media Sonar, was banned from accessing Facebook's data, Motherboard has learned

GDPR is Coming – Penalty Primer (Tripwire: the State of Security) It has been eight months since the Court of Justice for the European Union struck down the 15-year-old Safe Harbor arrangement between the EU and US. At the time, there was a good deal of consternation over the future of EU-US data exchange and just how businesses would continue to operate

That Whole Oculus Lawsuit Hinges on What Makes Code ‘New’ (Wired) What exactly does it mean to steal code? That’s a question at the heart of video game company ZeniMax’s $2 billion lawsuit against Facebook—a suit serious enough that Mark Zuckerberg himself took the stand this week in his company’s defense

Fraud and cyber crime are now the country's most common offences (Telegraph) Online fraud is now the most common crime in the countrywith almost one in ten people falling victim, the latest figures have revealed

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

CyberTech (Beverly Hills, California, USA, June 30, 2016) Since 2014, CyberTech has served as one of the largest cyber solutions events around the globe. From Tel Aviv, to Singapore and Toronto, CyberTech is one of the most popular networking events for industry...

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Boston (Boston, Massachussetts, USA, March 29 - 30, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, April 20 - 21, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Kansas City (Overland Park, Kansas, USA , May 4, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Houston (Houston, Texas, USA, May 11, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

SecureWorld Cincinnati (Sharonville, Ohio, USA, September 8, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Detroit (Dearborn, Michigan, USA , September 14 - 15, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld St. Louis (St. Louis, Missouri, USA, October 18 - 19, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Denver (Denver, Colorado, USA, October 5 - 6, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, October 12, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

SecureWorld Dallas (Plano, Texas, USA , September 27 - 28, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

SecureWorld Bay Area (San Jose, California, USA, October 27, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry...

SecureWorld Seattle (Bellevue, Washington, USA, November 9 - 10, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry...

Upcoming Events

SANS Las Vegas 2017 (Las Vegas, Nevada, USA, January 23 - 28, 2017) Attend SANS Las Vegas 2017, where SANS will provide outstanding courses in IT security, forensics, and security management presented by the best cybersecurity teachers in the country. At SANS events you...

BlueHat IL (Tel Aviv, Israel, January 24 - 25, 2017) Announcing BlueHat IL – a special edition of Microsoft's leading cyber security conference for top professionals, to be held for the very first time in Tel Aviv, Israel. Over the past 10 years, BlueHat conferences have drawn the brightest minds in security to discuss key industry challenges. And now, BlueHat IL is here to crank it up by exploring and creating new cyber security thoughts and boundaries. This exclusive, by invitation only, single track event will host top cyber security professionals from around the world, who will come together to tackle the present and peek into the future. It will feature brilliant speakers and focus on breakthrough research, key trends and emerging threats in the field. Registration closes December 28.

SANS Cyber Threat Intelligence Summit & Training 2017 (Arlington, Virginia, USA, January 25 - February 1, 2017) Join SANS at this innovative Summit as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities. Most organizations are familiar with threat intelligence, but...

Blockchain Protocol and Security Engineering (Stanford, California, USA, January 26 - 27, 2017) This conference will explore the use of formal methods, empirical analysis, and risk modeling to better understand security and systemic risk in blockchain protocols. The conference aims to foster multidisciplinary...

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global...

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of...

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response,...

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively ...

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace...

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.