skip navigation

More signal. Less noise.

Daily briefing.

Shamoon post-mortems continue as affected Saudi networks mop up the infection.

Over the past week ransomware protection companies Emsisoft and Dr. Web were both hit with distributed denial-of-service attacks, apparently in retaliation for both companies' good work in offering decryption tools and other security assistance to ransomware victims. Emsisoft has told Bleeping Computer that they believe the author of MRCR is responsible for organizing the campaign.

Trend Micro is describing another ransomware campaign, which they're calling "RANSOM_NETIX.A." It's targeting Windows users who also use Netflix, and it's holding their Netflix login credentials hostage. And the Cockrell Hill, Texas, police department has also fallen victim to ransomware. In their case it's thought the infestation came through the usual spam vectors. Security firm Acronis identifies the ransomware strain as "Osiris," an evolved version of Locky. The police declined to pay, instead biting the bullet and wiping the infected server, accepting the loss of several years' worth of records.

Trustwave reports Netgear routers are susceptible to authentication bypass flaws. They disclosed their findings to Netgear, which is making security updates available.

Several researchers are reporting use of malicious SVG image files in the wild.

In industry news, Keysight's rumored acquisition of Ixia seems to be happening, with Ixia fetching $1.6 billion.

ISIS is making hay of President Trump's order restricting immigration from seven Muslim-majority countries. Its narrative suggests (1) ISIS represents Islam, and (2) Islam is the victim here.

Those following Russia's FSB shake-up may wish to revisit an old interview with Shaltai-Boltai.

Notes.

Today's issue includes events affecting Australia, Austria, India, Iran, Iraq, Libya, Pakistan, Russia, Somalia, Sudan, Syria, United States, and Yemen.

Today's CyberWire daily podcast will feature our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin keeps us up-to-date on the IRS and Coinbase. And we'll have a guest from RiskIQ as well: Ian Cowger talks about the malvertising report RiskIQ released this morning.

A special edition of our Podcast will discuss how to become a smarter buyer of cyber security. Every day there seems to be a new security product on the market, with many of them claiming to provide something that you simply can’t live without. Companies appear and disappear, and businesses are faced with difficult, confusing, and often expensive choices. In this CyberWire special edition, we explore how businesses are navigating the process of choosing products and technologies in a crowded marketplace. We talk to some key stakeholders to find out what drives their purchasing decisions, and what they wished their vendors knew before they came knocking on their doors.

Atlantic Council Cyber 9/12 Student Challenge (Washington, DC, USA, March 17 - 18, 2017) The Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to allow students from around the world and various academic disciplines to understand the policy challenges associated with a cyber crisis. Register now as a competitor, judge or observer.

Women in Cyber Security (Tucson, AZ, USA, March 31 - April 1, 2017) With support from various industry, government and academic partners, WiCyS has become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Destructive computer virus ‘Shamoon’ hits Saudi Arabia for third time (GulfNews) The attack effected government agencies petrochemical companies and IT service providers

Emsisoft Website Hit by DDoS Attack as Company Releases Ransomware Decrypter (BleepingComputer) In the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities.

What is DDoS – Distributed Denial of Service? Webopedia Definition #hosting #service (VDS) DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan. are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

Malware Capable of Paralyzing an Entire Ministry Neutralized (Panda Security Mediacenter) Last December, we saw a large-scale spam campaign that spread malware to more than ten countries, and specifically targeted a major European ministry.

Picky ransomware targets specific subset of would-be Netflix users - Help Net Security (Help Net Security) Aspiring Netflix users who don't want to actually pay for the popular video on demand service are being targeted with a new type of ransomware.

Netflix Scam Spreads Ransomware (Dark Reading) A program found on suspicious websites aims to trick Windows/PC users into creating fake Netflix logins so it can deliver ransomware.

Ransomware steals 8 years of data from Texas police department (CSO Online) Videos that were evidence to crimes are now lost. Attorneys are ready to pounce.

CVE-2017-5521: Bypassing Authentication on NETGEAR Routers (Trustwave) Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers,...

Hundreds of Thousands of Netgear Routers Vulnerable to Password Bypass (Threatpost | The first stop for security news) Hundreds of thousands–potentially more than one million–Netgear routers are susceptible to a pair of vulnerabilities that can lead to password disclosure.

Dozens of Netgear products vulnerable to authentication bypass flaws (CSO Online) Simon Kenin, a security researcher at Trustwave, was – by his own admission – being lazy the day he discovered an authentication vulnerability in his Netgear router. Instead of getting up out of bed to address a connection problem, he started fuzzing the web interface and discovered a serious issue.

SVG Image Format Set for Wider Adoption in Malware Distribution (BleepingComputer) SVG has all the makings of a great malware distribution medium, and crooks are bound to migrate to this new file format, now that Google has moved to ban .js email attachments.

Many Android VPN Apps Breaking Privacy Promises (Threatpost | The first stop for security news) Academics studying 283 Android VPN apps quantified a number of problems associated with native platform support for VPN clients through the BIND_VPN_SERVICE.

Are America’s Airlines Under Cyber Attack? (NASDAQ.com) For the second time in a week, a major U.S. airline grounded its fleet after its computer systems stopped working. The latest incident involved Delta Air Lines (NYSE: DAL) , which canceled 170 flights on Sunday and another 110 on Monday because its "essential IT systems went down" over the weekend.

Details on 200,000 racing fans exposed by IndyCar (CSO Online) Chris Vickery, a security researcher for MacKeeper, recently discovered an open Rsync server hosting the personal details for at least 200,000 racing fans. The data comes from a now defunct racing forum called DownForce, which closed several years ago, leaving Vickery to question why the data was kept in the first place.

Sex club for women exposes members’ private photographs (Naked Security) Poorly configured website left photos available online – we offer tips on how to protect your privacy when you sign up to sensitive sites

The overlooked security threat in your office: printers (iTnews) Attacks can cause physical damage.

Malvertising Rises 132% in 2016 Over 2015, Says RiskIQ Research (BusinessWire) RiskIQ digital threat detection data indicates a sharp increase in malvertising trend

RiskIQ’s 2016 Malvertising Report (RiskIQ) Once again, malvertising was on the rise in 2016. To combat this problem, RiskIQ scans over 2 billion pages and 15 million mobile apps per day, resulting in a curated blacklist of malicious ads from across the Internet.

EyePyramid and a Lesson on the Perils of Attribution - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) In the past weeks, information-stealing malware EyePyramid made headlines after it was used to steal 87GB of sensitive data from government offices, private companies and public organizations. More than 100 email domains and 18,000 email accounts were targeted, including those of high-profile victims in Italy, the U.S., Japan and Europe.

Should You Worry About Your Oculus Sensor Spying on You? We Asked the Expert (Motherboard) Researcher who discovered you can get clear images through the Oculus Rift's sensors discusses the pros and cons of a camera-based system.

Security Patches, Mitigations, and Software Updates

Web GUI Password Recovery and Exposure Security Vulnerability (Netgear) NETGEAR is aware of the security issue that can expose web GUI login passwords while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router. Remote management is turned off by default; users can turn on remote management through advanced settings.

Cyber Trends

Half the Web Is Now Encrypted. That Makes Everyone Safer (WIRED) Computer security news is usually pretty dismal. But today the web got safer in a very important way.

Irregular application testing: App security in healthcare - Help Net Security (Help Net Security) Nearly half (45%) of NHS trusts scan for application vulnerabilities just once a year, with less only 8% doing so on a daily basis, according to Veracode.

Machine learning in cybersecurity will boost big data, intelligence, and analytics spending - Help Net Security (Help Net Security) ABI Research forecasts machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.

Insurers prepare for worst: cyber attack followed by a hurricane (Financial Times) Sector tries ‘war game’ to judge its readiness for $200bn in losses

Security Operations Centers Falling Below Optimal Levels (HealthITSecurity) A recent study found that SOCs are not as strong as they should be, which healthcare entities should take note of as they mitigate cybersecurity risk.

What's In Store For Global Cyber Security In 2017 (Forbes) 2016 was a particularly eventful year in the cyber threat landscape. Nation-state operations played large in the US presidential election, database breaches grew ever larger and cybercriminal tactics more innovative. Individual activists and mass-participation campaigns continued to target companies and organizations for ideological reasons. 2017 will be a year when geopolitical shifts and technological advances by nation-state and criminal actors will combine to create an unprecedentedly complex cyber threat landscape.

Marketplace

Keysight Technologies to grab Ixia for $1.6 billion (TheStreet) The $19.65 per share tie-up with the network security and software solutions provider is set to close by October's end.

IBM Beefs Up Cybersecurity Tools with Agile 3 Solutions Buy (CIO Today) Tech giant IBM has announced plans lo acquire Agile 3 Solutions, a software developer used by C-level and senior executives to help visualize, understand and manage risks associated with the protection of sensitive data.

Data61 wants Australia to go all-in on fintech and cybersecurity innovation (ZDNet) The country's innovation body has urged industry and government to create startups by fostering 'collaboration' between the financial services and cybersecurity sectors in Australia.

Hackers for good: A bug bounty hunter's path to America (The Christian Science Monitor) So-called 'bug bounty' programs, which pay ethical hackers anywhere in the world for reporting security flaws, are the ticket for one Indian security researcher to study in the US.

Cryptomathic joins EEMA (Security Document World) EEMA, the European think tank focussed on identification, authentication, privacy, risk management, cyber security, the Internet of Things and mobile applications, has announced that Cryptomathic has joined as a corporate member.

FPF Joins National Cyber Security Alliance in San Francisco for Data Privacy Day 2017 - Future of Privacy Forum (Future of Privacy Forum) On January 26, 2017, Jules Polonetsky, FPF's CEO, joined the National Cyber Security Alliance and other FPF members and friends at Twitter headquarters for its Data Privacy Day Event 2017. The event featured livedstreamed panels, TED-style talks, and interviews focusing on the latest privacy issues for consumers and business.

Digital Shadows Strengthens its Team of Advisors with Security Industry Veterans (MENAfn) Digital Shadows today announced that several leading cybersecurity luminaries including Art Coviello, Tim Belcher, Jim Bandanza, Dr Srinivas Mantripragada

Products, Services, and Solutions

Cylance Joins CyberWire's Podcast Partner Program (Yahoo! Finance) Cylance experts and researchers to provide regular educational commentary for the CyberWire's global cybersecurity news program.

Unisys Launches Advanced Cyber Resilience Service (Scoop) Resilience testing and planning service uses proven wargaming methodologies to identify threats, develop countermeasures, build long-term response plans and organise and train team members for continuous operations.

WatchGuard unveils new threat detection and response to security suite (IT Brief) “As cyber criminals continue to leverage increasingly varied and sophisticated threat vectors, many companies’ endpoints represent unnecessary risks."

Technologies, Techniques, and Standards

Why companies shouldn't feel helpless in the fight against ransomware - Help Net Security (Help Net Security) According to recent reports, ransomware is now a billion dollar business for cybercriminals. Attackers are honing in on the weak spots of organisations; hu

6 Free Ransomware Decryption Tools (Dark Reading) The No More Ransom group has been working to get free decryptor tools into the hands of security professionals and the general public.

Safe solution proactively protects data in motion. (Infosecurity Magazine) Deploying IPsec packet layer protection without encryption at the lowest network levels leaves points of entry open

Many firms in the dark on cyber security investment (ComputerWeekly) UK businesses need to adopt a risk-based approach to cyber security spending to ensure the best ROI and most appropriate data protection, says industry expert Michael Dieroff.

Six best practices for managing cyber alerts - Help Net Security (Help Net Security) Security pros know that the number of cyber alerts is growing at a frantic pace. Even a mid-sized company can face tens of thousands of alerts every month.

How to use One Time Pad cryptography with a Raspberry Pi (TechRadar) It has never been harder to be entirely certain that any message you send can be transmitted or received in absolute secrecy.

'Threat hunter' emerges as new enterprise security role (SearchCIO) The threat hunter, an emerging category of IT security pros, aims to detect incidents that technology overlooks, bolstering security operations centers.

Design and Innovation

Facebook Designs New Account Recovery System That's Actually Pretty Clever (BleepingComputer) Today, at the USENIX Enigma conference, Facebook engineers announced a new mechanism for recovering access to lost online accounts, which relies on the cooperation between different online services.

Forgotten passwords are bane of the Internet. Facebook wants to fix that (Ars Technica) New Facebook service aims to make security questions a thing of the past.

Facebook Tackles Account Recovery with Delegated Recovery Protocol (Threatpost | The first stop for security news) Facebook’s Delegated Recovery delegates account-recovery permissions to third-party accounts controlled by the user. GitHub is the program’s first partner.

Cisco fosters Blockchain protocol development, IBM shows why technology could relieve security anxiety (Network World) Cisco has helped form a consortium to develop blockchain that could secure Internet of Things applications and more while new study by IBM shows why the technology could become invaluable for businesses worldwide.

How Machine Learning Can Improve Healthcare Cybersecurity (HITInfrastructure) Healthcare cybersecurity will become more airtight as machine learning technology is introduced into health IT infrastructures.

Research and Development

Teleportation-Based Continuous Variable Quantum Cryptography. (arXiv:1408.5012v2 [quant-ph] UPDATED) (Quantiki) We present a continuous variable (CV) quantum key distribution (QKD) scheme based on the CV quantum teleportation of coherent states that yields a raw secret key made up of discrete variables for both Alice and Bob.

Academia

Dates Announced for 2017 Cyber Quests Competition (US Cyber Challenge) Hackers to compete for selective spots at U.S. Cyber Challenge’s Summer 2017 Cyber Camps

Cyber security 'bootcamp' coming to City Colleges (Columbia Chronicle) Cyber security is an essential tool internet users need to ensure their safety, according to local experts, and now Chicagoans will be able to study it at a local community

US Naval Academy Trains Future Cyber Warriors (Fifth Domain | Cyber) Paul Tortora, director of the U.S. Naval Academy's Center for Cyber Security Studies, discusses cyber education.

5 Colleges With NSA-Recognized Cyber Security Programs (University Herald) There are already a number of universities with cyber security programs that are recognized by the National Security Agency.

Governor McAuliffe Announces Cyber Vets Virginia Training Initiative Partnership With SANS Institute’s VetSuccess Academy (AlexandriaNews) Governor Terry McAuliffe today announced an expansion of his Cyber Vets Virginia initiative to include training offered by the SANS Institute. The new offerings provide veterans another pathway into the cybersecurity workforce via the SANS VetSuccess Immersion Academy.

Legislation, Policy, and Regulation

Net PoliticsThe Cybersecurity Dilemma: Where Thucydides Meets Cyberspace - Net Politics (Council on Foreign Relations - Net Politics) The great Greek historian Thucydides wrote of the Peloponnesian War, “It was the rise of Athens, and the fear this inspired in Sparta, that caused war to be inevitable.”

In light of political news, cybersecurity priority does not change (Infosecurity Magazine) In light of political news, cybersecurity priority does not change

Trump's Immigration Order Is a Propaganda Victory for ISIS (Defense One) The American president has reinforced the victimhood narrative at the core of the Islamic State’s recruitment pitch.

National Security Council Changes Are Very Significant, Hayden Says (NPR.org) Rachel Martin talks to ex-NSA and CIA director Michael Hayden about the reorganization of the White House National Security Council. Political adviser Steve Bannon has a permanent seat at the table.

Trump Set to Sign Cybersecurity EO as Election Hack Fallout Continues (Infosecurity Magazine) Trump Set to Sign Cybersecurity EO as Election Hack Fallout Continues. Reports have suggested recent Russian arrests are linked to US election hack

Assessing the Draft Cyber Executive Order (Lawfare) Amidst the whirlwind of executive orders and presidential memoranda that have been in the news, it was easy to miss a purported draft of President Trump’s first executive order (EO) covering cybersecurity issues, leaked to the Washington Post and released on Friday, January 27. The order, titled “Strengthening U.S. Cyber Security and Capabilities,” calls for several 60- and 100-day assessments of the state of U.S. cybersecurity and the identification of areas of improvement. This mirrors the approach taken by President Obama, who ordered his own 60-day cyberspace review shortly after assuming office.

Decoding the 2017 NDAA’s Provisions on DoD Cyber Operations (Lawfare) Thanks to the at-times breathless coverage of the Obama Administration’s deliberations on cyber warfare policy and organization (and now the Trump Administration’s tweets and early proposals), it can be easy to forget that Congress can exert significant power when it comes to the roles, responsibilities, and authorities of executive branch agencies, including the different components of the military.

Column: Protecting nation's electrical grid from cyber attack (Fredericksburg.com) Americans do not simply rely on electric power—it is required for our existence as much as our modern way of life.

Litigation, Investigation, and Law Enforcement

‘A man who’s seen society's black underbelly’: Meduza meets ‘Anonymous International’ — Meduza (Meduza) After a year’s existence, the data-leaking blog Anonymous International, better known as Shaltai Boltai (Humpty Dumpty), has never released truly important documents to the public. Nevertheless, every one of Shaltai’s publications causes a sensation on Russian social networks. (Some of the group’s leaks include private emails allegedly belonging to Deputy Prime Minister Arkady Dvorkovich, Duma Deputy Robert Schlegel, Kremlin official Timur Prokopenko, and Prime Minister Dmitri Medvedev himself, as well as several other politicians.) While targeting such individuals, Shaltai also provides readers with at least a general idea of how the Putin Administration functions. Meduza’s special correspondent, Daniil Turovsky, traveled to Bangkok and met with one of the leaders of Anonymous International, in order to learn more about the group’s origins and why it’s doing what it does.

FBI Assistance Provided to Local Law Enforcement During the Black Lives Matter Movement (FBI) This release consists of FBI materials concerning assistance provided to local law enforcement agencies during the Black Lives Matter demonstrations in July and August 2016.

Europol Teams Up with Global Cyber Alliance to Improve Security (Infosecurity Magazine) Europol Teams Up with Global Cyber Alliance to Improve Security. MoU will see the two work on DMARK and Internet Immunity initiatives

FBI v. Apple: One year later, it hasn’t settled much (CSO Online) At the one-year anniversary of the battle between the FBI and tech giant Apple over unlocking an iPhone, surveillance and privacy rules have not really changed. But they could this coming year, and the debate over that is as intense as ever.

Brazil’s Prisoners Are Coordinating Riots On Smuggled Cell Phones (Motherboard) "The communication of violence has become as important as the violence itself.”

Pakistan puts head of militant charity under house arrest (Fox News) Pakistan has placed the leader of a charity linked to a militant group under house arrest.

Hafiz Saeed put under house arrest; JuD likely to be banned: Reports - Times of India (The Times of India) Mumbai terror attack mastermind Hafiz Saeed has been put under house arrest on Monday at the Qadisiyyah Mosque near Chouburji in Lahore, a Pakistan news channel reported. The organisation is also likely to be banned, the report said.

Man logs into Facebook account of the woman using his stolen laptop (Naked Security) Two wrongs don’t make a right: even if you find someone using your stolen laptop via remote-control software it doesn’t mean you can snoop through their stuff

PG&E is now a convicted felon with court-ordered oversite (Control Global) PG&E is now a convicted felon, fined $3Million, and required to have a monitor for their natural gas operations (beyond the oversite of the CPUC). Additionally, the judge ordered PG&E to serve five years of probation, and PG&E must run a three month advertising campaign on television publicizing PG&E’s convictions.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Credit Union - Information Sharing & Analysis Organization - 2017 Tech Conference (Cape Canaveral, Florida, USA, January 31 - February 2, 2017) Join us for three days of Cyber Security topics that are pertinent to Credit Union cyber resilience, real-time security situational awareness information sharing, and coordinated response in the global...

Southern Virginia - Cyber Security Lunch & Learn (Norfolk, Virginia, USA, February 2, 2017) Cyber security experts discuss security incident response. Dealing with cyber security risk is an exercise in managing daily chaos. Organizations know they need to improve their posture but common roadblocks...

Insider Threat Program Development Training For NISPOM CC 2 (Toms River, NJ, USA, February 6 - 7, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 6-7, 2017, in Toms River, NJ. For a limited time the training...

The Risks and Benefits of Artificial Intelligence and Robotics (Cambridge, England, UK, February 6 - 7, 2017) The Risks and Benefits of Artificial Intelligence and Robotics Workshop aims to provide media and security professionals with an in-depth understanding of the implications that the rapid advancement of...

SANS Southern California - Anaheim 2017 (Anaheim, California, USA, February 6 - 11, 2017) Learn practical, relevant tips and techniques from industry leaders. Join us for SANS Southern California - Anaheim 2017, and choose from eight courses on cyber defense, penetration testing, incident response,...

Cyber Protect Conference (Nottingham, England, UK, February 9, 2017) Business owners have been invited to attend Nottinghamshire's first-ever cybercrime conference to learn how to better protect their data. The Cyber Protect Conference is being jointly hosted by the county's...

Workplace Violence & Response To Active Shooter Events Meeting (Laurel, Maryland, USA, February 9, 2017) The National Insider Threat Special Interest Group (NITSIG) will be hosting a meeting on February 9, 2017, at the Johns Hopkins University Applied Physics Laboratory, Laurel, MD. The meeting will be exclusively ...

RSA Conference 2017 (San Francisco, California, USA, February 13 - 17, 2017) The current state of cybersecurity means there are many opportunities for the industry as a whole to collaborate on new innovations. Discovering the next great opportunity will require everyone to embrace...

Using STIX/TAXII to share automated cyber threat data (San Francisco, California, USA, February 15, 2017) Cybersecurity experts representing the financial sector, healthcare, utilities, software providers, government, academia and nonprofits continue to define/develop the STIX/TAXII specifications as the solid...

Insider Threat Program Development Training For NISPOM CC 2 (Simi Valley, CA, USA, February 22 - 23, 2017) Insider Threat Defense announced it will hold a 2 day training class on Insider Threat Program Development (NISPOM Conforming Change 2) on Feb. 22-23, 2017, in Simi Valley, CA. For a limited time the training...

Risky Business (London, England, UK, February 23, 2017) How are you tackling Cyber Crime in the Property Transaction? Join our panel of expert speakers at the IET in London to find out more about cyber crime in the property transaction and the steps you can...

The 2nd China Automotive Cyber Security Summit 2017 (Shanghai, China, February 24, 2017) CACSS2017 will Provide a platform for Automotive OEMs, Tier 1 suppliers, Automotive security solution/ technology/products developers,Automotive electronics companies, IT companies, Mobile data suppliers,...

SANS Dallas 2017 (Dallas, Texas, USA, February 27 - March 4, 2017) We are pleased to invite you to attend SANS Dallas 2017, on February 27- March 4 at The Westin Dallas Downtown, located in the heart of the city. We have selected several of our top information security...

Autonomous Vehicles Silicon Valley (Santa Clara, California, USA, February 28 - March 2, 2017) The road to autonomy: Regulation. Consumer Acceptance. Safety & Security. Explore the latest technologies and hottest issues for the autonomous vehicles industry.

The Cyber Security Summit: Denver (Denver, Colorado, USA, March 1, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

International Cyber Risk Management Conference (ICRMC) (Toronto, Ontario, Canada, March 2 - 3, 2017) The third annual International Cyber Risk Management Conference (ICRMC) brings together a world class roster of experts with cross-sector, global and multidisciplinary expertise to share knowledge, lessons ...

SANS San Jose 2017 (Milpitas, California, USA, March 6 - 11, 2017) Securing and defending your network has never been more important as attacks and breaches make the news daily. Gain the skills and tools you need to win the battle against the wide range of cyber adversaries...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.