skip navigation

More signal. Less noise.

Daily briefing.

Get the CyberWire Quarterly Report by joining our Producer's Circle

We're happy to add a new benefit this week, available to those who support the CyberWire as Producer's Circle Patrons: exclusive access to our new Quarterly Report. If you'd like to see a sample of the Quarterly Report (redacted, of course, because only the Patrons' have access, and anything else would be dilutive), this is it. And thanks again to all of our Patrons.

Companies continue their recovery from both WannaCry and (especially) NotPetya. The latter attack in particular has had a long-term effect on operations and a material effect on revenue. Concerns about the EternalBlue exploits involved in the attacks appear to have motivated closer attention to patching. 

A resurgence of Android banking Trojans is being reported by Dr. Web and other security firms. Google is now offering Android users of Google Mobile Services 11 (and more recent versions) Play Protect, which is intended to enable them to screen potentially harmful apps.

Banking threats are of course not confined to Android. Kaspersky Lab reports its discovery of NukeBot, a ready-to-attack version of TinyNuke. The malware infects banks' sites with a view to stealing credentials.

Trend Micro warns against a current malvertising campaign it's calling "ProMediads." It's distributing the Sundown-Pirate exploit kit, which is a mashup of ransomware and an information stealer. (It may be related to the GreenFlash exploit.) And the United Arab Emirates brace for GreenBug malware's expected return.

International law enforcement enjoyed a big win yesterday, as a joint operation by the Dutch National Police, Europol, and the US FBI and DEA took down Hansa Market, the contraband market that succeeded recently dismantled Alpha Bay as the dark web's leading source of illicit drugs, weapons, and crimeware. The Dutch Police took covert control of the site over a week ago. Servers were seized and arrests made in Germany, Lithuania, and the Netherlands. Bravo Bitdefender for supplying information vital to the operation.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, India, Italy, Japan, Lithuania, Mexico, Netherlands, Norway, Philippines, Russia, Singapore, Syria, Taiwan, Ukraine, United Arab Emirates, United Kingdom, United States.

Can artificial Intelligence increase the precision of threat hunting?

Artificial intelligence is key to making sense of big data and scaling security data analytics. The “spray and pray” shotgun approach is too expensive and too imprecise to combat advanced attacks. So how do you harness the power of AI to increase precision and to proactively stay ahead of advanced attacks? How do you evaluate threat hunting tools? Join an online fireside chat with guests Josh Zelonis and Stephen Pieraldi to get the answers.

In today's podcast we hear from our partners at Dragos, as CEO and industrial controls system security expert Robert M. Lee introduces himself and the ICS work his outfit does. Our guests are Leslie P. Francis and John G. Francis, coauthors of the book, Privacy - What Everyone Needs to Know.

Deep Instinct at Black Hat (Las Vegas, Nevada, USA, July 22 - 27, 2017) Meet us at Black Hat USA 2017. Visit booth #873. Book a meeting.

BSides Las Vegas (Las Vegas, NV, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present at BSidesLV are looking to engage our participants and be engaged by them. Our presenters don’t talk at you, they converse with you. Come join the conversation!

CyberTexas Job Fair (San Antonio, TX, USA, August 1, 2017) If you're a cyber security pro looking for your next career, check out the free CyberTexas Job Fair, August 1, in San Antonio. It’s hosted by ClearedJobs.Net, and open to both cleared and non-cleared professionals and college-level students. You’ll connect face-to-face with industry leaders Accenture, Booz Allen, Delta Risk, IPSecure, ISHPI, AT&T, Lockheed Martin, NSA and more.

The Cyber Security Summit: Chicago & NYC (Chicago, Illinois, USA, August 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the U.S. Dept of Justice, Cybraics, CenturyLink, Alert Logic and more. Register with promo code cyberwire50 for half off your admission (Regular price $350).

8th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 13, 2017) The 8th Annual Billington CyberSecurity Summit September 13 in Washington D.C. brings together world-class cybersecurity thought leaders for high-level information sharing, unparalleled networking and public-private partnerships from a cross-section of civilian, military and intelligence agencies, industry and academia.

Cyber Attacks, Threats, and Vulnerabilities

5 New CIA Malware Unveiled By WikiLeaks — HTTPBrowser, NfLog, Regin, HammerLoss, Gamker (Fossbytes) As a part of the ongoing CIA Vault 7 series, WikiLeaks has published some new documents. The leaks share details regarding CIA's partnership with Raytheon Blackbird Technologies

The #StayCurrent Report: analyzing the impact and legacy of WannaCry (1E) In May 2017, the WannaCry virus entered the history books as one of the most destructive ransomware attacks of all time. 1E asked 400 US IT professionals about their experiences of the attack.

Maersk still feeling effects of cyber attack, but FMC provides breathing space (Loadstar) Maersk is to conduct a “full post-mortem” on last month’s Petya cyber attack that crashed its global computer information systems.

WannaCry Fallout: 80% Of Brits More Worried About How Organisations Store Their Data Following Latest Attacks (Information Security Buzz)  29% of UK firms will add cyber security to the boardroom agenda following WannaCry attack  58% of UK organisations now feel another attack is imminent  UK  less likely than USA, Australia and Germany to proactively read, seek advice or change  passwords in the wake of the attack Theale UK – New research by leading information security …

UAE issues warning on possible return of GreenBug cyber attack (ArabianBusiness.com) Central Bank urges firms to take actions to protect their systems

Kaspersky Lab reveals NukeBot: The new bank hacker (Software Testing News) Kaspersky Lab researchers have found a new malware called NukeBot, which contains a code designed to steal online banking customer information from specific banks, mainly from France and the United States.

«Доктор Веб»: опасный Android-банкер получает контроль над мобильными устройствами (Доктор Веб) Вирусные аналитики компании «Доктор Веб» исследовали многофункционального банковского троянца Android.BankBot.211.origin, который вынуждает пользователей предоставить ему доступ к специальным возможностям (Accessibility Service). С их помощью вредоносная программа управляет мобильными устройствами и крадет конфиденциальную информацию клиентов кредитно-финансовых организаций. В самом начале наблюдения троянец атаковал только жителей Турции, однако вскоре список его целей расширился, и теперь он угрожает пользователям десятков стран.

API Hooking – Evading Detection with Stealthy Techniques (Infosecurity Magazine) API hooking is one of the memory-resident techniques cyber-criminals are increasingly using.

SambaCry vulnerability exploited by SHELLBIND ioT malicious ware on NAS devices. (Socnexus) Thecybers is an information security tent, keeps you update with cybersecurity news and tips from around the globe.

Skyhigh Networks Reveals Sophisticated Cyber Attack Campaign on Enterprise Office 365 Users (BusinessWire) Skyhigh Networks, the world’s leading Cloud Access Security Broker (CASB) platform, today announced it has detected and remediated one of the fi

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer (TrendLabs Security Intelligence Blog) We’ve uncovered a new exploit kit through the ProMediads malvertising—Sundown-Pirate. It’s a bootleg of its precursors and named so by its back panel.

Beware: New Bank of America Phishing Scam Stealing Card Data (HackRead) Exclusive: The Bank of America is the 2nd largest bank in the United States by assets which makes it a lucrative target for cyber criminals. Today, HackRea

“Orpheus’ Lyre” – where it came from, and what to do [VIDEO] (Naked Security) From how the “Orpheus’ Lyre” bug got its weird name all the way to what we can learn from it. No jargon, just plain English. Enjoy…

DarkHotel 2.0: Inexsmar attack targets politicians via target-specific phishing emails (Inquirer) New attack pairs social engineering with a multi-stage Trojan downloader

New Netsparker Survey Finds Vulnerable Web Applications Make Web Developers an Easy Target, Even When Working Behind a Firewall (Netsparker) Failure to keep test environments opens doors to attackers and allow them to bypass network firewalls.

Symantec Tricked Into Revoking Certificates Using Fake Keys (Security Week) Researcher Hanno Böck has tricked Symantec into revoking TLS certificates by falsely claiming that their private keys had been compromised. Comodo was also targeted, but the company did not fall for the same ruse.

Destruction of Service attacks could shut down organizations for good (Help Net Security) A new Cisco report forecasts potential Destruction of Service attacks, which could eliminate organizations’ backups and safety nets.

New Grid Study Sees United States Vulnerable to Cyberattacks (Morning Consult) A national study on electric grid security released Thursday called on the United States to do more to protect its grid against high-impact attacks, highlighting large gaps in U.S. technology and infrastructure.

Process sensor cyber issues have contributed to catastrophic events (Control Global) Compromising process sensors can, and have, contributed to unintentional and malicious cyber events. There is a need to monitor process sensors to validate process conditions and know whether malware or other issues have caused impacts to the process.

A smart fish tank left a casino vulnerable to hackers (CNNMoney) As smart devices proliferate, hackers will get creative.

Greed for free wi-fi luring you towards cyber criminals (The New Indian Express) The Norton Wi-Fi Risk Reports exposes how vulnerable our online lives are when you connect online  74 percent of Indians believe their personal information is safe when using public Wi-Fi...

IOActive shows how easy it is to hack a Segway (http://www.theinquirer.net) They see them rollin', they hatin'

Surprise: pairing your Segway hoverboard to an app isn't a great idea (The Verge) Hoverboards are still a thing, apparently, and they're still terrible. Researchers at IOActive have found that security oversights in the Ninebot by Segway miniPRO hoverboard could allow an...

The inner workings of eight Apple iOS vulnerabilities exposed (ZDNet) A total of eight Apple iOS security flaws were discovered by a single researcher.

Newcastle University plagued by fake phishing site that accepts payment for courses (International Business Times UK) Scammers want to trick prospective Newcastle University students into paying tuition fees on a phishing site.

"Siren" botnet silenced after spamming Twitter users with porn links (SC Media US) A social media botnet that spams Twitter accounts with links to pornographic content sent more than 8.5 million posts from 90,000 unique accounts before it was finally neutralized, according to a new report.

Security Patches, Mitigations, and Software Updates

Valve Patches Security Flaw That Allows Installation of Malware via Steam Games (BleepingComputer) A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others.

Apple patches critical Broadpwn vulnerability in its various OSes (Help Net Security) Apple Broadpwn patch included in latest security updates for the company's computers, smartphones, Apple Watch and Apple TV.

Apple Releases Security Updates, Fixes Broadpwn Bug (BleepingComputer) On July 19, Apple released security updates for seven of its products, such as iOS, macOS, watchOS, tvOS, Safari, iTunes for Windows and iCloud for Windows.

Oracle’s monster update emphasizes flaws in critical business applications (CSO Online) Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business applications like PeopleSoft and E-Business Suite.

Waratek Offers Guidance on Oracle's Critical Patch Update for July 2017 (PRNewswire) Waratek, the virtualization-based application security company,...

Speed of Windows 10 Adoption Not Affected by WannaCry (Dark Reading) WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.

Cyber Trends

Every organization is only one click away from a potential compromise (Help Net Security) Attackers look for users who already have access to an organization's most sensitive data and aren't as hard to fool as security systems.

US Retailers Feel Like Targets, Even as Breach Rates Drop (Infosecurity Magazine) The majority (88%) consider themselves vulnerable to data threats.

Marketplace

Broadcom's acquisition of Brocade held up by regulation (CRN Australia) Purchase could be delayed for months.

WatchGuard Technologies CEO: We're On The Hunt For Acquisitions (CRN) Prakash Panjwani says partners can definitely expect to see the security vendor make some acquisitions around CASB, access control and layered defense.

Cybersecurity Stocks Near Buy Points Are Selling Off Today: Here's Why (Investor's Business Daily) Check Point was one of six cybersecurity stocks on the verge of breakouts, including Proofpoint and Palo Alto Networks.

Deloitte's cybersecurity arm has consistent growth in revenue, headcount (Houston Business Journal) "It’s really been this whole digital revolution. Hand in hand with that there’re just enormous cybersecurity risks."

Christopher Ahlberg: The Full Xconomy Voices Interview (Xconomy) The second episode of Xconomy’s new podcast, Xconomy Voices, features Recorded Future co-founder and CEO Christopher Ahlberg. His Somerville, MA-based cybe

Deep Instinct Eyes Deep Learning Cybersecurity (PYMNTS) Machine learning is perhaps the hottest buzzword in cybersecurity today. The artificial intelligence technology is deployed by cybersecurity firms in an effort to keep pace with the evolution of cyberattacks, as machine learning algorithms are able to improve predictability the more it is used. But according to Guy Caspi, CEO of cybersecurity company Deep Instinct...

Surging Demand for SecurityScorecard's Risk Ratings Platform Drives Record First Half 2017 Growth (PRNewswire) SecurityScorecard, the leader in security ratings, today announced...

Illumio Appoints Christopher Khadan VP of Customer Success as Demand For Large-Scale Deployments Grows (Illumio) Illumio news release: Illumio Appoints Christopher Khadan VP of Customer Success as Demand For Large-Scale Deployments Grows

Netronome Announces the Appointment Dr. Nils Rix as Senior Vice President of Sales (BusinessWire) Netronome Announces the Appointment Dr. Nils Rix as Senior Vice President of Sales

ForeScout Snags New Executives From FireEye, Fortinet To Build Up 'Powerhouse' Team Around IoT (CRN) The company has hired three security veterans from FireEye and Fortinet as it aims to build up new growth, sales and educational initiatives around its Internet of Things security practice.

BlackRidge Technology Advisor Whitfield Diffie Elected to Join The Royal Society (PRWeb) BlackRidge Technology International, Inc. (OTCQB: BRTI), a leader in cyber defense, is pleased to congratulate Dr. Whitfield Diffie, BlackRidge Advisor known for discovering the concept of public key cryptography, which underlies the security of internet commerce and all modern secure communication systems, for his election into The Royal Society.

Products, Services, and Solutions

New infosec products of the week​: July 21, 2017 (Help Net Security) This week's security products include releases from Awake Security, CyberX, Lastline, RSA, StackRox and HackerOne.

ElcomSoft Tool Decrypts WhatsApp iCloud Backups (PRNewswire) ElcomSoft Co. Ltd. updates Elcomsoft eXplorer for WhatsApp, the company's...

Google has had enough of hackers and is hunting them down with Play Protect (Alphr) The tech giant is now offering the Play Protect security service on every Android running Google Mobile Services 11 or newer

#HackTor: Tor Opens up its Bug Bounty Program (Dark Reading) The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.

BlackBerry gets NSA approval to sell secure messaging tools to US govt (CRN Australia) Fear of eavesdroppers has risen sharply.

Luma Introduces Luma Guardian, Your Personal IT Team (BusinessWire) Luma is once again redefining the home network experience with the debut of Luma Guardian, the world’s first personal IT team. The subscription

Waterfall Security and FireEye Partner to Secure Industrial Control Systems (ICS) (PRNewswire) Waterfall Security Solutions, a global leader in cybersecurity...

Kryptowire Integrates with MobileIron to Provide Automated Mobile Application Security and Compliance Monitoring to Enterprise Clients (BusinessWire) Kryptowire, the mobile app security testing platform used by Federal agencies, is now available to enterprises and integrated with MobileIron EMM.

Lastline Unveils Unprecedented Breach Protection Capabilities (BusinessWire) Lastline, Inc., the leader in advanced network-based malware protection, today introduced Lastline Breach Defender™, the industry’s only s

Darktrace AI empowers global sporting goods manufacturer to detect cyber-attacks in real time (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Leidos to Install, Manage Smart Grid for Lansing Board of Water & Light (Guru Focus) Leidos Smart Grid Select™ delivers business efficiency, customer satisfaction

Technologies, Techniques, and Standards

Cybersecurity Merger & Acquisition Advisement (SecureWorks) Ensure cybersecurity due diligence is part of the strategic merger and acquisition conversation early, assess your exposure and mitigate risk

An Insider’s View on Outside Cybersecurity Threats (Financial Executives) A traditional information security model aimed at securing the back-office no longer addresses the realities of business today.

CGE and CREATe.org Launch 'Cyber Readiness Institute' with Industry Leaders to Improve Cyber Risk Management and Help Secure Value Chains (PRNewswire) The Cyber Readiness Institute (CRI) launches today to enable the...

Onapsis and Cloud Security Alliance Establish ERP Security Working Group to Securely Migrate SAP and Oracle to the Cloud (BusinessWire) Onapsis and Cloud Security Alliance establish ERP Security Working Group to securely migrate SAP & Oracle to the cloud, with CISOs, IBM and Deloit

HITRUST CSF v9 Enhancements Extend "Assess Once, Report Many" Approach as a Standard Security Framework for Multiple Critical Infrastructure Industries (BusinessWire) Enhancements extend HITRUST CSF as a standard security framework for critical infrastructure industries and includes NIST Cybersecurity certification.

In an era of global malware attacks, what happens if there's no kill switch? (CIO Dive) Unlike May's WannaCry attack, most cyberattacks do not come with a kill switch. To avoid panic, make preemptive actions and not reactionary ones.

How to make your cybersecurity training succeed (L&D) A new report reveals where many organisations are going wrong with cybersecurity training

What Really Happens Inside a PR Crisis War Room (WIRED) A veteran of corporate disasters tells you what to do when all hell breaks loose.

Design and Innovation

The thorny issue of verifying humans (CSO Online) Customer identity access management and how verification of users is not working. A look at the concept of levels of assurance (LOA) as an integer based system that needs a rethink. How probability based identity is the way forward. How this can improve the online identity registration process. How simple, but still assured identity systems, make for better customer engagement.

Beware the machines that try to be human (Times (London)) And was the day of my delightAs pure and perfect as I say?The very source and fount of dayIs dash’d with wandering isles of nightFacebook poetry generator — “Grief” themed Microsoft’s public...

TSB plans to unlock bank accounts with the blink of an eye (the Guardian) Bank customers will be able to use iris recognition software on some Samsung Galaxy phones to log into their accounts from September

Parting Shots: The 'Death' of the Password (Infosecurity Magazine) Passwords do still play a big role in securing much of our data

Research and Development

Army Opens Collaborative Cybersecurity Research Center (Electronic Component News) The U.S. Army Research Laboratory opened the Army Cyber-research Analytics Laboratory, or ACAL, on Monday. The facility is unlike any other lab, since it provides industrial and federally-funded partners...

U.S. Army Opens Cyber Analytics Lab (SIGNAL Magazine) The U.S. Army Research Laboratory opened the Army Cyber-research Analytics Laboratory.

Legislation, Policy, and Regulation

Kremlin claims Russia and US are discussing cyber security working group (Washington Examiner) Intelligence and security officials in the U.S. told Reuters, however, that they were not participating in the talks.

Russia and US in joint talks on cyber security, says Putin envoy (Financial Times) Moscow says work on forming bilateral group under way despite anxiety in Washington

CIA director: Moscow loves to 'stick it to America' (Military Times) CIA Director Mike Pompeo said Thursday that Russia is interested in staying in Syria, partly because they "love to stick it to America."

Tillerson cuts high-profile cyberdiplomacy office in State Dept. reorg (Ars Technica) Move demotes US cyber diplomats as part of department overhaul.

As Cyberattacks Destabilize the World, the State Department Turns a Blind Eye (WIRED) "It's manifestly ridiculous."

Congress likely to tie Trump’s hands on Russia sanctions (POLITICO) A bill allowing lawmakers to block the president from easing sanctions on Moscow is likely to move forward despite White House resistance.

Senate panel approves Wray's nomination as FBI director (Reuters) The U.S. Senate Judiciary Committee on Thursday unanimously approved the nomination of Christopher Wray to be FBI director following the dismissal of the agency's former chief, James Comey, by President Donald Trump.

First crisis for French president Macron as army chief General Pierre de Villiers quits over cuts (Times (London)) President Macron faced the most serious test yet of his fledgling administration yesterday after the chief of the armed forces resigned following a dressing-down over defence cuts. General Pierre...

Singapore’s new cybersecurity bill: A work in progress (Enterprise Innovation) Singapore’s Ministry of Communications and Information and the Cyber Security Agency have recently proposed a Cybersecurity Bill, which is open for public feedback until the 3rd of August 2017.

Spyware merchants: the risks of outsourcing government hacking (The Conversation) The Australian government is using spyware. Is that legal?

How Western spyware is being used to shut down Arab rights activists (The Christian Science Monitor) Since the Arab Spring seven years ago, autocratic regimes have spent millions on Western firms' technology to steal activists' contacts, listen in on their conversations, and more.

Litigation, Investigation, and Law Enforcement

Massive blow to criminal Dark Web activities after globally coordinated operation (Europol) Months of preparation and coordination have resulted today, 20 July 2017, in the takedown of two of the largest criminal Dark Web markets, AlphaBay and Hansa.

Dark web Hansa Market shut down after being run for a month by law enforcement (Help Net Security) After the recent Alpha Bay's shutdown, many users flocked to Hansa Market, which was touted as the most secure on the dark web.

Authorities Take Down Hansa Dark Web Market, Confirm AlphaBay Takedown (BleepingComputer) Today, in coordinated press releases, the US Department of Justice (DOJ) and Europol announced the takedown of two Dark Web marketplaces — AlphaBay and Hansa Market.

Exclusive: Dutch Cops on AlphaBay ‘Refugees’ (KrebsOnSecurity) Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017.

Europol Head Tells Us About its Dark Web Market Sting (Motherboard) “This is a massive hit—two of the top three."

International operation takes down AlphaBay, Hansa dark web markets (SC Media US) The globally coordinated, sophisticated operation, in the works for months, severely hobbled the underpinnings of a criminal economy that has seen 350,000 illicit commodities traded. Among the items sold - cybercrime malware

Global Police Spring a Trap on Thousands of Dark Web Users (WIRED) Cops sent unsuspecting users scrambling from one dark web site's takedown to another site—that they controlled.

Alpha Bay Takedown Shows Government Collaboration Capability (Infosecurity Magazine) International cooperation takes down dark web markets Alpha Bay and Hansa.

AlphaBay and Hansa Brought Down by Basic Mistakes, Indictment Reveals (SurfWatch Labs, Inc.) On Thursday morning, the Department of Justice, Europol, and Dutch authorities announced a coordinated law enforcement takedown of AlphaBay and Hansa Market, two of the three largest dark web marke…

How to Win the Online War Against Islamic State (Bloomberg.com) Western governments should empower local partners to take the lead in fighting terrorist propaganda.

ISIS’ Core Helps Fund Militants in Philippines, Report Says (New York Times) The Islamic State’s central command in Syria has sent tens of thousands of dollars to groups that seized a southern Philippine city, a research group said.

Kushner to speak to Senate intelligence panel Monday as part of Russia probe (Washington Post) Paul Manafort and Donald Trump Jr. have also been invited to testify before the Senate Judiciary Committee on July 26.

Putin’s Hackers Now Under Attack—From Microsoft (The Daily Beast) Microsoft is going after Fancy Bear, the Russian hacking group that targeted the DNC, by wresting control of domain names controlled by the foreign spies.

Microsoft is quietly fighting a clever war against Russian hacking group Fancy Bear (TechCrunch) While the White House mulls striking up a joint cyber program with Russia, an unlikely vigilante is taking care of business. As the Daily Beast reports,..

Russian behind Citadel banking malware that led to $500m losses jailed for five years (Computing) Mark Vartanyan - who was working for an e-healthcare firm when he was arrested - follows fellow Russian Dimitry Belorossov into an American slammer

Palantir Contract Dispute Exposes NYPD’s Lack of Transparency (Just Security) News that the New York Police Department (NYPD) is in a fight with Palantir Technologies over access to analytic data the company produced, raises a host of troubling questions.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world...

ISSA CISO Executive Forum: Security Awareness and Training--Enlisting your entire workforce into your security team (Las Vegas, Nevada, USA, July 23 - 24, 2017) The gap in Security skills in the workforce have put the pinch on Security teams. Join us to learn how to get lean by empowering the rest of your organization to understand and manage security risks. We’ll...

AFA CyberCamp (Pittsburgh, Pennsylvania, USA, July 24 - 28, 2017) The AFA CyberCamp program is designed to excite students new to cybersecurity about STEM career opportunities and teach them important cyber defense skills through hands-on instruction and activities.

BSides Las Vegas (Las Vegas, Nevada, USA, July 25 - 26, 2017) BSides Las Vegas isn’t another “talk at you” conference. Everyone at BSides is a participant. Track after track, year after year, the security researchers, engineers, analysts and managers that present...

Cross Domain Support Element Summer Workshop 2017 (Laurel, Maryland, USA, July 25 - 26, 2017) The Unified Cross Domain Services Management Office (UCDSMO) is presenting a two-day workshop for the benefit of the Cross Domain Support Element (CDSE) Offices, and the personnel who support them. Topics...

Black Hat USA 2017 (Las Vegas, Nevada, USA, July 26 - 27, 2017) Now in its 20th year, Black Hat is the world’s leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2017 kicks off with four days...

RSA Conference 2017 Asia Pacific & Japan (Singapore, July 26 - 28, 2017) RSA Conference 2017 Asia Pacific & Japan is the leading information security event in the region. Join us for three days of high quality education, engaging content and valuable networking. Get exposure...

DEF CON 25 (Las Vegas, Nevada, USA, July 27 - 30, 2017) You know how we know it’s almost DEF CON? The Southwest is having a heat wave, that ancient tweet about the Feds (allegedly) not appreciating the ‘Spot the Fed’ contest is back and the interwebz are buzzing...

North American International Cyber Summit (Detroit, Michigan, USA, July 30, 2017) In its sixth year, the cyber summit brings together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic...

Cyber Texas (San Antonio, Texas, USA, August 1 - 2, 2017) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals...

Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 8, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Chicago Receive...

PCI Security Standards Council: 2017 Latin America Forum (Sao Paulo, Brazil, August 9, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment industry or showcase a new product, you’ll...

2017 DoDIIS Worldwide Conference (St. Louis, Missouri, USA, August 13 - 16, 2017) Hosted annually by the DIA Chief Information Officer, the DoDIIS Worldwide Conference features a distinguished line-up of speakers and an extensive selection of breakout sessions allowing attendees to...

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the...

Information Security Summit 2017 (Hong Kong, August 15 - 16, 2017) Effective Use of Analytics and Threat Intelligence to Secure Organizations: The Information Security Summit 2017 is a Regional Event with the aim to give participants from the Asia Pacific region an update...

TechFest (Louisville, Kentucky, USA, August 16 - 17, 2017) TechFest is a biannual summit designed to bring together technology professionals for learning and networking. Attendees will have opportunities to explore economic development avenues for their businesses,...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

The Chertoff Group Security Series: Security In The Boardroom (Palo Alto, California, USA, August 23, 2017) The Chertoff Group Security Series will aim to enhance and add to the Security in the Boardroom conversation by applying our insights into technology, threat, and policy to help executives respond to the...

U.S. Department of Commerce Cybersecurity Awareness Day (Washington, DC, USA, August 24, 2017) On August 24, 2017, the Department of Commerce headquarters is planning the Cybersecurity Awareness Day event which will host guest speakers from throughout the Cybersecurity community. The 2017 Cybersecurity...

7th Annual Cybersecurity Training and Technology Forum (Colorado Springs, Colorado, USA, August 30 - 31, 2017) CSTTF is designed to further educate Cybersecurity, Information Management, Information Technology, and Communications Professionals by providing a platform to explore and enhance cyber resilience, collaboration,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.