skip navigation

More signal. Less noise.

Daily briefing.

Kaspersky Lab reports finding a new version of Shamoon, which it's calling "StoneDrill." Like its progenitor, StoneDrill is destructive, deploying a wiper across infected machines to destroy data. Kaspersky discovered StoneDrill in the course of investigation the three waves of Shamoon 2.0 attacks that began in November 2016. 

StoneDrill is more evasive than Shamoon (it avoids execution in sandboxes) and includes "mostly Persian resource language sections." (Shamoon 2.0 featured Yemen's version of Arabic; Kaspersky notes that both language cues could easily be false flags.) It's begun to turn up in Europe, indicating its potential spread beyond its original Saudi range. The threat group associated with Shamoon, and probably with StoneDrill, is Charming Kitten (a.k.a. Newscaster and NewsBeEF), thought to be an Iranian group. Kaspersky, however, offers no attribution.

Malwarebytes warns that a Trojanized version of Facebook Lite for Android targets Chinese users with Spy FakePlay.

In the US, center-left and progressive advocacy groups are subjected to online blackmail: Russian hackers (thought to be criminals and not intelligence services, although, as Bloomberg observes, in Russian operations that can be a difficult line to draw) threaten to release embarrassing emails and shared documents.

In M&A news, CA buys Veracode for $614 million. Edwards acquires Evolved Cyber Solutions, Inabox buys Logic Communications, and Okta acquires Stormpath.

In the US, Congress considers legislation that would permit hacking victims to access their attackers' non-cooperating systems to determine attribution. Observers are divided as to whether this is a good idea.

The Obama-Trump wiretapping dust-up remains...unclear? Uncomfortable?

Notes.

Today's issue includes events affecting Australia, Azerbaijan, Canada, European Union, Iran, Russia, Saudi Arabia, United Kingdom, United States, and Yemen.

In today's podcast, we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin talks about a murder case involving Amazon's Alexa (not, we hasten to add, as either suspect or victim). We also speak to Neill Feather of SiteLock about a new WordPress vulnerability.

Our special edition about RSA (Perspectives, Pitches, and Predictions) is up. You may also enjoy some video from RSA. Done by Cylance in partnership with the CyberWire, the video collects some of the more vigorous opinions voiced on the exhibit hall floor. And, of course, our special edition on artificial intelligence is still up, so you can hear what we learned in conversations with experts in the field.

What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, March 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.

Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!

Cyber Attacks, Threats, and Vulnerabilities

StoneDrill: New wiper targets Middle East, shows interest in Europe (Help Net Security) Researchers discovered a new wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.

Cyber threat that attacked military now using new 'wiper' malware (TheHill) Cybersecurity firm Kaspersky Lab announced Monday it had discovered what it believes to be new malware from a hacking group that has, in the past, targeted United States Army personnel and Congressional staff.

Data-wiping malware Shamoon is back, and now it’s targeting Europe: (Ars Technica UK) Meaner strain of Shamoon returns, joined by new, never-before-seen disk wiper.

Kaspersky Lab uncovered a new wiper malware (IT Pro Portal) Security researchers believe StoneDrill has ties to Shamoon 2.0.

From Shamoon to Stonedrill: Wipers attacking Saudi organizations and beyond (Kaspersky Lab) Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

SHA1 Collision Attack Can Serve Backdoored Torrents to Track Down Pirates (Bleeping Computer) A theoretical scenario that leverages the SHA1 collision attack disclosed recently by Google can serve backdoored BitTorrent files that execute code on the victim's machine, deliver malware, or alert copyright owners when their software has been pirated.

Trojanized Facebook Lite steals info, installs apps (Help Net Security) A Trojanized Facebook Lite app for Android has been found stealing device information and installing malicious apps in the background.

Mobile Menace Monday: Facebook Lite infected with Spy FakePlay - Malwarebytes Labs (Malwarebytes Labs) A lite version of the popular mobile app Facebook has been infected with Android/Trojan.Spy.FakePlay.

Hackers could bypass protective measures to gain access to locked Twitter accounts (Graham Cluley) Twitter has patched an issue that allowed attackers to bypass protective measures for user accounts that have been locked.

Russian Hackers Said to Seek Hush Money From Liberal Groups (Bloomberg.com) Russian hackers are targeting U.S. progressive groups in a new wave of attacks, scouring the organizations’ emails for embarrassing details and attempting to extract hush money, according to two people familiar with probes being conducted by the FBI and private security firms.

A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil (SANS Internet Storm Center) Distracted users mistyping the first “n” when accessing www.santanderempresarial.com.br are subject to banking credentials theft and a very convincing phone call from a pretended Santander’s attendant. The call’s reason? To collect the victim’s OTP Token combination and proceed with previously prepared fraudulent.

Western Australia's Web votes have security worries, say 'white hat' mathematicians (Register) iVote's proxy issues certs – and decrypts data – in America

Twitch suffers potential security breach (Computing) Streaming service sends messages to some users warning of potential unauthorised access,Cloud and Infrastructure,Hacking ,cloud summit,Cyber security

Despite cyber attack, Sen. Dinniman’s office stays open (Daily Local News) State Sen. Andy Dinniman said Monday that his offices remain open for business, and Saturday’s upcoming Town Hall Meeting will go ahead as planned despite a ransomware cyber attack that has disabled computers in Senate Dem

Poachers are trying to hack animal tracking systems (Help Net Security) Electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers and hunters.

Security Patches, Mitigations, and Software Updates

WordPress webmasters urged to upgrade to version 4.73 to patch six security holes (We Live Security) Another day, another important security update for WordPress. Oh boy.

Cyber Trends

FTC Report Highlights Low DMARC Adoption (Dark Reading) New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.

Study: Online Businesses Vulnerable To Phishing (PYMNTS.com) A study released by the Federal Trade Commission’s (FTC) Office of Technology Research and Investigation has found that most major online businesses don’t have enough cybersecurity and are not doing enough to prevent consumers from phishing attacks. Phishing is an email scam where cyber criminals send a consumer an email that appears to be from a reliable...

Consumers are wary of smart homes that know too much (CSO Online) Nearly two-thirds of consumers are worried about home IoT devices listening in on their conversations, according to a Gartner survey released Monday.

Protecting data isn't optional: What frustrates CIOs and CISOs? (Help Net Security) Chris Drake, CEO at Armor, talks about the frustration that he sees in the cybersecurity industry as he continues to meet CIOs and CISOs in the field.

Cyber risk management starts with preparing children ‘around a whole different mindset,’ says former Toronto deputy police chief (Canadian Underwriter) Cyber security is more of a human resources issue than a technological issue, while cyber security threats are often detected more than six months after they occur, speakers told insurance professionals at a conference last week. “The nature of IT…

iTWire - Aussie SMBs lose $6600 for each cyber attack (ITWire) Australian small to medium businesses — that is 97% of all Australian businesses — lose around $6600 each time they suffer a cyber attack,...

Marketplace

Endpoint Security Industry To Gain From Enhanced Demand by 2022 | TechAnnouncer (TechAnnouncer) The Global Endpoint security market is valued at USD 9.15 billion in 2016 and is expected to reach a value of USD 17.33 billion by the end of 2022, growing at a projected CAGR of 11.22% during the forecast period of 2017 – 2022. The growing number of PCs, laptops, smart phones, tablets and specialized...

Boardrooms engage in blame games after cyberattacks, finds survey (CSO Online) ​Company execs and their IT department both think the other is responsible in the event of a cyberattack, research has revealed.

CA Technologies to broaden security and DevOps with US$614 acquisition of Veracode (CRN Australia) Broadening security and DevOps offering.

Finjan Signs Licensing Agreement with Veracode (Yahoo! Finance) Finjan Holdings, Inc. , a cybersecurity company, announced that on March 2, 2017, its subsidiary Finjan, Inc. closed a Confidential Patent License Agreement with Veracode, Inc., a cloud based application ...

Edwards Acquires Evolved Cyber Solutions (Edwards Performance Solutions) Brian Hubbard joins Edwards as Director of the Commercial Strategic Business Unit.

Inabox acquires Perth MSP and cloud provider Logic Communications for $1.5 million (CRN Australia) Logic Communications is the second acquisition this year.

Okta acquires Stormpath to boost its identity services for developers (PCWorld) Okta has acquired Stormpath, a company that provides authentication services for developers. The deal should help the identity provider improve its developer-facing capabilities.

Cyber security business helmed by former BAE Systems experts raises £12m (Bdaily Business News) Cyber security business helmed by former BAE Systems experts raises £12m | Technology | London | Bdaily UK | Business News

'Kaspersky Lab' to develop cooperation with Azerbaijan (AzerNews.az) "Kaspersky Lab", a global cyber security company, will develop cooperation with the public and private sectors of Azerbaijan in the field of protection of critical infrastructures.

How Much Is a Google Remote Code Execution Vulnerability Worth? (eSecurity Planet) Google is increasing the amount it pays for RCE vulnerabilities by 57 percent, and payouts for other security flaws are rising as well.

ISACA’S 2017 Women in Technology Survey (ISACA) In 2017, women in tech are still facing significant barriers in the workplace—from a shortge of women role models, to gender-based pay gap, to persistent gender bias that nearly 90% of them say they have experienced.

Industrial Cyber Expert, Karl Henderson, Joins Verve Industrial Protection as EMEA Application Development Leader (Yahoo! Finance) Verve Industrial Protection is pleased to announce the appointment of Karl Henderson as leader of Application Development in EMEA.  Mr. Henderson will ...

Products, Services, and Solutions

1E Launches The Fastest EDR Platform To Query and Control All Endpoints - 1E Enterprise Software Lifecycle Automation (1E Enterprise Software Lifecycle Automation) Tachyon enables IT teams to interact with millions of endpoints running multiple operating systems in real time New York, NY – March 7, 2017 – 1E, which provides the only software lifecycle automation solutions that can handle both routine IT tasks and emergency actions in real time, today launched Tachyon. The fastest and most scalable

Thales Announces Test Drive of Vormetric Transparent Encryption for Google Cloud Platform (Thales) Powered by Orbitera, Test Drive enables prospects to try security solution before purchasing

Webroot Partners with Kaseya to Deliver (Webroot) Webroot with Kaseya helps managed service providers increase security, reduce costs and save

ExtraSecure, the World's Most Secure iOS Email Application, Launches (PRNewswire) Today, electronic communication security has reached a level never seen before...

Synnex beefs up its cloud backup and recovery offering with Acronis partnership (CRN Australia) Tapping into hybrid-cloud data protection market.

Symantec Delivers Solution to Automate Discovery and Remediation Actions for CloudBleed Exposures - PCQuest (PCQuest) Within days of receiving news of the CloudBleed vulnerability

Smart DOM XSS Detection in Qualys WAS (Network Security Blog | Qualys, Inc.) The new mechanism in Qualys WAS for detecting DOM based cross-site scripting (DOM XSS) works in an automated manner with no special setup or knowledge requirements, enabling security teams to great…

White Ops Launches SDK-less Mobile Invalid Traffic Detection Capabilities (BusinessWire) White Ops has announced the latest release of its product portfolio, which includes new detection capabilities for invalid traffic on both mobile web

Owl Computing Technologies expands data diode cybersecurity to the oilfield | Digital Oilfield | JWN Energy (JWN Energy) A major multinational oil and gas company will use Owl Computing Technologies Inc.’s the OPDS-1000 to help protect oil...

Enable self-healing endpoint security with Application Persistence (Help Net Security) In this podcast recorded at RSA Conference 2017, Richard Henderson, Global Security Strategist at Absolute Software, and Todd Wakerley, SVP of Product Deve

Automating PKI for the IoT platform (Help Net Security) Jeremy Rowley from DigiCert talks about automating PKI for IoT platform and building scalable solutions for the IoT platform.

KoolSpan Wins Trust Award for Best Mobile Security Solution at SC Awards 2017 (BusinessWire) KoolSpan's TrustCall wins the SC 2017 Trust Award for Best Mobile Security Solution.

Review: vArmour flips security on its head (Network World) Instead of focusing on the bad guys, vArmour identifies good processes and locks them down.

DNA Connect partners with Radware to protect against “multi-vector attacks” (CRN Australia) New partner offers DDoS protection solutions.

Church of England puts a stop to ransomware with Darktrace (ComputerworldUK) After a two-week learning period where the Darktrace box monitored the Church's traffic, it was able to flag up ransomware attacks in the early stages and before any serious damage was done.

Squadra Technologies Adds USB Data Loss Prevention to Microsoft System Center With secRMM (Yahoo! Finance) Squadra Technologies today announced support for Microsoft System Center Configuration Manager (ConfigMgr) by developing a Windows security solution that audits ...

Technologies, Techniques, and Standards

DRM in HTML5 is a victory for the open Web, not a defeat (Ars Technica) W3C's decision to publish a DRM framework will keep the Web relevant and useful.

New York's Cyber Regulations: How to Take Action & Who's Next (Dark Reading) Even if your company isn't directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.

Bruce Schneier on IoT Regulation (Threatpost) Bruce Schneier talks about the early days of the RSA Conference, his campaign for IoT regulation, and more.

Consumer Reports Debuts Impartial Privacy Standard (Infosecurity Magazine) It can be used by businesses to measure the privacy and security of products, apps and services.

Cyber is a ‘tool to knock down fake news:' former top DoD official (C4ISRNET) Multiple tools are needed to take down Russian propaganda efforts.

Security vendor RSA introduces new strategy for businesses to take on digital challenges (Financial Post) During his keynote at the 2017 RSA Conference, CTO Zulfikar Ramzan told the crowd that any enterprise has to be a joint venture between business and security

How to become a master cyber-sleuth (TechRepublic) Digital Guardian's cybersecurity chief explains how to spot intrusions and password dumping programs, locate dropper software, and block secret backdoors in your company's network.

Pay attention to your threat intelligence’s shelf life (Information Age) Organisations want to be seen to be taking threat intelligence seriously, implementing effective strategies and platforms in the process

Design and Innovation

The Fed-Proof Online Market OpenBazaar Is Going Anonymous (WIRED) OpenBazaar is set to integrate Tor's anonymity features---but still swears it's not trying to attract the dark web's black market sales.

Irish Funds Deloitte wrap up blockchain project (IBS Intelligence) Irish Funds completed its blockchain proof of concept for regulatory reporting, RegChain

Research and Development

Verizon to help develop data analytics capabilities for insurance industry (Networks Asia) Getting access to real cybercrime data is a huge boon to the insurance industry.

Legislation, Policy, and Regulation

'A solution looking for a problem': the downside to a Department of Homeland Security for Australia (The Sydney Morning Herald) Australia's record in preventing terrorist attacks is one of the best in the world, so why would you want to restructure the system responsible for it? This is the threshold question for the push to create a new mega-department along the lines of the US Department of Homeland Security.

Proposed Bill Will Allow Victims to Hack Their Attackers to Stop Cyber-Attacks (Bleeping Computer) The US is discussing new legislation that will allow victims of ongoing cyber-attacks to fight back against hackers by granting more powers to entities under attack in regards to the defensive measures they can take.

Active Defense Bill Raises Concerns Of Potential Consequences (Threatpost) A bill that would exclude organizations from prosecution for hacking back is already stirring up some concerns about potential unintended consequences.

Trump cybersecurity executive order coming soon (FederalNewsRadio.com) Former federal cyber officials and industry stakeholders say it's important to consider the role of agency leaders and not to jump to conclusions on hiring.

Donald Trump: The First Cyber President - Leadership Starts at the Top (SC Magazine US) President Trump enters office in a very unique situation with revelations of Russia cyber operations' potential influence on the outcome of his election.

DHS finalizing best practices for notifying victims of major cyber breaches (FederalNewsRadio) A committee within the Homeland Security Department is finalizing a new guide for agencies, state and local governments and other organizations involved in cyber breaches with best practices for notifying victims.

Litigation, Investigation, and Law Enforcement

Journalists: How hacking details matter (Errata Security) When I write my definitive guide for journalists covering hacking, I'm going to point out how easy it is for journalists to misunderstand....

Trump hits out at security services in Obama wiretap row (Times of London) Donald Trump signalled a new rift with intelligence chiefs yesterday when he refused to accept guarantees that President Obama had not tapped his phone. The head of the FBI fought privately over...

U.S. Warned of Foreign Intel Operations After Russian Met With Team Trump at RNC (The Daily Beast) While members of the Trump campaign mingled with Moscow’s ambassador, DHS was prepping a warning: Watch out for approaches by foreign intelligence officers.

Trump, Offering No Evidence, Says Obama Tapped His Phones (New York Times) President Trump called former President Barack Obama a “bad (or sick) guy” as he leveled an explosive claim about election-season wiretapping.

Trump's Wiretap Claims: What We Know and What We Don't (Weekly Standard) I spent most of the last two days reporting out the extraordinary allegations President Donald Trump made against his predecessor, Barack Obama – that Obama had Trump's "wires tapped in Trump Tower." And I've spent many hours over the past several weeks looking into claims about ties between Trump's team and Russia and counterclaims that the entire thing is an elaborate attempt to delegitimize Trump's presidency.

FISA Is Not Law-Enforcement -- It’s Not Interference with Justice Department Independence for White House to Ask for FISA Information (National Review) In my earlier post, I explained that the Obama camp is disingenuously responding to revelations that, during the presidential campaign, the Obama administration conducted an investigation, including wiretapping, against Trump associates and perhaps Donald Trump himself. As I elaborated, one avenue of response is to conflate the Justice Department’s two missions – law-enforcement and national security. We can see this strategy playing out in the New York Times coverage of the controversy.

Spies have ‘considerable intelligence’ of collusion between Russian officials and Donald Trump team (The Independent) A former National Security Agency (NSA) counterintelligence officer says US agents have “considerable intelligence” of high-level Russians discussing collusion with Donald Trump’s election team.  John Schindler, a security expert specialised in espionage and terrorism, tweeted : “Ahem: US IC has considerable SIGINT featuring high-level Russians talking about their collusion with Team Trump.”  The former agent said that intelligence has been gathered from the NSA and its partners from intercepted electronic and communication signals. 

Bush-Era CIA Director: U.S. Has 'Been in Continuous Crisis for 45 Days,' All Internal (News and Politics) Hayden: If Trump saying FISA judge found probable cause, 'I don't think that is a good news story, either.'

This is as Serious as it Gets (Canada Free Press) This is as Serious as it Gets, President Trump has been provided the evidence of a paper trail leading to a FISA court that substantiates his assertions that Obama, obtained authorization to eavesdrop on the Trump campaign under the pretense of a national security investigation

NSS Labs releases scathing response to CrowdStrike endpoint security accusations, questions customer security (http://www.channelnomics.com) CEO says lab will test product again if CrowdStrike 'fixes' it,Security,Vendor ,crowdstrike,NSS Labs,Cyber security

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Upcoming Events

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 7 - 8, 2017) Don’t miss out on the opportunity to be a part of the conversation regarding how cybersecurity is impacting not only ground vehicles, but air and maritime platforms. What are the synergies amony Army,...

15th annual e-Crime & Cybersecurity Congress (London, England, UK, March 7 - 8, 2017) Europe's largest and most sophisticated gathering of senior cybersecurity professionals from international business, governments, law enforcement and intelligence agencies.

ISSA Mid Atlantic Security Conference (Rockville, Maryland, USA, March 10, 2017) Join us for a full day of training by industry leaders discussing some of the latest topics in tactics and techniques for preparing for cyber-attacks. This conference will feature a variety of presentations...

Investing in America’s Security: Cybersecurity Issues (Jersey City, New Jersey, USA, March 10, 2017) Please join us for the 5th Annual Northeast Regional Security Education Symposium hosted by the Professional Security Studies Department at New Jersey City University. The Symposium’s keynote address will...

IAPP Europe Data Protection Intensive 2017 (London, Englan, UK, March 13 - 16, 2017) Set in London, the Data Protection Intensive delivers innovative solutions to today’s top privacy and data protection challenges. Known for its exceptional programming, the Intensive has come into its...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.