skip navigation

More signal. Less noise.

Daily briefing.

Maryland Cyber People's Choice Award: cast your ballot

May we ask for your support? As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award. If you're read or listen to the CyberWire, we'd appreciate your support. You can vote here through March 22 (and you don't need to be in Maryland, or even in the US, to do so). Thanks as always for reading and listening.

The recently disclosed Apache Struts vulnerability affected Canadian government services last week. Unknown attackers exploited the bug against Statistics Canada at midweek. The Canada Revenue Agency, not itself attacked, was taken offline over the weekend to remediate the same vulnerability. Neither agency believes sensitive information was compromised.

FireEye has released its 2017 M-Trends report on attacks and vulnerabilities.

Unicorn Okta files its long-anticipated IPO.

Google has addressed the Android vulnerabilities exposed in WikiLeaks' Vault 7, but many devices are likely to remain unpatched indefinitely. As observers continue to pick through Vault 7, the emerging consensus is that the operations apparently revealed involved highly targeted foreign intelligence collection (as opposed to bulk domestic surveillance), that there's so far been no significant release of hacking tools, and that the US should rethink vulnerability stockpiling and disclosure policies. (But on this last conclusion, see the debate described here.)

There's also an emerging consensus that the leaks probably came from a CIA insider, although a newly disclosed US Air Force compromise may give one pause before buying fully into this explanation. The Air Force is reported to have inadvertently exposed a very large set of sensitive documents (largely SF86 security questionnaires) containing sensitive personal information about at least 4000 officers. This may be chickenfeed compared to the OPM breach, but it's also self-inflicted. By all means backup your data, but, heavens to Murgatroyd, don't leave them out there in a misconfigured database without so much as the figleaf of a password for security decency.

Notes.

Today's issue includes events affecting Canada, European Union, India, Russia, Singapore, United Kingdom, United States.

In today's podcast we hear from our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a proposed mobile device privacy bill. We will also be speaking with a guest, Adam Thomas from Deloitte, co-author of the report "Demystifying Cyber Insurance Coverage." (He does some demystifying for us.)

Special editions are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's applied to security. And take a look at Cylance's video (taken in partnership with the CyberWire): opinions from the conference floor.

What we do matters. Join Booz Allen. (Tysons Corner, Virginia, USA, March 15, 2017) Calling all innovators, designers, and coders to solve tough problems. Come interview with Booz Allen and learn about their cutting edge cyber job opportunities.

Case Study: 6 Lessons Learned Hunting Advanced Cyber Criminals (Webinar, March 16, 2017) What is it like to find out you’re on the trail of an advanced cyber criminal? What are the tools and skills you need to track them? What is the mindset you need to approach the hunt? And what indicators and intelligence can you use to see who the attacker is? In this webinar, our experts will discuss all of these questions and more, based on an actual case study.

Tech Talk: Ethereum & Graph Databases (Laurel, Maryland, USA, March 20, 2017) Join Novetta and Cyberwire at Jailbreak Brewery to learn about Ethereum and Graph databases, forward leaning technology transforming how we relate with our data. Mingle with like-minded techies and enjoy craft beer - See you then!

ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.

Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations and the US in an intensive day of knowledge exchange and relationship building.

Cyber Attacks, Threats, and Vulnerabilities

CIA Leak Reveals Gaps in Patchwork of Android Software (Wall Street Journal) Google says Android software updates resolve vulnerabilities highlighted by WikiLeaks documents, but likely only a fraction of phones received those updates.

How much are vendor security assurances worth after the CIA leaks? (CSO Online) Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

The CIA Leaks: Whodunit? (RedOwl) The latest Wikileaks dump of CIA data has a lot of people asking a lot of questions. At RedOwl, we put together some of the biggest questions on our mind and took an attempt at answering them. How technically significant is this dump? This leak, so far, is not as technically damaging …

WikiLeaks dump brings CIA spying powers into the spotlight (CSO Online) Has the CIA ever spied on you? That’s a key question swirling around Tuesday’s WikiLeaks document dump that allegedly detail the U.S. agency’s secret hacking tools.

Kellyanne Conway Wonders If a Microwave Can Spy On You. Spoiler: It Can’t. (WIRED) It's not coming from inside the house.

GOP senator alleges password-hijack attempts after blasting WikiLeaks founder (CSO Online) Sen. Ben Sasse (R-Neb.) did not elaborate on the exact nature of the password-reset messages he said he'd seen, such as whether they were limited to a single app and how they had been sent.

A cyber attack just took down a Canadian government website (National Observer) Government takes preventative measures in closing CRA portal for filing taxes over the weekend.

The Statistics Canada Site Was Hacked By an Unknown Attacker (Motherboard) Parts of the Canada Revenue Agency website were also shut down over the same vulnerability, smack in the middle of tax season.

Sensitive info from Air Force was publicly visible online: report (TheHill) Researchers reportedly discovered "gigabytes" of sensitive Air Force documents left unsecured online, visible to anyone who knew where to look for them without a password.

US military leak exposes 'holy grail' of security clearance files (ZDNet) Exclusive: These security clearance applications contain sensitive personal information, and are highly valuable to foreign adversaries seeking to undermine US national security.

Poorly-configured online backup leaks US Air Force documents (Bitdefender) Sensitive information related to the United States Air Force has been found exposed publicly on the internet, allowing anyone with a web connection to peruse them without authorisation and no need for a password. The discovery was made by security researchers at MacKeeper who said that they had found gigabytes of files on an internet-connected …

Three Mobile cyber attack: More customers hit than previously thought (City A.M.) A Three Mobile handset fraud investigation has identified tens of thousands more customers have been hit than was previously thought.

Several high risk 0-day vulnerabilities affecting SAP HANA found (Help Net Security) Onapsis discovered several high risk SAP HANA vulnerabilities. If exploited, these would allow an attacker to take control of the platform remotely.

Listen to ‘Tech Support’ Scam Calls That Bilk Millions Out of Victims (WIRED) To get to the bottom of a devious form of phone-based fraud, a group of researchers scammed the scammers.

Mirai is the hydra of IoT security: too many heads to cut off (CSO Online) Efforts to stop Mirai, a malware found infecting thousands of IoT devices, have become a game of whack-a-mole, with differing opinions over whether hackers or the security community are making any headway.

Credit Card Scrapers Continue to Target Magento (Threatpost) Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

Nintendo Switch ships with unpatched 6-month-old WebKit vulnerabilities (Ars Technica) Apple patched so-called "Trident" bugs in iOS 9.3.5 back in August.

Researchers find 38 Android devices shipping with pre-installed malware (Naked Security) Malicious apps not part of the original ROM, say researchers, but were added somewhere along the supply chain

If Your iPhone is Stolen, These Guys May Try to iPhish You (KrebsOnSecurity) KrebsOnSecurity recently featured the story of a Brazilian man who was peppered with phishing attacks trying to steal his Apple iCloud username and password after his wife’s phone was stolen in a brazen daylight mugging.

Ransom demand with county cyber attack about $30,000 (The Newark Advocate) The ransom demand of Licking County government to recover computer files was 28 bitcoins, valued at $34,579, on Monday.

One-Third of Ransomware Victims End Up Paying the Ransom (eSecurity Planet) Another 54 percent refuse to pay but are able to recover their data anyway, a recent survey found.

IRS Guides Taxpayers to Avoid Online Scammers (Dark Reading) Internal Revenue Service calls on taxpayers to be extra vigilant about cybersecurity, especially during tax season.

Perez Hilton website visitors hit by two malvertising attacks in same week (Graham Cluley) Visitors to the immensely popular celebrity gossip blogging website Perez Hilton have recently been struck by ransomware attacks pushed out via poisoned ads.

Malware's Newest Disguise: The Humble Resume - Bromium (Bromium) Ransomware use goes back to the 1980s when developers and programmers, afraid that they would not be paid, sometimes inserted “time bombs” into the code. Ransomware plays a role in the insidious new trend where cybercriminals are targeting healthcare organizations through the use of an unsuspecting accomplice. What started with 256-bit encryption has now reached 2048-bit. To decrypt this, …

Top five most wanted malware families worldwide (Help Net Security) The Hancitor downloader has surged into the top five most wanted malware families worldwide for the first time, according to Check Point.

Hacker Lexicon: What Is an Attack Surface? (WIRED) Whenever there's a hack, one of the first questions is how the attackers got in. For the answer, look to the attack surface.

LinkedIn Breach: Weak Passwords Are the Norm (Infosecurity Magazine) About 35% of the leaked LinkedIn passwords were already known from previous password dictionaries.

Security Patches, Mitigations, and Software Updates

March Android Security Update Breaks SafetyNet, Android Pay (Threatpost) Google has re-issued its over-the-air Android security update after Nexus 6 users reported that the patches broke the SafetyNet API and features such as Android Pay no longer worked.

Telepresence Robots Patched Against Data Leaks (Threatpost) Double Robotics telepresence robots were patched against vulnerabilities that leaked device data and session keys and tokens.

How to Update All Your Gear (For Safety!) (WIRED) The simplest thing you can do to make yourself just a little bit safer: Keep your firmware up to date.

By the end of March no one will remember that Microsoft missed a Patch Tuesday (Help Net Security) Like the weather in Minnesota, the March Patch Forecast is unpredictable at best. Be prepared for turbulent times interspersed with moments of calm.

Cyber Trends

M-Trends 2017 Cyber Security Trends (FireEye) The annual report was compiled by consultants at Mandiant based on hundreds of incident response investigations in more than 30 industry sectors. It offers recommendations on how organizations can improve the way they prevent, detect, analyze and respond to cyber attacks.

Most security pros expect increasing attacks on Industrial Internet of Things (Help Net Security) A new survey looked at the rise of Industrial Internet of Things deployment in organizations, and to what extent it is expected to cause security problems.

96% Of Infosec Pros Expect An Increase In Cyber Attacks On Industrial IoT (Information Security Buzz) Study reveals most organizations take additional precautions to secure IIoT London, UK. Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a study conducted in partnership with Dimensional Research. The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and …

IT Workers Expect Industrial Internet of Things Attacks to Rise (Infosecurity Magazine) New research suggests nearly all workers expect to see more attacks on IIoT infrastructure, but most are not prepared

Will the IoT force truck stops? (Help Net Security) Autonomous trucking is on the horizon, yet imagine the social and economic impact if one day those trucks simply stopped. Can the IoT force truck stops?

From Data to Critical Infrastructure: Attackers Get Physical (Infosecurity Magazine) No longer just regulatory fines and reputational damage, but the possibility of actual physical harm.

Report finds the security of confidential documents is a significant problem (CSO Online) 60 percent of survey respondents say sensitive documents have accidentally been sent to the wrong person.

Sir Tim Berners-Lee warns of the threats to today’s web (TechCrunch) Sir Tim Berners-Lee doesn't issue too many proclamations, but those he does are usually quite sensible. The latest, occasioned by the 28th anniversary of Sir..

Marketplace

Demystifying cyber insurance coverage (DU Press) ​Organizations continue to invest heavily in cybersecurity efforts to safeguard themselves against threats, but far fewer have signed on for cyber insurance to protect their firms afteran attack. Why not? What roadblocks exist, and what steps could the industry take to help clear them?

$1.2 billion security startup Okta files for its long-awaited IPO (Business Insider) The $1.2 billion security startup Okta has filed for its initial public offering.

Identity management software provider Okta files for today’s second $100M IPO (TechCrunch) It looks like Snap's (at least perceived) successful IPO has officially opened the window: Following Yext officially filing for an IPO this afternoon,..

Cymulate Raises $3M for Attack Simulation Technology (eSecurity Planet) Startup raises new funds to help expand its reach, with a diverse set of Software-as-a-Service offerings to test an organization's ability to withstand different types of attacks.

BRIEF-Symantec Corp entered into accelerated stock repurchase agreements (Reuters) Symantec Corp - on March 10, entered into accelerated stock repurchase agreements with financial institutions to repurchase $500 million of co's common stock

NCC Group launches bounty for open source security flaw fixes (ComputerWeekly) Firm hopes bounty scheme will inspire others to do the same to encourage security specialists to make open source software more secure

McAfee to add jobs, ramp up investment in India (US China News) IT security firm McAfee is looking at adding more jobs at its centre in Bengaluru and will continue to invest in growing local business in India, a top official said on Sunday.

Anchor Technologies moves to Columbia from Annapolis (Baltimore Sun) The cyber security firm's new office is three times the size of its old space.

Yahoo to give Marissa Mayer $23 million parting gift after sale to Verizon (Ars Technica) Mayer will leave as what remains of Yahoo becomes Altaba holding company.

Security Industry Association Recognizes Ken Mills of Dell EMC with 2016 SIA Chairman’s Award (PRWeb) Mills has been a prominent proponent of cybersecurity measures in his roles on the SIA Board of Directors and the SIA Cybersecurity Advisory Board.

Products, Services, and Solutions

Simility Adds AI Powered Adaptive 3-D Secure Support to Increase Merchant Profits (Marketwired) Enables chargeback protection for merchants by selectively invoking 3-D secure for high-risk transactions

Trustonic and Armour Communications partner on secure government and enterprise communications (Trustonic) Trustonic has announced a partnership with Armour Communications, a leading supplier of strong, end-to-end encrypted voice, data and video communication.

Threat operations and management with ThreatQ (Help Net Security) The ThreatQuotient CTO discusses the relevance of threat intelligence, and the ThreatQ platform, designed to enable threat operations and management.

ID TECH and Worldnet achieve EMV certification through First Data (ABNewswire) Worldnet’s EMV certified payment application “GoChip” and ID TECH’s EMV certified readers streamline and accelerate EMV Migration.

Actiance Helps Simplify Security in the Cloud (Yahoo! Finance) REActiance , the leader in communications compliance, archiving, and analytics, and a Microsoft Gold Partner, today announced customers can now host ...

Intel's CHIPSEC can detect CIA's OS X rootkit (Help Net Security) Intel Security offered a tool that can identify the presence of the DarkMatter EFI rootkit on machines running Apple's OS X.

Akamai and AT&T Renew Global Alliance Through 2019 (Yahoo! Finance) The renewed alliance means AT&T business customers in the U.S. and around the globe will continue to have access to Akamai services as part of a comprehensive portfolio of cloud and network solutions from AT&T. In addition, Akamai is expanding its global server footprint located at the edge of AT&T&

Safe-T and SecureAuth Revolutionize Application Access Security (PRNewswire) Safe-T Data, the leading provider of secure data exchange and...

Harris radio system gains NSA certification (UPI) Harris Corporation's new RF-300H communications system has been approved for transmitting classified images and data, the company announced Monday.

Thales Offers Transparent Encryption with BT (Database Trends and Applications) Thales, a provider of cybersecurity and data security, will partner with BT, a provider of communications services and solutions, to provide Vormetric Transparent Encryption to its users. Vormetric Transparent Encryption helps customers encrypt data-at-rest, control privileged user access, and manage a collection of security intelligence logs without re-engineering applications, databases or infrastructure.

High-Tech Bridge Teams with Imperva for Virtual Vulnerability Patching of Web Services and Applications (Yahoo! Finance) High-Tech Bridge, a leading application security testing company, announced it has teamed with Imperva to integrate High-Tech Bridge’s ImmuniWeb platform with the Imperva SecureSphere Web Application Firewall solution.

The NSA's 'Twitter For Spies' Has Over 60,000 Users - Motherboard (Motherboard) Data obtained through a Freedom of Information Act request reveals just how popular the NSA's social network for spies called eChirp really is.

Technologies, Techniques, and Standards

How to remove ransomware: Use this battle plan to fight back (CSO Online) Ransomware has exploded onto the PC. We'll show you what to do to avoid it, remove it, and—if necessary—even negotiate with its authors.

Reinventing software patching, curing big security holes (Help Net Security) 0patch sends tiny patches of code (usually less than 30 bytes) to computers and devices in order to fix software vulnerabilities in various products.

Post Breach Identity Theft Monitoring: Too Little Too Late (Security Week) Breached companies must get ahead of attacks and provide security that protects victims before they are victimized again

Cybersecurity: The Best Defense is a Good Offense (Bricata Blog) A CISO employed by a global insurance carrier walked RSA attendees through an excellent case study on how to shift from a defensive to an offensive security posture.

Cookie hijacking attack - Penetration Testing in Linux (Penetration Testing in Linux) HTTP is a stateless protocol, in order to maintain and track the user’s state, the introduction of the Cookie and Session. Cookie First introduced with Netscape 0.9 on October 13, 1994, a cookie is a small amount of text-only data saved on your computer while you browse a certain website. This information can be used …

Design and Innovation

Invisible reCAPTCHA means no more clicking on kitten pictures to prove you’re carbon-based (Naked Security) Google’s Invisible reCAPTCHA means most humans won’t have to jump through hoops – the algorithms will determine if you’re a robot

Bitcoin Is for the People, Not Wall Street (Motherboard) Bitcoin needs to focus on usability, now more than ever before.

Academia

Raytheon Sponsors Nation's Largest Cybersecurity Competition - American Security Today (American Security Today) College students from more than 220 schools across the United States will showcase their defensive cyber skills during the 2017 National Collegiate Cyber Defense Competition. Beginning with 10 regional contests in March and April, the teams will compete to show who can best protect a computer network …

Republic Polytechnic announces joint labs with security vendors (Networks Asia) Republic Polytechnic (RP) unveiled two initiatives at the Republic Polytechnic(SOI) Industry Day to enhance skills development opportunities for students from the Diploma in Infocomm Security Management.

Legislation, Policy, and Regulation

Singapore Eyes Tougher Cyber Laws (The Diplomat) The city-state is looking to strengthen legal measures against cybercrimes.

Turf war between GDS and HMRC over Gov.UK Verify just 'creative tension', says local government CDIO Ed Garcez. (Computing) But Garcez admits that the Verify platform needs time to mature.

WikiLeaks Dump Shines Light on Government's Shadowy Zero-Day Policy (Defense One) The documents shed little light on how many unknown vulnerabilities the intelligence agency retains and how well it vets the damage they might cause.

Should the U.S. stockpile zero days? (FCW) Zero-day vulnerabilities live on average for 6.9 years and have a low rate of discovery by other entities, which could argue in favor of stockpiling them, according to a comprehensive study by the RAND Corporation.

Make America Secure Again: Trump Should Order U.S. Spy Agencies to Responsibly Disclose Cyber Vulnerabilities (Information Technology and Innovation Foundation) Last week, WikiLeaks released a trove of CIA documents that detail many of the spy agency’s hacking capabilities.

I Ran Intel at the Pentagon. Here’s My Advice on Insider Threats (Defense One) If I were still in government, this is what I would be telling Defense Secretary Mattis and the DNI.

Bill proposes letting victims of cybercrime hack the hackers (Naked Security) What could possibly go wrong? Republican Tom Graves’ bill ‘might result in harm to innocent parties’, warns law professor

Will NSA's Rob Joyce Be Trump's Top Cybersecurity Adviser? (BankInfo Security) The latest ISMG Security Report leads with a profile of Rob Joyce, the National Security Agency operative who is reportedly under consideration to be President Donald Trump's top cybersecurity adviser.

Senate Democrats question FCC chair’s independence from Trump (Ars Technica) Dems want promise that Pai won’t “penalize free speech” to punish Trump enemies.

Combatant Commands in an era of multi-domain battle [Commentary] (Defense News) One service cannot complete the mission alone, and new domains must fuse with the traditional service-specific physical domains.

Cyber, electronic warfare top urgent buying needs for Army (C4ISRNET) As near-peer adversaries are catching up and challenging the U.S. military, the Army is pursing certain technologies and capabilities with urgency to meet these challenges.

Former VP laments that even now, sharing medical data is awful (Ars Technica) Moonshot hopes, medical data sharing, and a “Cyber National Guard.”

Litigation, Investigation, and Law Enforcement

Beware 'fake news' on GDPR, warns compliance lawyer Jonathan Armstrong (Computing) Many companies have a false sense of security around compliance, warn industry insiders,

Evidence of wiretapping due to Congress today (Washington Examiner) There’s no indication the White House plans to meet a request to provide by today any evidence to back up President Trump’s explosive charge that his predecessor President Obama wiretapped Trump Tower a month before the election last year.

House investigators on a Trump-Russia 'collision course' (POLITICO) The top Republican on the intelligence committee was on Trump's transition team. The lead Democrat is a fierce Trump critic.

Washington's Spy Paranoia (The Atlantic) Who did the Russian ambassador meet in D.C.? Welcome to America’s capital city, where everyday encounters may not be what they seem.

Home Depot Will Pay Banks $25 Million for 2014 Breach (Dark Reading) Home Depot has already spent $179 million in compensation for the data breach, which affected 50 million customers.

Man behind GemCoin, a fake cryptocurrency, settles lawsuit for $71M (Ars Technica) Judge: “Defendant has shown no sign of recognition of wrongdoing.”

Child Abusers Ran Fake Chat Sites to Trick Kids (Motherboard) Abusers would coerce victims with webcam footage of other children, or "loops."

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

4th Annual Cybersecurity Summit (Arlington, Virginia, USA, March 14, 2017) Federal agencies are facing ever more sophisticated adversaries and threats that place our privacy, our economy, and our Nation at risk. These cyber threats are diverse and include the prevalence of malicious...

Rail Cyber Security Summit (London, England, UK, March 14 - 15, 2017) Now in its second year, the event will take place at the Copthorne Tara Kensington hotel in London between March 14th and 15th 2017 and will feature a range of experts from the rail transport industry,...

CyberUK 2017 (Liverpool, England, USA, March 14 - 16, 2017) Announcing the UK government's flagship IA and cyber security event, for 2017. This is a three day event that will bring together cyber security leaders and professionals from across the UK’s information...

Cybersecurity: The Leadership Imperative (New York, New York, USA, March 16 - 17, 2017) Cyber risk impacts every element of your organization – and even the most brilliant information security expertise must be supported by a cross-functional cybersecurity structure and culture to succeed.

BSides Canberra (Canberra, Australia, March 17 - 18, 2017) BSidesCbr is a conference designed to advance the body of Information Security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates.

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product,...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.