skip navigation

More signal. Less noise.

Daily briefing.

Maryland Cyber People's Choice Award: vote for the CyberWire today

As a finalist for this year's Maryland Cybersecurity Industry Resource Award, we're also up for the People's Choice Award, and we'd appreciate your support. You can vote here through tomorrow (you don't need to be in Maryland, or even in the US, to do so). Thanks to all who've voted for us so far (and a special invitation to all the nice people we met at Cyber 9/12: we'd like your vote).

A group calling itself "the Turkish Crime Family" claims to have contacted Apple with a ransom demand. If Cupertino doesn't pay them either $75,000 (Bitcoin or Ethereum crypto currency) or $100,000 in iTunes gift cards, they will remotely wipe "millions" of iPhones and iCloud accounts. The deadline for payment is April 7. It's unclear whether the threat is real or even whether the "Turkish Crime Family" has actually communicated with Apple. This may well be a case of skids crowing large, but it should also serve as a timely reminder of the importance of securing your iOS devices and iCloud accounts.

As ransomware increasingly becomes a commodity traded on the black market, some long-familiar strains begin to fade. Locky, for one, seems to be on the wane.

South Korea reports stepped up cyberattacks on its military networks.

WikiLeaks' Julian Assange says, in effect, that companies who decline his disclosure of exploitable bugs (allegedly from CIA files) are stooges for the US Intelligence Community. This seems unfair, but on the other hand Mr. Assange knows he's hardly flavor of the month in Langley or Laurel.

Germany raises pre-election cyber alert levels to prepare for Russian cyber and information campaigns. The US FBI warns that more Russian attempts to influence US elections should be expected. The Bureau continues investigating possible contacts between Trump campaign officials and Russia.

Russia's Alfa Bank has asked US law enforcement for help with what it says are false signs of contact between itself and the Trump Organization.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, France, Germany, India, Iran, Israel, Republic of Korea, Lithuania, Netherlands, Poland, Qatar, Russia, Saudi Arabia, Ukraine, United Kingdom, United States and Venezuela.

In today's podcast, Jonathan Katz from our partners at the University of Maryland offers a technical look at the recent SHA-1 collision demonstration. We also speak with Ron Bushar from Mandiant on his company's recent (and influential) M-Trends report.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of artificial intelligence as it's being applied to security. And see also Cylance's video interview with our Producer.

ThreatConnect Webinar: Threat Intelligence Isn’t One Size (Online, March 22, 2017) Threat intelligence (TI) can help any organization better protect themselves. With TI, you can identify threats and add context to them. Once you understand what you are facing, you can take decisive action to better protect your organization.

Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) 2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The International Cybersecurity Summit features 20+ world class cybersecurity thought leaders from allied nations and US including DoD, IARPA, DHS, USCYBERCOM, ARCYBER, NSA, DOC, NCTC/UK, U.S. Army Cyber Command, U.S. Cyber Command, Cyber National Mission Force.

The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Cyber Attacks, Threats, and Vulnerabilities

Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom (Motherboard) “I just want my money,” one of the hackers said.

Hackers claim they will wipe iPhones and iCloud accounts unless... (HOTforSecurity) A group of hackers are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts, unless Apple agrees to pay a ransom by April 7th.

Defense Ministry: Surge in Cyber Attacks Against Military Computer Network (KBS Radio) The Defense Ministry said on Tuesday that the number of external cyber attacks against the military’s computer network has recently surged.

Assange chastises companies that haven't responded to CIA vulnerability offers (TheHill) WikiLeaks head Julian Assange slammed companies for not taking the site up on the sites offer to share security flaws the CIA had exploited in their products.

WikiLeaks and the Published CIA Documents (Acumin) WikiLeaks has published an explosive trove of 8,761 files and data claiming that they were leaked from the CIA's Cyber Intelligence unit

NSA, FBI: Russian cyber tactics, 'loudness' key differences in 2016 election interference [Updated] (Fifth Domain | Cyber) NSA Director Adm. Michael Rogers told Congress on Monday that the “cyber dimension” was a key difference in the Russian active measures used to interfere in the 2016 U.S. presidential election, compared to previously observed Russian activities in other elections.

Russia will strike US elections again, FBI warns (CSO Online) Future U.S. elections may very well face Russian attempts to interfere with the outcome, the FBI and the National Security Agency warned on Monday.

Press Statement: Alfa Bank confirms it has sought help from U.S. authorities, and discloses new cyberattacks linked to Trump hoax — (Alfa Bank) Alfa Bank, a privately owned Russian bank, confirmed today that it has contacted U.S. law enforcement authorities for assistance and offered U.S. agencies its complete co-operation in finding the people behind attempted cyberattacks on its servers that have made it appear falsely that it has been communicating with the Trump Organization.

Big Surprise: Chinese PUPs Deliver Backdoored Drivers (BleepingComputer) Drivers secretly installed via PUPs packages for Chinese software contain backdoors enabling a third-party to load unsigned drivers or to execute code with higher privileges on a Windows machine.

Burglars can easily make Google Nest security cameras stop recording (Help Net Security) Google Nest's security cameras can be easily disabled by an attacker that's in their Bluetooth range, a security researcher has found.

ISP customer data breach could turn into supercharged tech support scams (Naked Security) The concept of helping people via a support line has been poisoned by scammers using leaked customer data to target victims

Malspam with password-protected Word documents (SANS Internet Storm Center) On Monday 2017-03-20, the ISC received a notification through our contact page.

Hijacking Windows user sessions with built-in command line tools (Help Net Security) By using built-in command line tools, any privileged user can hijack the session of any logged-in Windows user without knowing that user's password.

Report: 'OilRig' Attacks Expanding Across Industries, Geographies (Dark Reading) The highly-effective malware targets Middle Eastern airlines, government, financial industries and critical infrastructures with a simple but powerful backdoor created by infected Excel files attached to phishing emails.

Personalized spam campaign targets Germany (Symantec Security Response) A new spam campaign targeting German users uses victims’ real details and installs banking malware on compromised computers.

Legacy Cobol code an increasing problem in computer security, claims research (Computing) Study finds 'security through obscurity' doesn't work and that investment in modern IT also helps improve security.

3,000 Industrial Plants Per Year Infected with Malware (Dark Reading) Targeted industrial control systems-themed malware is less prevalent yet persistent, including one variant posing as Siemens PLC firmware that has been in action since 2013, researchers find.

Targeted control system cyber attacks - not when, but how much damage (Control Global) Targeted control system cyber attacks have been identified in many countries that include destruction of centrifuges, damage to blast furnace, loss of fuel loading, tilting of an off-shore oil rig, and significant environmental discharges. However, there have been almost no US government or NERC public identification of control system cyber attacks in the US despite the fact that targeted control system cyber attacks have occurred in US critical infrastructures with attendant damage.

Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure (Motherboard) Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face.

DIY kits for sale on dark web spark rise of ransomware-as-a-service (Naked Security) These days you don’t need much skill to unleash ransomware – all you need is access to the dark web. So how can you protect yourself against ransomware?

Numbers Show Locky Ransomware Is Slowly Fading Away (BleepingComputer) Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March.

Millions of Accounts from 11 Hacked Bitcoin Forums Being Sold on Dark Web (HackRead) A famous Dark Web vendor known by their handle of "DoubleFlag" is selling databases of eleven Bitcoin forums on a popular dark web marketplace. The databas

Study: Some Mobile Devices Can Be Hacked Using Sound Waves (HealthcareInfo Security) Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says

Check Point discloses how Hackers can take over WhatsApp & Telegram account (ETtech.com) The new vulnerability found on WhatsApp Web & Telegram Web allowed hackers to gain control over accounts, including chats, images, video and audio,..

MajikPOS Malware Currently Infecting U.S. Point-of-Sale Systems (eSecurity Planet) The malware began infecting businesses across North America in late January.

Malware Infections Surge on Tuesday in Areas Hit Hard by Winter Storm Stella (Enigma Software) In addition to dumping more than three feet of snow in some areas of the Northeast, Winter Storm Stella may also be to blame for a spike in malware infections.

Three's website exposes mobile phone customers' details to strangers (Graham Cluley) Three appears to have made a blunder, after customers logging into the British mobile phone company's website found themselves looking at other customers' accounts - including the names, addresses, call histories and data usage of complete strangers.

McShame: McDonald's API Leaks Data for 2.2 Million Users (InfoRisk Today) McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.

Yes, I Have Been Pwned (InfoRisk Today) With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.

Pwn2Own hacking contest ends with two virtual machine escapes (CSO Online) Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Security Patches, Mitigations, and Software Updates

Mozilla Patches Pwn2Own Zero Day in Firefox (Threatpost) Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.

Cyber Trends

Report says smart people do dumb things online (CSO Online) People from the religious and legal fields were considered lazy for not following security standards.

Shadow IT is "an abomination", but the IT department can't just ignore change, agree UK CIOs (Computing) "We're not the high priests in the temple" warns IT leader

End user computing has changed forever, and enterprises need to accept it (Computing) Expert panel argues that enterprises need to recognise that transformation is inevitable, and thinking otherwise is 'King Canute territory'

BSH digital chief talks DevOps, cloud and the pitfalls of 'always-accessible' technology (Computing) Mike Faiers tells Computing why opening up IT to the business has had a huge impact

Cellphone Usage Increases by 20% since 2015 - Panda Security (Panda Security Mediacenter) Is that surprising? Well, not really. Cellphone Usage Goes Up to 5 hours a Day! Stay Safe While Out & About with Security Tips from Panda.

Poor Device, app care leaves users drowning in digital clutter, says Kaspersky study (ETCIO.com) Users typically install 12 Android apps every month but delete only 10, in effect adding two apps to their device on a monthly basis.

Ixia Releases First Annual Security Report (Yahoo! Finance) Ixia, a leading provider of network testing, visibility, and security solutions, today announced the release of the first Ixia Security Report, a summation of 2016’s biggest security events including findings from Ixia’s Application and Threat Intelligence Research Center.

ASIC chief warns of ‘black swan’ cyber hit (The Australian) Australian companies faced a “frightening” number of potential cyber attacks, Australian Securities & Investments Commission chairman Greg Medcraft warned yesterday.

The EFF’s Eva Galperin Keeps Activists Safe Online (Motherboard) The director of cybersecurity wants activists to remember to celebrate their wins.

Marketplace

Sources: Tanium COO-CFO Leaves Company Suddenly, Despite IPO Plans On Horizon (CRN) Eric Brown, who was in the dual roles of chief operating officer and chief financial officer, left Tanium last week, sources close to the company told CRN. Brown's exit comes as the company looks to lay the groundwork for an initial public offering.

Why Merrill Lynch Sees 50% Upside in FireEye After Major Sell-Off (247wallst.com) Cybersecurity is one of the main concerns in the world today, whether it is protecting vital information from being hacked or preventing foreign interference with domestic elections.

Capgemini and Fujitsu paid £724m for HMRC Aspire contract in 2016/16 (Computing) HMRC pays out £1.45bn to keep Aspire going over the past two years,Strategy,Public Sector,Government ,Accenture,Fujitsu,HMRC,Capgemini,Mark Dearnley,Aspire,hm revenue and customs

Frost & Sullivan Honors Cyberbit as the Leader in Cyber Security Detection and Response (Yahoo! Finance) Cyberbit , whose cybersecurity solutions protect the world's most sensitive systems, announced today that it has been awarded the Frost & Sullivan 2017 Technology ...

Hollywood Star to Raise Cyber Security Awareness in New TV Series (Acumin) TV and movie actor Christian Slater will appear in a 12-month digital TV series with IT giant HP called 'The Wolf'.

Products, Services, and Solutions

LockPath Included in Gartner's IT Market Clock for Procurement and Sourcing Solutions, 2016 (Yahoo! Finance) LockPath, a leading provider of governance, risk management and compliance solutions, today announced the company has been included as a sample vendor in Gartner Inc.'s January 17, 2017 IT Market Clock ...

WISeKey and OISTE.ORG Localizes Its Cryptographic Root of Trust in India and Creates a New National RoT / CA to Bring Security to India Internet Ecosystems (People and the Connected Devices) (BusinessWire) WISeKey International Holding Ltd. (WIHN.SW), a leading Swiss cybersecurity and IoT company, today announced that it has completed the localization of

Navy launches a 'locker' app that houses all your Navy apps in one place (Navy Times) The Navy App Locker is available to sailors, civilians and family members.

Inside Secure Delivers Application Protection to Defend against Malicious Attacks on Android Java Devices (Yahoo! Finance) Inside Secure , at the heart of security solutions for mobile and connected devices, today announced that it has released its Core security technology specifically for Android applications.

Data security co Safe-T teams with Check Point (Globes) Safe-T believes that cooperation with Check Point can bolster its reputation in the global information security market and increase its sales.

Nerdio Integrates Mimecast For Enhanced Email Security (PRNewswire) Adar, Inc., creator of industry-leading ITaaS platform Nerdio, today...

IBM Launches Industry's Most Secure Enterprise-Ready Blockchain Services for Hyperledger Fabric v 1.0 on IBM Cloud (Yahoo! Finance) IBM InterConnect – IBM (NYSE: IBM) today announced the new release of IBM Blockchain, the first enterprise-ready blockchain service based on the Linux Foundation's Hyperledger Fabric version 1.0. The service enables developers to quickly build and host security-rich

Technologies, Techniques, and Standards

When Apache Struts2 Hits the Fan, Respond with Data and Collaboration (RiskRecon) Mitigating your third-party exposure to Apache Struts2 requires accurate, actionable data.

10 Ways Cos Can Minimize Risk Of Ransomware Read more: 10 Ways Cos Can Minimize Risk Of Ransomware (Anti-Corruption Digets) The connection between IT security and data protection has never been as tight as it should be inside most organizations.

The Network Is Critical To Protect Your Business Assets (CIO) Having an end-to-end cybersecurity framework is a must

Don't be bait for hackers: 5 cybersecurity tips for Triad small businesses (Triad Business Journal) It’s not just large companies such as Yahoo and Target that are vulnerable to cyberattacks. Small businesses, which are often more cash-strapped than large corporations, are increasingly being targeted by hackers, according to industry members.

House Committee on Small Business provides cyber security guidance (Lexology) This month, the United States House of Representatives Committee on Small Business held a hearing on cyber risks facing small businesses and issued…

Getting Beyond the Buzz & Hype of Threat Hunting (Dark Reading) When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it won't happen overnight.

What to consider in developing BYOD policy (CSO Online) In today’s work environment, employees are increasingly expected to be constantly available and communicating. Regardless of whether the company permits it, employees will use their personal devices for work. Instead of ignoring the inevitable, companies should develop and implement a BYOD policy that protects the company and balances productivity with security.

Design and Innovation

How to Build a Virtual Clausewitz (Strategy Bridge) From television shows like Westworld to movies like Rogue One, practical and ethical issues surrounding artificial intelligence (AI) seem to be on the minds of many.

When will blockchain technology deliver on its promise? (Naked Security) There’s a lot of promise in blockchain technology, but it’s bogged down in problems and has a long way to go before it’s ready for prime time

The FBI Says It Doesn’t Need Encryption for Unclassified Evidence (Motherboard) In a list of technical requirements for a smartphone recording app, the FBI says it doesn't need to use encryption.

AI Can Now Identify Racist Code Words on Social Media (Motherboard) Checkmate.

Research and Development

In Pursuit Of Improving Cybersecurity In The Data Center And Cloud, Illumio Awarded Three Patents For First Of Its Kind Adaptive Segmentation Technology (Yahoo! Finance) Illumio announced today it secured three technology patents from the U.S. Patent and Trademark Office for its breakthrough cybersecurity platform. The patents recognize Illumio's innovation in making adaptive segmentation faster for all companies

Researchers are using Darwin’s theories to evolve AI, so only the strongest algorithms survive (Quartz) Accurate algorithms live on, while poor performers get "killed."

Academia

Oxygen Forensics Software Used to Teach Students Enrolled in Capitol Technology University Cybersecurity Degree Programs (Yahoo! Finance) Oxygen Forensics, a worldwide developer and provider of advanced forensic data examination tools for mobile devices and cloud services, announced today that its flagship product, Oxygen Forensic Detective, is being used by professors teaching digital forensic classes within the BS and MS cybersecurity

Legislation, Policy, and Regulation

How China is preparing for cyberwar (The Christian Science Monitor Passcode) The US and China have made progress on curbing commercial cyberespionage. Now, the global powers need to set limits when it comes to digital warfare.

What it'll take to forge peace in cyberspace (The Christian Science Monitor Passcode) The international community has finally started a serious conversation about norms in cyberspace. But reaching a global consensus needs the world's attention.

Germany Raises Cybersecurity Alert Level Ahead of Elections (LIFARS) Germany has raised its cybersecurity alert level as it prepares for an onslaught of cyber attacks ahead of the parliamentary elections.

Britain's May to launch EU divorce proceedings on March 29 (Reuters) Prime Minister Theresa May will trigger Britain's divorce proceedings with the European Union on March 29, launching two years of negotiations that will reshape the future of the country and Europe.

GCHQ announces new director days after rubbishing Donald Trump's wire-tapping claims (Computing) Deputy director general of MI5, Jeremy Fleming, to take charge next month.

U.S. confirms ban on large electronics in cabins on flights from 10 airports (TechCrunch) After a lot of confusion yesterday, we have now learned from senior administration officials that the U.S. is indeed banning U.S.-bound passengers from..

TSA explains why it won’t allow electronics on some USA-bound flights (Ars Technica) Terrorist groups may be "smuggling explosive devices in consumer items."

Banning Electronics From Flights ‘Fails the Logic Test' (Motherboard) The US has indefinitely banned passengers from eight majority-Muslim countries from carrying electronics on planes.

A public policy perspective of the Dark Web (Journal of Cyber Policy) The Dark Web is at the centre of the debate over whether online anonymity should be maintained in spite of the illegal activity that it enables.

Bill Would Compel Firms to Say If CyberSec Expert Sits on Board (GovInfo Security) A bill introduced in the Senate would require publicly traded companies to disclose to regulators whether any board members have cybersecurity expertise.

DoD has more intel than it can process (C4ISRNET) With all the data coming in from ISR systems and sensors, the Pentagon is having difficulty processing it all.

Cybersecurity’s Human Side: How Can We Solve Our People Problem? (Defense One) First, stop undermining our own efforts to fill crucial jobs. Second, cast a wide net for useful lessons.

"Countdown to Compliance"--Fasoo Sponsored Ponemon Institute Survey of New Cybersecurity Regulations Impacting Financial Services Organizations Doing Business in New York State--NYDFS 23 NYCRR 500 (PRNewswire) 60% of respondents believe that NYDFS 23 NYCRR 500 will be more difficult to comply with than SOX or PCI

Litigation, Investigation, and Law Enforcement

Iranian MP threatens to impeach intelligence minister (Al-Monitor) An Iranian parliamentarian has threatened to begin impeachment procedures against the intelligence minister if he is not forthcoming about recent arrests of activists using Telegram.

Comey Confirms Probe of Possible Trump-Russia Links (BankInfo Security) Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald

Analysis | Six big takeaways from Congress’s extraordinary hearing on Russia, President Trump and wiretapping (Washington Post) Honestly, the whole wiretapping was a sidebar to two other big questions: Did Trump associates collude with Russia, and who has been leaking intelligence to the press?

NSA knocks down White House claim of British spying (Fifth Domain | Cyber) Earlier this month, White House Press Secretary Sean Spicer referred to unsubstantiated allegations made by a Fox News analyst that GCHQ, the British electronic intelligence agency, had helped Obama wiretap Trump.

NSA Chief Rogers: Flynn Leaks ‘Hurt’ National Security (Washington Free Beacon) Adm. Michael Rogers, director of the National Security Agency, said Monday that the intelligence leaks of Michael Flynn's discussions with the Russian ambassador to the U.S.

Inside the Hunt for Russia’s Most Notorious Hacker (WIRED) Slavik was like a phantom, stealing money from US banks—and information for Russia's FSB

Man jailed indefinitely for refusing to decrypt hard drives loses appeal (Ars Technica) “Our client has now been in custody for almost 18 months,” defense attorney says.

Sweeping dragnet search warrant given the go-ahead by judge (Naked Security) Google says it will always ‘push back’ when asked for ‘excessively broad requests for data’

In New York, data breaches shot up 60% last year (TechCrunch) On Tuesday, the office of New York State Attorney General Eric T. Schneiderman released a summary of the year 2016 in data breaches. Collecting any breach..

Seizure-inducing tweet leads to a new kind of prosecution for a new era (Maryland Daily Record) The arrest last week of a Salisbury man accused of giving a well-known journalist a seizure by sending him a flashing image online represents a new kind of prosecution for a new kind of crime. The …

Hacking Tools Get Peer Reviewed, Too (The Atlantic) A government-led effort paves the way for data extracted from electronic devices to be accepted as evidence in court.

StrikeForce Sues Gemalto, Vasco, Entrust & SecureAuth for Patent Infringement (NASDAQ.com) StrikeForce Technologies, Inc. (OTC PINK:SFOR) announced today that it has filed patent infringement lawsuits in U.S. District Courts this week against Gemalto, Inc.; Vasco Data Security; Entrust Datacard; and SecureAuth Corporation.

SystmOne creator hits back in row over patient records 'enhanced data sharing' claims (Computing) 'TPP unaware of any prosecution of a SystmOne user for sharing records in this way,' claims company behind SystmOne,

Darknet Drug Dealer Caught After Offline Mistakes (Infosecurity Magazine) Darknet Drug Dealer Caught After Offline Mistakes. Investigators pounce after postal workers raise alarm

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hack in Paris (Paris, France, June 19 - 23, 2017) Hack In Paris brings together major professional IT security and technical hacking experts to attend training and talks exclusively in English. Intrusion attempts grow more frequent and sophisticated,...

Finovate Fall 2017 (New York, New York, USA, September 11 - 14, 2017) FinovateFall 2017 will begin with the traditional short-form, demo-only presentations that more than 20,000 attendees from 3,000+ companies have enjoyed for the past decade. After two days of Finovate’s...

Upcoming Events

Cyber Resilience Summit: Securing Systems inside the Perimeter (Reston, Virginia, USA, March 21, 2017) As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing...

European Smart Grid Cyber Security (London, England, UK, March 21 - 22, 2017) European Smart Grid Cyber Security 2017 offers a unique opportunity to network with senior experts in cyber security from government, utilities, TSOs, regulators, solution providers, security consultants,...

Maryland Cybersecurity Awards Celebration (Baltimore, Maryland, USA, March 22, 2017) Help us celebrate the best and brightest of the Maryland cyberscurity community as we honor the companies, organizations, and individuals that have protected businesses and government agencies with their...

Integrated Adaptive Cyber Defense (IACD) Community Day (Laurel, Maryland, USA, March 23, 2017) Advancing cyber operations through secure automation & interoperability. Government agencies, commercial firms, research organizations, academic institutions and cyber security experts align in community...

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product,...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.