skip navigation

More signal. Less noise.

Daily briefing.

WikiLeaks yesterday dumped the second tranche of Vault 7 documents. It's calling this one "Dark Matter," and it's said to contain documents suggesting that the CIA was able to compromise Mac firmware if it had physical access to the device. Apple thinks its products' vulnerabilities are overstated in the Dark Matter material (WeLiveSecurity glosses this as "damp squib"), but the more disturbing speculation, in Threatpost and elsewhere, is the suggestion that intelligence agencies had access to Apple's supply chain.

NATO continues to worry about Russian information operations and how to counter them. Estonia may have some lessons to share. The Atlantic Alliance also continues thinking through (with Canadian input) the circumstances under which a cyberattack might count as an act of war. 

ISIS presents an immediate information operations challenge. The group has claimed the radicalized London jihadist as one of the Caliphate's soldiers. Informed observers think that ISIS as a pseudo-state is on its way to oblivion, but its messaging and attendant "terrorist diaspora" will trouble the world long after the endgame in Syria. 

Beware facile attribution, however: Israeli police have arrested a Jewish man (joint Israeli-US citizenship) in connection with threats against US synagogues.

The Hizb-ul-Mujahideen, which operates jihadist terror cells in India, saw its Twitter account hacked to disseminate messages of peace. Unconfirmed reports say the group's website has also been pwned.

ZeroFOX and others warn of an increase in Bitcoin fraud circulating among social media.

Google has removed some eighty-seven malicious Minecraft modifications from the Play Store.

Notes.

Today's issue includes events affecting Australia, Canada, Cyprus, European Union, Germany, Hungary, India, Iraq, Israel, Latvia, Lithuania, NATO/OTAN, Russia, Singapore, Slovakia, Syria, Turkey, United Kingdom, United States, and Venezuela.

A note to our readers: We'll be covering three events next week. On Tuesday and Wednesday we'll be in Mountain View, California, for SINET's ITSEF conference. On Thursday it's back to Washington, DC, for the Billington International Cybersecurity Summit. And on Friday we decamp for Tuscon, Arizona, where we'll be joining the Women in Cybersecurity conference. Watch for coverage over the next two weeks.

In today's podcast, we hear from our partners at Palo Alto Networks, as Rick Howard updates us on the Cyber Threat Alliance. Our guest is Chris Roberts from Acalvio, who describes the limits of automation. 

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security. And see also Cylance's video interview with our Producer.

Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) 2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The International Cybersecurity Summit features 20+ world class cybersecurity thought leaders from allied nations and US including DoD, IARPA, DHS, USCYBERCOM, ARCYBER, NSA, DOC, NCTC/UK, U.S. Army Cyber Command, U.S. Cyber Command, Cyber National Mission Force.

The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Dateline Blockchains and Bacon

Novetta TechTalks: New Trust Models and New Analytical Tools (The CyberWire) On Monday, March 20, 2017, Novetta presented a pair of tech talks at the Jailbreak Brewing Company in Laurel, Maryland. Their topics were the blockchain, Ethereum and graph databases. The security use cases of these technologies are likely to be of broad interest. (Of narrower interest at the event itself was Novetta's use of the blockchain to run its raffle for several door prizes, which was a pleasant an interesting way to demonstrate the technology.)

Innovation at the Inner Harbor: the Maryland Cybersecurity Awards (The CyberWire) On Wednesday, March 22, the Cybersecurity Association of Maryland met for its inaugural awards celebration. Convening at Baltimore's Visionary Art Museum in the Inner Harbor at the base of Federal Hill, Maryland Cybersecurity celebrated some of the state's leaders in information security practice and innovation.

Cyber Attacks, Threats, and Vulnerabilities

Wikileaks' latest Vault 7 document dump reveals CIA infection of 'factory fresh' iPhones and Mac firmware (Computing) Documents reveal that the CIA has been infecting iPhones since 2008.

WikiLeaks Reveals How the CIA Can Hack a Mac’s Hidden Code (WIRED) The leak shows how physical access hacks can plant undetectable spying code deep in a Macbook's firmware.

WikiLeaks releases new CIA documents describing Mac exploits (TechCrunch) WikiLeaks just shared a few new documents as part of the CIA Vault 7 data dump. These documents describe hacking methods allegedly used by the agency to..

WikiLeaks Continues 'Vault 7' With New Documents Detailing Mac-Related CIA Exploits (Mac Rumors) WikiLeaks today continued its "Vault 7" series by leaking details concerning CIA-related programs that were built with the intent to infect iMac and MacBook devices. Today's "Dark Matter" installation of Vault 7 follows a few weeks after WikiLeaks debuted "Year Zero," which focused on exploits that the CIA created for iOS devices.

WikiLeaks: CIA tools could infiltrate MacBooks, iPhones (CNET) A new series of leaked documents appears to show tools from as far back as 2009 that could infect Apple products. They required physical access.

WikiLeaks Dump Shows CIA Interdiction of iPhone Supply Chain (Threatpost) Today’s WikiLeaks Vault 7 Dark Matter release shows the CIA’s capabilities to attack and persist on Apple iPhone and Mac firmware and an apparent interdiction of the iPhone supply chain…

Apple underwhelmed by latest CIA exploits revealed by WikiLeaks (WeLiveSecurity) WikiLeaks's revelations about security vulnerabilities in Apple products appear to be a damp squib.

The Next Must-Watch TV Show Is Russia’s Version of ‘The Americans’ (Foreign Policy) If you really want to understand how Moscow sees U.S. intelligence, turn off the congressional hearings and start watching “Adaptation.”

EUCOM commander: US needs stronger response to Russian disinformation (Defense News) The U.S. has not done enough to reinforce NATO’s nascent efforts to fight Russia’s prolific propaganda against European allies, the top military commander in Europe told lawmakers Thursday.

Estonia's lessons for fighting Russian disinformation (The Christian Science Monitor Passcode) The Baltic nation has long had an adversarial relationship with its Russian neighbor. As a result, its press and public have become adept at recognizing and debunking Kremlin propaganda.

Islamic State Claims London Attacker as Its 'Soldier' (VOA) London authorities name the attacker who killed four people near Parliament as a 52-year-old British-born convert to Islam

London defiant as Islamic State claims responsibility for attack by British ex-con (Chicago Tribune) Islamic State claimed responsibility Thursday for an attack by a man who plowed an SUV into pedestrians on a crowded London bridge, then stabbed a cop.

Network Take: A Lone Lunatic Attack or a Broader Conspiracy? (Cipher Brief) The man who carried out a deadly terrorist attack in London was British-born and had been previously known to authorities, UK Prime Minister Theresa May said on Thursday.

FBI's Comey warns of 'terrorist diaspora' from ISIS territory (Fox News) FBI Director James Comey repeated his concerns Thursday over a terrorist diaspora that he believes will occur once ISIS territory in Iraq and Syria is crushed by coalition forces.

ISIS Will Fail, but What About the Idea of ISIS? (The Atlantic) Despite claiming responsibility for attacks like the one in London, the group is dying. It will retain the ability to inspire.

O Brotherhood, What Art Thou? (Foreign Affairs) What the United States needs is critical engagement with the Brotherhood, through discussions and constructive critique—not an outright ban.

‘Turkish’ hackers threaten to reset millions of iCloud accounts (Naked Security) Apple says it hasn’t been breached, but is facing a ransom demand, payable in cryptocurrency … or iTunes gift cards

Apple Responds to Hacker's Threat to Wipe Millions of iPhones (Fortune) Apple says an "alleged" list of iCloud passwords likely came from breaches elsewhere.

Leaked iCloud credentials obtained from third parties, Apple says (CSO Online) The iCloud credentials that the Turkish Crime Family hacker group claims to have weren't obtained through a breach of the Apple's services.

SAP GUI vulnerability “most dangerous” since 2011: ERPScan - Inside SAP (Inside SAP) Researchers from security firm ERPScan have disclosed a vulnerability in the SAP GUI application which it has described as perhaps the most dangerous SAP issue since 2011, as it affects not only every SAP customer but also every user.

Hizb-ul-Mujahideen’s Twitter handle hacked, messages of peace posted (The Indian Express) The tweets are critical of Yasin Malik, Kashmiri separatist and chairman of Jammu and Kashmir Liberation Front, and Hurriyat leader Syed Ali Shah Geelani.

Minecraft players get scams instead of mods (Help Net Security) Google has recently removed 87 fake Minecraft mods from Google Play, after being notified by researchers about their malicious nature.

Spam mails circulate file-shredding malware: how to protect yourself (Naked Security) Watch out for attacks that start with social engineering and sending convincing-looking emails targeted at companies

BEC Soars Again as Fraudsters Target Employees (Infosecurity Magazine) BEC Soars Again as Fraudsters Target Employees. Proofpoint stats reveal a growth in email fraud

Online scammers are exploiting Bitcoin; Cryptocurrency is tempting, experts say (Blasting News) Cybersecurity firm ZeroFOX says Bitcoin is attracting online scammers to commit online fraud.

Bitcoin rise fuels social media scams (CSO Online) The price of a single Bitcoin passed that of an ounce of gold for the first time this month, and scammers were quick to get in on the action with Ponzi schemes and phishing sites spread via social media.

Malvertising Campaign on Adult Sites Spreads Ramnit Trojan (BleepingComputer) Security researchers from Malwarebytes have discovered a new malvertising campaign targeting visitors of several adult websites, spreading the Ramnit trojan and focusing on users from Canada and the UK.

Android Forums hacked; password reset notice issued (HackRead) Android Forums, a popular platform for Android users, has announced that its servers were accessed by a third-party resulting in a data breach. In a securi

OPSEC in the Underground: A Look at Insider Trading (SecurityWeek) Like any business, cybercriminals offering their services need to develop and maintain a brand and reputation in order to attract customers.

Adviser support service hit by cyber attack (FT Adviser) The chief executive of advice community website Panacea Adviser has issued a warning after his email account was hacked

Security Patches, Mitigations, and Software Updates

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates (The Hacker News) Google announced its plans to gradually distrust Symantec's SSL certificates after the company was caught improperly issuing 30,000 certs over the past few years.

Google reports mixed progress on Android security (InfoWorld) Is the glass half full or half empty? The real issue is that it’s at the halfway mark and there's still a significant security road that Android must travel

Google reportedly removing SMS texting from Hangouts on May 22 (Ars Technica) But Google Voice users won't be affected as much.

CVE-2017-0022: Microsoft Patches a Vulnerability Exploited by AdGholas and Neutrino - TrendLabs Security Intelligence Blog (TrendLabs Security Intelligence Blog) Part of this month’s Patch Tuesday is an update for a zero-day information disclosure vulnerability (CVE-2017-0022), which we privately reported to Microsoft in September 2016. This vulnerability was used in the AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.

Cyber Trends

Industrial control systems: The holy grail of cyberwar (The Christian Science Monitor Passcode) Regulators and utility industry leaders need to wake up to the risks that could let malicious hackers cause widespread physical damage to the grid and other critical infrastructure.

New Deloitte Study Identifies Cyber Vulnerabilities in Manufacturing Supply Chains (Supply Chain Management Review) The new Deloitte study outlines the strategies that businesses must take to build cybersecurity efforts into their larger business plan and untimely protect their operations and their customers.

IT Security Pros and Network Operators View DDoS Attacks as an Increased Concern in 2017 (Yahoo! Finance) DDoS attacks are a greater security threat to businesses in 2017 than ever before, and Internet Service Providers need to do something about it according to a new survey of IT security professionals and network operators released today from Corero Network Security .

Diverse protections for a diverse ecosystem: Android Security 2016 Year in Review (Google) Today, we’re sharing the third annual Android Security Year In Review, a comprehensive look at our work to protect more than 1.4 billion Android users and their data.

Healthcare IT pros believe data is safer in the cloud (Help Net Security) Healthcare IT pros and executives believe that when facing hardware malfunctions, their organization's data is safer in the cloud than on premises.

Marketplace

Cyber Insurance Underwriting: What Role Do Security Ratings Play? (BitSight) Learn how Security Ratings play an integral role in the cyber insurance underwriting process, including transactions, benchmarking, and risk aggregation.

Column: How to balance IT and cybersecurity in the C-suite (Baltimore Business Journal) No longer just responsible for basic computer maintenance, CIOs drive innovation and implement strategic technology solutions.

Security for Industry 4.0 is a Key Topic at the Hannover Messe Trade Fair (Rhode & Schwarz Cybersecurity) The “Internet of Things” (IoT) or “Industry 4.0” allows companies in the manufacturing industry to make enormous innovative and productive leaps.

No One Has All The Solutions - Why BAE Systems Is Backing A Cyber Security Accelerator (Forbes) We all love to hear about tech startups. We love their innovative technologies and the way they apply new thinking to seemingly intractable problems. We love their disruptive business models and as they grow bigger and more successful, we are gripped by their growth stories. And occasionally, of course, we enjoy the opportunity to nod sagely and say 'I told you so' when they crash and burn.

FireEye’s stock rockets after Goldman swings to bullish from bearish (MarketWatch) FireEye’s stock soared on heavy volume after Goldman Sachs pulled an about-face, upgrading it to a buy from a sell.

Exclusive: FireEye CEO Talks Limits Of Cybersecurity, Company's 'Moat' (Benzinga) The frequency of high-profile cyber attacks have thrust security companies into the spotlight.

Is Kevin Mandia the Right CEO to Turn Around FEYE? (Madison.com) When Kevin Mandia was promoted to the CEO of FireEye (NASDAQ: FEYE) in June 2016, he inherited quite a challenge. His promotion was announced with the 2016 first-quarter earnings report,

Lockheed to continue helping DoD fight cybercrime (C4ISRNET) Lockheed Martin has been awarded a contract to continue helping the Department of Defense fight cybercrime.

Booz Allen Hamilton (BAH) Awarded 5-yr $86M Contract by National Geospatial-Intelligence Agency (StreetInsider) Booz Allen Hamilton (NYSE: BAH) announced that it has been awarded a five-year, $86 million contract by NGA-NGC to lead the Learning Management and Advancement Program (LMAP) that will provide high-quality learning solutions to equip a diverse workforce with the knowledge and skills necessary to meet current and future GEOINT mission requirements.

GSA looks to streamline cyber buying (FCW) As part of a new strategy for Continuous Diagnostics and Mitigation cybersecurity capabilities, GSA is looking to replace the blanket purchase agreement with a better governmentwide IT contract.

Scottish government promises jobs galore with new digital strategy (Computing) 16-point plan also calls for 'rural first' broadband development.

Palo Alto Networks commits to APAC customers by opening new Singapore office (Security Brief) Palo Alto Networks has moved into its brand new Asia Pacific headquarters in Singapore this week, opened by Dr. Yaacob Ibrahim.

Key executive appointment at Digital Shadows – focus on partner eco-system (Security Brief Asia) Digital Shadows has expanded their executive team, with a focus on utilising their partner eco-system.

Carbon Black poaches HPE channel chief to lead sales (Channel Pro) Miles Rippon will lead the company's channel business throughout EMEA

Products, Services, and Solutions

New infosec products of the week​: March 24, 2017 (Help Net Security) Here are some exciting new information security products from vendors including: Hearsay, IBM, Lookout, PacketSled, and SecureKey.

OPSWAT and Random Computing Services Announce Partnership (Benzinga) OPSWAT and Random Computing Services are partnering to offer the best cyber security solutions.

Tactical data system almost ready for prime time (C4ISRNET) Link 22, a NATO secure radio system, offers significant improvements over the legacy tool.

Technologies, Techniques, and Standards

Threat Intelligence Feeds: Overview, Best Practices, and Examples (Recorded Future) When designing your security program, knowing how to select the right threat intelligence feeds, and measure their ROI, is essential.

Doing Threat Intel the Hard Way - Part 6: Threat Intelligence Maintenance (Anomali) Once an analyst has decided on the validity of the threat, the output of that decision must be captured and stored, preferably within the system.

Prioritizing Threats: Why Most Companies Get It Wrong (Dark Reading) To stay safer, focus on multiple-threat attack chains rather than on individual threats.

What CISOs Can Learn from ER Doctors (Security Week) By working together and sharing missteps, defenders can gain crucial security insights and prevent the spread of attacks

Can High Speed Training Solve the Skills Gap? (Infosecurity Magazine) Recruiters must prioritize psychometric testing and high-speed training over degrees and ‘career experience

Design and Innovation

Blockchain can help secure medical devices, improve patient privacy (CSO Online) If implemented properly, blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.

This Security Expert Wants to Turn Defunct Online Stores into Malware Honeypots (BleepingComputer) Willem de Groot, a Dutch security expert, is asking owners of defunct or soon-to-be-dead online stores to donate their domains so he can set up honeypots and track credit card stealing malware and other types of cyber-attacks on e-commerce targets.

Sandia Testing New Intrusion Detection Tool That Mimics Human Brain (Dark Reading) Neuromorphic Data Microscope can spot malicious patterns in network traffic 100 times faster than current tool, lab claims.

Microsoft expands connected car push with patent licensing (PCWorld) Microsoft’s push into the connected car market continued Wednesday when it unveiled a new patent licensing program aimed at crafting deals for carmakers and other companies.

Academia

What it’s like at San Quentin’s coding school (TechCrunch) North of San Francisco, there’s a European-like fortress along the water that is "home" to over 3,000 prisoners. The surroundings are beautiful, but the..

Legislation, Policy, and Regulation

US-led coalition vows to crush 'Islamic State' (Deutsche Welle) A US-led 68-nation alliance says it remains "firmly united" in its resolve to wipe out the militant group. A meeting of the coalition in Washington was overshadowed by an attack in London and civilian deaths in Syria.

In Venezuela’s Toxic Brew, Failed Narco-State Meets Iran-Backed Terrorism (Foreign Policy) Venezuela has become a rabidly anti-American failed state that appears to be incubating the convergence of narco-trafficking and jihadism in America’s own backyard.

Canada and Nato attempt to define threshold for cyber-attack response (SC Magazine UK) Amidst a Russian war of intelligence and influence, the Canadian military considers what defines a cyber-attack under the Nato agreement and when it should call in help of other countries.

FBI director floats international framework on access to encrypted data (CSO Online) The FBI director James Comey is suggesting an international approach to solving the encryption debate. He proposes that the U.S. might work with other countries on a “framework” for creating legal access to encrypted tech devices.

FBI Adapting To Combat Cyber Threats, Director Comey Tells UT Conference (KUT News) FBI Director James Comey delivered the keynote address at a symposium on national security challenges at the University of Texas at Austin on Thursday.

Comey Says Surveillance Requirements Are Tough, And That's Good (Bloomberg) As claims and counterclaims about surveillance of President Donald Trump’s associates swirl in Washington, FBI Director James Comey struck a defensive tone Thursday about the power and constraints the bureau confronts when it comes to conducting electronic monitoring.

The Laptop Ban and What It Means for Air Travel: QuickTake Q&A (Bloomberg) Middle East airports and passengers are grappling with new U.S. and British rules barring laptops and other electronic gadgets in carry-on luggage. Both governments prohibited large electronic devices in the cabins of flights headed to their countries. In announcing the rules, officials cited security reasons but didn’t supply many specifics.

Airline devices ban: here’s what you need to know (Naked Security) Flying to the US or the UK? We’ve got some tips on how to pack your devices and secure your data if you’re flying out of one of the airports or on a carrier named in the bans

Data center optimization framed in cybersecurity, customer service terms for Trump administration (FederalNewsRadio.com) Advocating data center consolidation and optimization as a priority could be a tough sell to the Donald Trump administration.

Senate votes to kill FCC's broadband privacy rules (Network World) The U.S. Senate has voted to kill broadband provider privacy regulations prohibiting them from selling customers' web-browsing histories and other data without permission.

Microsoft exec gets new cyber job at DHS (Cyberscoop) Krebs started at the Department of Homeland Security this week as a senior counselor, generally working cyber issues.

Chamber of Commerce urges Trump to get business input for cyber strategy (TheHill) Chamber says new admin should 'harmonize' cyber regulations with NIST framework

Want to fix cybersecurity? Think about worst-case scenarios first (The Christian Science Monitor Passcode) Scenario thinking sketches out future cybersecurity problems and helps policymakers begin addressing tomorrow's digital dilemmas.

How to reform the outdated federal anti-hacking law (The Christian Science Monitor Passcode) The more than 30-year-old Computer Fraud and Abuse Act carries overly harsh penalties for trivial digital transgressions – and it needs to be completely overhauled (or abolished altogether).

Litigation, Investigation, and Law Enforcement

Killer was Muslim convert (Times (London)) The terrorist who brought carnage to Westminster was a Muslim convert and violent criminal known to the security services, it emerged last night, as the death toll rose to five. Khalid Masood, 52...

Police search homes linked to criminal with string of aliases (Times (London)) The Westminster killer was wildly itinerant, employed a range of pseudonyms and lied about his profession but had come from humble beginnings in the Home Counties, it has emerged. Khalid Masood, 52...

Copycats still worry Jewish group in Dallas after hacker's arrest in Israel (Dallas News) Israeli police on Thursday arrested a 19-year-old Israeli Jewish man as the primary suspect in a string of bomb threats targeting...

Spying claim by Intel chair renews fight over Russia probe (Military Times) The House intelligence committee chairman privately apologized to his Democratic colleagues on Thursday, yet publicly defended his decision to openly discuss and brief President Trump on typically secret intercepts that he says swept up communications of the president's transition team.

U.S. may accuse North Korea in Bangladesh cyber heist: WSJ (Reuters) U.S. prosecutors are building potential cases that would accuse North Korea of directing the theft of $81 million from Bangladesh Bank's account at the Federal Reserve Bank of New York last year, and that would charge alleged Chinese middlemen, the Wall Street Journal reported on Wednesday.

SSL sues Orbital ATK over confidential data breach - SpaceNews.com (SpaceNews) Space Systems Loral (SSL) has filed a lawsuit against Orbital ATK, alleging it accessed sensitive information about SSL satellite servicing technologies.

CNO: Cyberstalking and bullying victims should come forward (Navy Times) As Navy leaders continue to grapple with a military-wide scandal involving nude photos of service members, the service is encouraging victims to come forward.

A Multimillion Phishing Scam: Two Tech Giants Scammed into Paying Over $100M (HackRead) Evaldas Rimasauskas, a man from Lithuania, scammed two major US tech companies into wiring over 100 million Dollars several bank accounts. According to the

Ex-IT director accused of accessing his former employer for two years (Naked Security) Case again raises the issue of how organisations can protect themselves against rogue employees

‘I forgot my password’ doesn’t impress judge in a child images case (Naked Security) Is this defendant protected by the Fifth Amendment over revealing his password? Campaigners think he is – and predict that the case might go to the Supreme Court

Man sentenced to 3 years for Facebook threat to kill Obama loses appeal (Ars Technica) He told Secret Service of "biblical and constitutional duty" to assassinate Obama.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

Upcoming Events

SANS Pen Test Austin 2017 (Austin, Texas, USA, March 27 - April 1, 2017) Every organization needs skilled people who know how to find vulnerabilities, understand risk, and help prioritize resources based on mitigating potential real-world attacks. That's what SANS Pen Test...

cybergamut Tech Tuesday: Software Defined Networking Forensics (Elkridge, Maryland, USA, and online at various local nodes, March 28, 2017) Volatility and Tshark were critical components in Booz Allen Hamilton winning the 2016 Digital Forensics Research Work Shop (DFRWS) international Software Defined Networking (SDN) digital forensics challenge.

IT Security Entrepreneurs' Forum Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 28 - 29, 2017) SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment community in an open, collaborative environment focused...

PCI Security Standards Council: 2017 Middle East and Africa Forum (Cape Town, South Africa, March 29, 2017) Join your industry colleagues for a full day of networking and one-of-a-kind partnership opportunities. Whether you want to learn more about updates in the payment card industry or showcase a new product,...

Insider Threat 2017 Summit (Monterey, California, USA, March 29 - 30, 2017) The focus of the Insider Threat Summit is to discuss personnel security issues including cyber security challenges and capabilities, continuous evaluation of privileged identities and ethical physical...

2nd Annual Billington International Cybersecurity Summit (Washington, DC, USA, March 30, 2017) The 2nd Annual Billington International Cybersecurity Summit on March 30, 2017 at the National Press Club in Washington, DC will feature over 300 world class cybersecurity decision-makers from allied nations...

Yale Cyber Leadership Forum: Bridging the divide between law, technology, and business (New Haven, Connecticut, USA, March 30 - April 1, 2017) The Yale Cyber Leadership Forum will take place on Yale University's campus and will focus on bridging the divide between law, technology and business in cybersecurity. With McKinsey & Company as our knowledge...

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.