skip navigation

More signal. Less noise.

Daily briefing.

SecureWorks has been tracking Fancy Bear's activity during the run-up to last year's US elections, and they've found that activity to have begun as early as March 2015, and to have prospected some 6730 people. While there was clearly a lot of interest in the US election, that was far from Fancy Bear's only interest. Targets are said (by Motherboard) to have included "members of the US military, diplomats all over the world, Russian government critics, Hillary Clinton campaign staffers, and even Hillary Clinton." It was a phishing campaign, thus typical of the commodity-level approach that continues to pay off well for espionage services. Only 2% of the marks took the phishbait, but when you've trolled through nearly 7000 accounts, 2% is enough. SecureWorks was able to get the details they did because FancyBear left its Bitly url-shortener accounts public.

Reports suggest the EU will soon mandate backdoors in encrypted comms, which seems in tension with stringent privacy protection.

The ISS 6.0 vulnerability is being actively exploited against Windows Server 2003. Windows Server 2003 is beyond its end-of-life (so no patch).

Researchers at Palo Alto Networks have found two remote access Trojans, Troichilus and MoonWind, in active use against utilities and other targets in Thailand.

Open-source developers using GitHub should beware: the Dimnie Trojan is there, and being used against them.

Gizmodo says it's found FBI Director Comey's Twitter account. (The Director's handle is an homage to theologian Reinhold Niebuhr; you'd think a Chicago man would have chosen Paul Tillich.)

Notes.

Today's issue includes events affecting Australia, European Union, Georgia, Germany, Israel, Moldova, NATO/OTAN, Russia, Slovakia, Thailand, Ukraine, United Kingdom, United States.

A note to our readers: the CyberWire is in Tucson, Arizona, covering the Women in Cyber Security conference. We'll have reports on it next week. And next week we'll be dropping by the Navy League's annual SeaAirSpace expo to see what the sea services are working on in cyberspace. Finally, we'll be releasing new articles on both this week's SINET ITSEF 2017 conference and the just-concluded Billington International Cybersecurity Summit. Do watch those links.

In today's podcast we hear from our partners at the University of Maryland, as Jonathan Katz tells us about a bug recently discovered in the Z-Coin crytocurrency (which seems already to have cost people half a million dollars). Our guest, Bob Ackerman of Allegis Capital and the DataTribe, offers his take on how investors currently view the evolving cyber ecosystem.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

The Cyber Security Summit: Atlanta and Dallas (Atlanta, GA, USA, April 6, 2017) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Jailbreak Security Summit - Insecurity Tools (Laurel, Maryland, USA, April 28, 2017) Join some of the world's best security researchers as they talk about vulnerabilities in security tools at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors.

Dateline Billington International Cybersecurity Summit

Sophisticated threat actors are persistent threat actors (The CyberWire) Nation-states have earned their reputation as the most sophisticated and dangerous threat actors in cyberspace, but they're most distinguished not by their technology, but by their focus, determination, and persistence.

NSA technical director: Sharing hacker information isn't enough, we need a shared response - Cyberscoop (Cyberscoop) The nature of cyberthreats aimed at both the U.S. government and private American companies calls for a dramatic shift in how the larger cybersecurity community shares information about hackers and collectively responds to attacks, said Neal Ziring, technical director for the NSA’s Capabilities Directorate.

Cyber Attacks, Threats, and Vulnerabilities

New: Russian Hackers Targeted Hillary Clinton’s Campaign Email Ahead of the 2016 Election (Motherboard) New evidence shows that during their wide-ranging hacking campaign, Russian hackers tried to hack 6,730 people with 19,315 phishing links.

Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations (Palo Alto Networks Blog) Troichilus and MoonWind RATS used to target utility and other organizations in Thailand.

Jerusalem's municipality digital services under cyber attack (Ynetnews) Jerusalem's municipality revealed that, for the second time this week, the city's digital services, among them the municipality's website, are currently down due to a cyber attack. The services were shut down to prevent harm to the servers and the city's residents.

Dimnie Trojan targeting open source developers publishing on Github (Computing) Trojan targeting developers steals passwords, exfiltrates files, takes screenshots and can even self-destruct when it has served its purpose.

Malware campaign targets open source developers on GitHub (WeLiveSecurity) Be on your guard if you're a developer who uses GitHub - someone could be trying to infect your computer with malware.

Gizmodo found what looks to be FBI Director James Comey’s Twitter account (Ars Technica) Either way, this shows how difficult it is to maintain bulletproof operational security.

This Is Almost Certainly James Comey’s Twitter Account (Gizmodo) Digital security and its discontents—from Hillary Clinton’s emails to ransomware to Tor hacks—is in many ways one of the chief concerns of the contemporary FBI. So it makes sense that the bureau’s director, James Comey, would dip his toe into the digital torrent with a Twitter account. It also makes sense, given Comey’s high profile, that he would want that Twitter account to be a secret from the world, lest his follows and favs be scrubbed for clues about what the feds are up to. What is somewhat surprising, however, is that it only took me about four hours of sleuthing to find Comey’s account, which is not protected.

Here's How Not to Get Doxed Like FBI Director Comey (Motherboard) Separating your pseudonymous Twitter account from your real life identity can be tricky.

Developer Leaks Source Code for Nuclear Bot to Get Avowal From His Peers (Virus Guides) After falling victim to peer pressure, the creator of the Nuclear Bot banking Trojan decided to release its source code. Now everyone who wishes can use th

Actively exploited zero-day in IIS 6.0 affects 60,000+ servers (Help Net Security) CVE-2017-7269 won't be patched by Microsoft, because they stopped supporting Windows Server 2003 a few years ago (IIS 6.0 was included in the OS).

Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server (InfoWorld) A proof-of-concept exploit has been published for a zero-day vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported

Microsoft Zero Day to Stay Unpatched (ISS Source) Microsoft Internet Information Services (IIS) 6.0 has a Zero Day vulnerability attackers leveraged last summer and is likely undergoing exploitation now, researchers said.

How Mobile Phones Turn Into A Corporate Threat (TrendLabs Security Intelligence Blog) Over the last year, the number of mobile phones overtook the world population. In countries like the United States, mobile subscribers outnumbered traditional landline users and half of Americans shifted to mobile-only to communicate. In modern smart cities, wireless-only buildings are becoming the new construction standard for homes, factories, and organizations in general. Landline phones are going away—sooner rather than later.

Escaping a Python sandbox with a memory corruption bug (Hacker Noon) A few weeks ago I decided to scratch an itch I’ve been having for a while — to participate in some bug bounty programs. Perhaps the most…

Let’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself (Naked Security) Checking that a website uses HTTPS is one way of checking if it’s legitimate – but what happens when the scammers are buying SSL certificates that include the name of the company they…

Nintendo Switch emulator bait used to spread malware and ransomware, warns Norton (Computing) All bait and no Switch, warn security researchers.

Blizzard's World of Warcraft fans hit by phishing scam (HackRead) Hackers have centered their attention towards a famous game “World of Warcraft, ” and things aren’t looking good for its fans. According to the Graham Clul

7 sexy high-tech enterprise ‘surveillance engineering’ techniques that criminal hackers use (CSO Online) 7 ways criminal hackers use high-tech surveillance—sometimes with a social engineering element—to tap into the enterprise to get the keys to your kingdom, or sensitive information.

Aviation-Related Phishing Campaigns Seeking Credentials (Threatpost) Researchers warn of a wave in aviation-themed phishing attacks that aim to steal credentials and install malware.

UK residents hit with extremely personalized scam emails (Help Net Security) A compelling and potentially very successful email spam campaign is being leveraged against UK residents, urging them to download a malicious attachment.

The scam that knows your name and home address – here’s what to do (Naked Security) The scam that knows your name and home address – here’s what to do

Falling in love online? Don’t get caught out by the Tinder scammers (Naked Security) Don’t join the guys who were daft enough to hand over $5 each to a woman online – here are some tips to avoid falling into a trap

IoT: The blind spots in your network (IT Pro Portal) Connected devices may be easy to use but they come at a security cost.

Cyberspace’s most dangerous places put your personal data at risk (Dayton Daily News) Anyone with a mobile device is at risk of having private personal and financial information stolen. But dangerous software and applications often lurk

Report: Criminals find profit rates of up to 95 percent with DDoS attacks (CSO Online) The emergence of the DDoS-as-a-service industry has lowered the costs for attacks to $25 or less, allowing criminals with no technical expertise to reach profit margins of up to 95 percent, according to a report released last week

Security Patches, Mitigations, and Software Updates

More fun in the sandbox: Experts praise security improvements to Edge (Register) Time will tell if Microsoft's browser is less ez2pwn

Cyber Trends

Gemalto releases findings of 2016 Breach Level Index (Gemalto) Almost 1.4 billion data records compromised in 2016 as hackers targeted large-scale databases across industries

The Business of Security: How your Organization Is Changing beneath You (Dark Reading) And why it's your job to change with it and 'skate where the puck is headed.'

Insider Threat Fear Greater Than Ever, Survey Shows (Dark Reading) More than half of security pros say insider threat incidents have become more frequent in the past 12 months.

49 Percent of Organizations Don't Know if They've Experienced Insider Attacks (eSecurity Planet) And 74 percent feel vulnerable to such attacks, a recent survey found.

Internet's Security Woes are Not All Technical (Dark Reading) Google engineer Halvar Flake told Black Hat Asia attendees that flaws in organizational structure and market power put enterprises at risk.

‘Cyber criminals will prey on future homes’ (The Times of India) With 1.3 billion connected devices and Internet of Things (IoT) devices expected to populate homes in India by 2021, home networks can become easy targets for cyber criminals, said global cyber security agency Fortinet.

Law Firms Face Increase in Attacks (Infosecurity Magazine) One in four of all legal firms have been the subject of a cyber-attack

Marketplace

Worldwide spending on security technology to reach $81.7 billion in 2017 (Help Net Security) IDC forecasts worldwide revenues for security-related hardware, software, and services will reach a whopping $81.7 billion in 2017.

Mastercard acquires NuData Security (Help Net Security) Mastercard has entered into an agreement to acquire NuData Security, a technology company that helps businesses prevent online and mobile fraud.

Extreme Networks to acquire Brocade's networking business (CRN Australia) Expand its assault on Cisco, HPE, others.

ESET-DESlock acquisition pays off in data encryption test (Security Brief) “Given the growing importance of IT and data security, this is the first time AV-Comparatives has conducted a test on business encryption."

Corero Network rises as chairman signals plan to back share placing (Proactiveinvestors UK) Corero Network Security PLC (LON:CNS) - Chairman Jens Montanana already holds 34.1% of the company but wants to pump more money into Corero, which would take his stake above 50%.

Yes, FireEye Inc (FEYE) Stock Is for Real (InvestorPlace) A few months ago, you couldn't give FireEye away. Now it's a struggle to buy FEYE stock at a price you can live with.

Proofpoint Growing On The Back Of Human Error (Seeking Alpha) Proofpoint continues to gain share in its target markets like email security, advanced threat detection, archiving, and data loss prevention as bigger rivals fo

The 3 Best Firewall Companies to Buy in 2017 (Madison) The total number of data breaches in the U.S. rose 40% in 2016 to hit a record high according to the Identity Theft Resource Center. That's why research firm Markets

Palantir Officials Reject Investor's Request for Records (Bloomberg) The secretive data-analytics company Palantir Technologies Inc. is intent on keeping its information private.

Greystones awarded DIA contract at undisclosed value (C4ISRNET) Greystones Group has been awarded a prime contract for visual media analysis software.

General Dynamics Selected to Provide Enterprise IT and Cloud Services to NATO (General Dynamics) General Dynamics Information Technology, a business unit of General Dynamics (NYSE: GD), was awarded a contract by the NATO Communications and Information Agency (NCI Agency) to deliver the most significant upgrade to the organization’s technical infrastructure in decades.

Lastline Announces Lastline Labs -- Research Team Fuels Innovation (Yahoo! Finance) Lastline Inc., the leader in advanced malware protection, today introduced Lastline Labs, its internal research group and innovative core. Lastline Labs brings together some of the most brilliant minds ...

Ministry of Justice ups salary for CISO role in a bid to flush out qualified candidates (Computing) New job ad with higher salary of up to £117,800 for MoJ CISO.

Products, Services, and Solutions

New infosec products of the week​: March 31, 2017 (Help Net Security) Here are some exciting new information security products from ClearSky Data, Core Security, ManageEngine, Qualys, ViaSat and Waterfall Security.

Bricata adds AI to its cybersecurity tools (Technical.ly Baltimore) The Columbia-based startup inked a deal with buzzy cybersecurity company Cylance.

Chain Integrates Blockchain Technology with Thales Hardware Security Modules (Thales) Collaboration allows leading institutions to launch blockchain networks in production

Deloitte announces next generation cyber risk platform enabled by Dragos for Industrial Control Systems and Operational Technologies Security (Deloitte United States) Deloitte and Dragos offer combined services and technology to bolster cybersecurity in Industrial Control Systems (ICS) and Operational Technology (OT) networks.

Deloitte to expand cyber risk platform for industrial control systems, operational technologies security (World Oil) Deloitte has announced plans to expand its cyber risk platform for end-to-end industrial control systems (ICS) and operational technologies (OT) security with next generation technology enabled by Dragos, a cybersecurity company focusing on securing ICS and OT networks.

An AI Startup is About to Make Robbery More Difficult (PRNewswire) We've all watched the movie scene where the bank teller attempts to reach a silent alarm while a robbery takes place. Deep Science AI is about to make that scenario a thing of the past with its AI surveillance (AIS) platform for businesses.

Namecheap Offers Free Comodo SSLs for Symantec Customers (Fox 34) Free SSLs allow continuation of 'trusted site status' on Google

Norton By Symantec Launches Wi-Fi Security Software Starting From ₹2,999 (Huffington Post India) The software works on all the platforms including Android, iOS, Windows and Mac

cStor and Cylance Win Bid to Implement Advanced Cybersecurity and Endpoint Protection Solution for State of Arizona Agencies - Press Release Rocket (Press Release Rocket) cStor and CylancePROTECT® to help advance cybersecurity strategy and secure state agency data, systems and endpoint device (PRWEB) March 30, 2017 cStor, a leading provider of data center, cloud and cybersecurity solutions, today announced that the company and its channel partner, Cylance® Inc., have been selected to implement an advanced endpoint protection and cybersecurity solution …

CylancePROTECT® selected by SANS Community as Best Endpoint Protection Product of 2016 (SAT PR News) Nominees and winners selected by actual product users in SANS community of security specialists

​All tech giants fail on security disclosure, but Microsoft and Google do best (CIO New Zealand) A new report ranking of a dozen tech giants finds that all of them could do better at explaining how user data is secured.

Technologies, Techniques, and Standards

US Border Policy Shifts May Drive Changes in Laptop Security (Dark Reading) In-cabin laptop ban and requirements to unlock devices for border patrol could have enterprises revisiting their on-device data policies.

Post-FCC Privacy Rules, Should You VPN? (KrebsOnSecurity) Many readers are understandably concerned about recent moves by the U.S. Congress that would roll back privacy rules barring broadband Internet service providers (ISPs) from sharing or selling customer browsing history, among other personal data.

Payment Card Industry Security Compliance: What You Need to Know (Dark Reading) A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.

The cost of compromised credentials creeps up (Third Certainty) The most common credentials are a combination of username and password, but those have lost a good bit of their protective powers. Next-generation credentials also are edging toward a precarious place. Here’s what you need to know about the dangers of compromised credentials and how to mitigate those risks. The speed of work these days …

2 Common Barriers to Effective Threat Intelligence (Recorded Future) Creating insight from threat data is easier said than done. There are two main barriers that stand in the way of creating effective threat intelligence.

Smart Whitelisting Using Locality Sensitive Hashing (TrendLabs Security Intelligence Blog) Trend Micro Locality Sensitive Hashing (TLSH) is a kind of fuzzy hashing that can be employed in machine learning extensions of whitelisting.

Ways To Maintain Your Cybersecurity Infrastructure (Anomali) Network security is a great undertaking early on. The benefits to protecting your network are immediate as well as beneficial in the long term. However, the systems and practices which defend your organization and its network are not a “set it and forget it” machine. As threats are continually evolving, so must your defenses. Don’t let complacency set in to the point where you’re relying on an outdated cyber security infrastructure.One component of a security plan that

A strong cyber recipe starts with a base of planning and a dash of creativity (FederalNewsRadio.com) Cyber experts from agencies and industry say the best defense starts with basic "blocking and tackling," and then adding a layer of creativity.

It’s the technology, stupid (The Hindu Business Line) Eleven reasons why the Aadhaar is not just non-smart but also insecure

Design and Innovation

Silicon Valley begins putting cyberbullies in the crosshairs (The Christian Science Monitor Passcode) With the rate of digital bullying increasing, tech firms escalate efforts to build automated tools that can detect and flag online harassment.

Research and Development

A more connected military means new battlefield glitches, too (The Christian Science Monitor Passcode) With its $52 million initiative to vastly expand connectivity and technology on the front lines, the US Army knows it may also give enemies new digital targets to hack or manipulate. Is it up for the challenge?

Vancore Labs to conduct research for DARPA (C4ISRNET) The U.S. Defense Advanced Research Projects Agency (DARPA) has awarded Vencore Labs contracts valuing $17.7 million for research in cyber defense.

AM General, Army to test autonomous vehicle system (UPI) An autonomous vehicle for transporting personnel and equipment within U.S. military facilities is being developed by AM General and the Army.

Army awards deals for autonomous reasoning (C4ISRNET) The contracts are for Charles River's Figaro open-source, probabilistic programming language for probabilistic modeling.

Elon Musk Isn’t the Only One Trying to Computerize Your Brain (WIRED) These companies are applying the Silicon Valley playbook to neuroscience.

Academia

LSU Applied Research Center positions Louisiana as a U.S. Cybersecurity Hub (BRPROUD) An organization at LSU that provides solutions for the defense and intelligence communities has received contracts totaling nearly $5 million from the U.S. Department of Defense for the university's growing cybersecurity expertise. Two large cybersecurity contracts have been awarded to Nascent Technologies Corporation, or NTC.

Coppin State University offers new cyber security program (WMAR) A new cyber security program at Coppin State University will train and employ graduates with the Department of Defense.

Israel teaches cybersecurity skills to its high schoolers (Public Radio International) A program for gifted 10th-graders teaches them coding, encryption and how to defend a computer network against hacking. Many of the students will end up in Israel's equivalent of the NSA.

Legislation, Policy, and Regulation

Now Europe is Looking to Undermine Encryption (Infosecurity Magazine) Now Europe is Looking to Undermine Encryption. Commission may look to force the hand of tech giants

Encryp-xit: Europe will go all in for crypto backdoors in June (Register) App-makers get a choice: Open up voluntarily or we'll pass laws forcing you to

GDPR: What to do with conflicting legislation (Computing) 'GDPR says to delete data after a certain period, while other regulations demand we keep data forever.' An IT leader explains his conundrum.

Privacy Babel: Making Sense of Global Privacy Regulations (Dark Reading) Countries around the world are making their own privacy laws. How can a global company possibly keep up?

German military to unveil new cyber command as threats grow (Reuters) Germany's military will launch a cyber command next week as part of an effort to beef up online defenses at a time when German spy agencies are warning of increasing cyber attacks by Russia.

'It's in our COMMON INTEREST' Germany warns security WILL NOT be used as bargaining chip (Express) The German Defence Minister has warned security will not be used as a bargaining chip during Brexit negotiations and called for greater military cooperation with the UK.

Ukrainian cybersecurity slowed by need to replace Soviet-era tech (C4ISRNET) The effort to upgrade intelligence capabilities and cyber protections is especially complex in Ukraine, as most existing Ukraine systems are, in fact, Russian in origin.

Countering Information War: Lessons Learned from NATO and Partner Countries (Globsec Policy Institute) In 2013, General Valery Gerasimov published an article, now know famously as “Gerasimov’s Doctrine”, which defined information warfare as the combination of electronic warfare, cyberwarfare and psychological operations into a single, coordinated military effort.

DHS issued two more Binding Operational Directives on cyber in final months of Obama term (FederalNewsRadio.com) DHS told Congress it’s seeing dividends from the legal authority to force agencies to take steps to improve their cybersecurity posture.

TRANSCOM worried about cybersecurity gap between DoD and civilian networks (FederalNewsRadio.com) U.S. Transportation Command uses a lot of civilian businesses, but is their difference in cybersecurity standards harming national security?

Confirmation of DHS intelligence head is too important to politicize (TheHill) OPINION | Grilling David Glawe on Trump's travel ban is just for legislators to levy political opinions unrelated to his role.

Lawmakers press budget chief on cybersecurity guidance for federal acquisitions (TheHill) The OMB never finalized the guidance in 2015.

Cyber Command looking to equip its cyber warriors (C4ISRNET) Cyber Command is now looking to equip its cyber warriors with tools and platforms to conduct full spectrum cyber operations.

Privacy activist wants to unveil lawmakers' browser histories (CSO Online) When members of Congress approved a resolution that would toss out significant online privacy protections, one Internet user decided to do something about it.

Litigation, Investigation, and Law Enforcement

Senator: Russia used 'thousands' of internet trolls during US election (CSO Online) The Russian government used "thousands" of internet trolls and bots to spread fake news, in addition to hacking into political campaigns leading up to the 2016 U.S. election, one senator said.

Russian experts paint sinister picture of Russian meddling (WRAL.com) Russian experts painted a sinister picture of Russian meddling in the 2016 election Thursday, telling the Senate intelligence committee about fake news, cyber trolls, smear campaigns and even slayings they say could have ties to the Kremlin.

Opinion | Today’s Russia hearings actually revealed something new and important (Washington Post) Senate Republicans now seem to be taking this story very, very seriously.

White House tells Russia probers: Come see intel yourselves (Military Times) The White House refused to say on Thursday whether it secretly fed intelligence reports to a top Republican investigating possible coordination between Russia and the 2016 Trump campaign. Fending off growing criticism, the administration invited lawmakers from both parties to view classified material it said relates to surveillance of the president's associates.

A Brief Timeline of Devin Nunes’ Odd White House Ties (WIRED) The House Intelligence Committee chair has had himself quite a week.

Mike Flynn Offers to Testify in Exchange for Immunity (Wall Street Journal) Mike Flynn, President Donald Trump’s former national security adviser, has told the FBI and congressional committees investigating the Trump campaign’s potential ties to Russia that he is willing to be interviewed in exchange for a grant of immunity from prosecution, according to officials with knowledge of the matter.

Flynn’s Public Offer to Testify for Immunity Suggests He May Have Nothing to Say (Just Security) The Wall Street Journal is reporting that former National Security Advisor Mike Flynn told the FBI and Congress that he is willing to testify in

Meet the Midwestern Contractor That Appears Hundreds of Times in the CIA WikiLeaks Dump (The Intercept) At Northrop Grumman's Xetron, some employees were suddenly asked to take polygraph tests. The company contracts with the CIA.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

WiCyS 2017: Women in Cybersecurity (Tucson, Arizona, USA, March 31 - April 1, 2017) The WiCyS initiative has, since 2013, become a continuing effort to recruit, retain and advance women in cybersecurity. It brings together women (students/faculty/researchers/professionals) in cybersecurity...

GITECH Summit 2017: Revolution of Solutions (Annapolis, Maryland, USA, April 2 - 4, 2017) The GITEC Summit “Revolution of Solutions: Transforming Government” will be held April 2-4, 2017 at the Westin Annapolis. This year’s summit will focus on the continued transition and transformation surrounding...

SeaAirSpace (National Harbor, Maryland, USA, April 3 - 5, 2017) The Navy League's Sea-Air-Space Exposition brings the U.S. defense industrial base, private-sector U.S. companies and key military decision makers together for an annual innovative, educational, professional...

InfoSec World Conference and Expo 2017 (ChampionsGate, Florida, USA, April 3 - 5, 2017) The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. The conference is most suitable for those whose responsibilities include...

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.