skip navigation

More signal. Less noise.

Daily briefing.

Intel has acknowledged and begun to fix a firmware vulnerability researchers say is nine years old. The company warns that, if left unpatched, the flaw could lead to remote management takeover of systems using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability. These are widely used by small and medium enterprises, who are advised to work through the patching as soon as practicable.

IBM inadvertently shipped Trojanized USB sticks to customers. The devices were to be used as initializers for IBM Storwize disk racks. The company is advising customers to destroy the USB drives. The malware is apparently a Trojan dropper that enables installation of other malware; according to Kaspersky researchers, this particular malware strain has hitherto mostly affected Russian systems.

Cybereason reports that "ShadowWali," a run-of-the-mill but quietly effective backdoor, has been used to attack Japanese businesses since 2015.

Check Point warns that OSX/Dok, malware that installs a backdoor and monitors web traffic, has been spreading through European targets. Like most successful Mac malware, it's disseminated through phishing. The phishbait has been official-looking but bogus emails purporting to be from, for example, national tax departments.

Neustar today released a major study of DDoS trends. The problem is increasing: the size, pace, and volume of attacks have grown significantly over the past year, as have the costs they exact from enterprises.

There's growing sentiment in the UK's Parliament to punish social media and Internet service providers who fail to stop "hate speech" from crossing their platforms.

Notes.

Today's issue includes events affecting Belgium, China, Czech Republic, Denmark, European Union, Germany, Japan, Democratic Peoples Republic of Korea, Lithuania, NATO/OTAN, Russia, South Africa, Sweden, United Kingdom, United States.

A note to our readers: Recorded Future's weekly threat intelligence podcast (produced in partnership with the CyberWire) is out. This week's episode is on "Going Dark: Fact vs. Fiction on the Dark Web."

On today's podcast our partners at the University of Maryland's Center for Health and Homeland Security are represented by Ben Yelin, who talks about the surprisingly large and intricate black market for tractor maintenance software. We also hear from a guest, Nehemiah Security's Paul Farrell, about minding the security basics.

Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.

Cyber Attacks, Threats, and Vulnerabilities

Hacking is now so common that even small nations are doing it (Charlotte Observer) Cyber espionage is cheaper, more efficient and less costly than conventional spying, and tech analysts say smaller countries are building up their capacities. One analyst calls the flurry of global activity part of a “golden age of espionage.”

Inside Russia’s Fake News Playbook (The Daily Beast) Clint Watts is testifying Thursday before the Senate’s armed services committee on how Russia became the kings of black propaganda. Here’s what he told the senators.

Spies in South Africa (Wilson Center) To understand how Russian intelligence views the world, look to its history in Southern Africa

Vulnerability hits Intel enterprise PCs going back 10 years (CSO Online) Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over the past decade.

Remote security exploit in all 2008+ Intel platforms (SemiAccurate) Updated: Nehalem through Kaby all remotely and locally hackable

IBM Ships Trojanized USBs to Storage Customers (Infosecurity Magazine) The malware is a trojan dropper that can be used to fetch an array of secondary malware, including ransomware and espionage worms.

ShadowWali Malware Discovered, Attacking Japan Since 2015 (Infosecurity Magazine) ShadowWali gathers information about the compromised machines and their networks, in addition to stealing sensitive information and credentials.

Dok Mac malware intercepts victims' web traffic, installs backdoor (Help Net Security) A new piece of Mac malware, more insidious and dangerous that all those encountered before, has been flung at (mostly) European users.

New macOS malware OSX/Dok requires a lot of manual steps (Macworld) OSX/Dok is now blocked, but it didn’t rely on any system exploits to install.

Latest Apple malware on the surge hides in networked printer files (TechNetOnline) A new version of Apple malware has been found and it has started to spread to Apple Macs via the networked printer file files. The malware is a kind of ‘Backdoor Trojan’ and some experts have named this Trojan as ‘Pintsized’. Apple Mac OS X is troubled by this malware but as of now, the …

Scam texts impersonate major retailer (CQ News) Say hello to smishing, the new way of parting people and their money.

The continuing threat of POS malware (Trend Micro: Simply Security) As attacks increase and hackers realize the profit that stolen data from POS systems could bring, cybercriminals are creating more advanced malware to support their nefarious exploits.

Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go) (TrendLabs Security Intelligence Blog) A reflection of how far Cerber has come in the threat landscape—and how far it’ll go—is Cerber Version 6, the ransomware’s latest version we’ve uncovered.

New version of the CryptoMix Ransomware Using the Wallet Extension (BleepingComputer) A new variant of the CryptoMix ransomware was discovered that appends the email addresses shield0@usa.com & admin@hoist.desi along with the .Wallet extension.

Hacker Leaks Episodes From Netflix Show and Threatens Other Networks (New York Times) The hacker or hackers, known as “thedarkoverlord,” demanded ransom after stealing 10 episodes of the next season of “Orange Is the New Black.”

Why That Orange Is the New Black Leak Was Never Going to Pay Off (WIRED) Putting an unreleased series on the Pirate Bay unless Netflix pays up? Good luck with that

Car Hackers Remotely Steal Keyless BMW within Seconds (HackRead) As recently as April 4, a security camera recorded two people simply walking around a car and one of them was holding some type of bag

Malware Author Inflates Backdoor Trojan With Junk Data Hoping to Avoid Detection (BleepingComputer) A malware coder is injecting megabytes of junk data inside his malicious payloads, hoping to avoid detection by some antivirus solutions or delay investigations of infosec professionals.

You've been to 10 concerts and one might be a security risk (WBAL) Security experts are warning people about a popular Facebook meme.

Ciphr blames rival company for partial data dump of its users (Graham Cluley) Ciphr, a company which offers encryption services for smartphone users, claims that a rival firm are behind a data dump of its customers' email addresses and IMEI numbers.

Retina-X admits they have suffered a data breach (Help Net Security) Retina-X Studios, the makers of several consumer-grade monitoring products, have finally announced that they have suffered a data breach.

The Power of Botnets: Amplifying Crime, Disinformation, and Espionage (Cipher Brief) Imagine an army of computers, acting under the instructions of a criminal syndicate, terrorist group, or foreign government. The sheer size of this network of devices augments the computing power of a single hacker, allowing them to coordinate attacks capable of knocking offline crucial websites belonging to banks, social media, and news organizations.

Two Years Later, Still at Least Twice as Likely (BitSight) Companies with botnet grades of ‘B’ or lower are twice as likely to experience a data breach. Learn about the other risk vectors that correlate to data breaches.

Going Dark: Fact vs. Fiction on the Dark Web (Recorded Future) What is the dark web really like? In this episode, we take a tour of the dark halls and back alleys of the dark web to separate fact from fiction.

Barts Health NHS Trust suffers catastrophic IT failure - for EIGHT days (Computing) Critical clinical systems at Barts affected on April 20 and still haven't been fixed

Security Patches, Mitigations, and Software Updates

Intel fixes nine-year-old remote-code execution flaw in its Management Engine technologies (Computing) Reports suggest Intel never took reports of the flaw seriously - until recently

Do you have Intel AMT? Then you have a problem today! Intel Active Management Technology INTEL-SA-00075 (SANS Internet Storm Center) There have been some reports to us about an issue with Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability [1]. It might be a good idea to review Intel’s security bulletin INTEL-SA-00075, which outlines a Privilege Escallation vulnerability.

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege (Intel Security Center) There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.

Storwize USB Initialization Tool may contain malicious code (IBM Support) IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code.

Apple Revokes Certificate Used By OSX/Dok Malware (Threatpost) Apple takes countermeasures to neutralize OSX/Dok HTTPS-snooping malware by revoking a hijacked certificate updating its XProtect built-in anti-malware software.

Microsoft Boosts Safety with Windows Defender Security Center (NewsFactor) The latest update to Microsoft's Windows 10 operating system features a number of changes to its built-in security protection. Rolling out in phases since April 11, the Creators Update adds a new dashboard display for Windows Defender, introduces dynamic locking capabilities and also offers new privacy controls.

Windows 10 adoption is accelerating, many concerns remain (Help Net Security) The vast majority of IT organizations have installed Windows 10, but there is still great variation in the current level of Windows 10 adoption.

Flickr Vulnerability Worth $7K Bounty to Researcher (Threatpost) Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty.

Cyber Trends

DDoS attacks: $100,000 per hour is at risk during peak revenue generation periods (Help Net Security) When it comes to DDoS attacks, 63% of the respondents stated that at least $100,000 per hour is at risk during peak revenue generation periods.

Worldwide DDoS Attacks & Cyber Insights Research Report: Taking Back the Upper Hand from Attackers (Neustar) The DDoS threat has changed dramatically since I first started the DDoS protection industry years ago. Back then, a 1 Gbps attack was considered large and could take down an enterprise for several days.

What CISOs Need To Know About The State Of Cybersecurity (Forbes) Enterprises are under an endless stream of cyberattacks. The sophistication of these attacks is evolving, and the number is not expected to decrease. Any emerging technology -- be it mobile devices and related BYOD policies, artificial intelligence and machine learning, or IoT -- not only brings new opportunities but also widens the field of possible attack.

Network Security Creates a (Infosecurity Magazine) Eighty-two percent of mid-tier companies spend 20 to 60 hours per week to procure, implement and manage security products

Human weakness enabling financial cybercrime (CSO Online) Cybercrime costs $3 trillion worldwide. One reason, a Boston police detective told a Boston banking audience, is because they make it too easy.

Financial Services Sector the #1 Target of Cybercriminals (Dark Reading) New IBM report finds the most frequently targeted industry in 2016 was financial services - where attacks increased 29% year-over-year.

200 million financial services records breached in 2016, 900% increase from 2015 (Help Net Security) The financial services industry was attacked more than any other industry in 2016 – 65 percent more than the average organization across all industries.

Dan Geer: Cybersecurity, Humanity’s Future ‘Conjoined’ (Threatpost) Dan Geer’s Source Boston keynote included a declaration that cybersecurity and humanity’s future are forever conjoined.

Brocade reveals skills issues for IT (Enterprise Times) Brocade highlights how IT departments have lost their decision-making  capabilities and are facing a massive skills shortage in a decade.

Marketplace

Gemalto finalizes the acquisition of 3M's Identity Management Business (NASDAQ.com) The company in-sources biometric technology for governmental and commercial applications

Cisco to acquire software-defined, wide area networking vendor Viptela for US$610 million (CRN Australia) Taking a major stake in SD-WAN.

Equinix completes $3.6 billion deal to buy 29 data centers from Verizon (TechCrunch) Equinix, an international data center company based in Redwood City, California, announced today that it has completed the purchase of 29 data centers from..

If Apple has $250 billion in the bank, is a large tech firm acquisition likely? (Computing) Could Apple buy out Tesla to give its electric car ambitions moving?

Defense contractor Lockheed Martin to incorporate blockchain technology into operations (EconoTimes) Lockheed Martin, a global security and aerospace company headquartered in Maryland, has become the first U.S. defense contractor to incorporate blockchain technology into its development processes.

US Defence Contractor Partners With Guardtime Federal On Blockchain Integration (CoinTelegraph) US defense contractor Lockheed Martin has announced a pioneering venture into Blockchain through a formal partnership with Guardtime Federal.

Siemens, Darktrace form cyber security partnership (OE Digital) Darktrace, a provider of Enterprise and Industrial Immune System technology, and Siemens, a global engineering and technology provider, have entered i...

Should you pay for antivirus software? (The Denver Post) Welcome to the first official Denver Post Tech+ newsletter! The response I (that’s me, Tamara Chuang, a technology writer) get from readers each week tells me you are willing to pay for ̵…

Tenable Network Security opens international HQ in Ireland (Baltimore Sun) Tenable Network Security, the fast-growing Columbia-based cybersecurity company, announced Monday that it has opened a new international headquarters in Dublin, Ireland.

Code Dx Announces Appointment of Curtis Dalton to its Board of Directors (PRWeb) Code Dx, Inc., a provider of an award-winning suite of time-saving and easy-to-use tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced the appointment of Curtis Dalton, chief information risk officer and security services executive.

Bricata Adds Two More Veteran Cyber Security Executives to Roster (Bricata) Bricata, LLC, a developer of network intrusion detection and prevention solutions, announced today it has added two more veteran cyber security executives to its leadership team. Druce MacFarlane joins as vice president of Products and Marketing, while Randy Fallis joins as vice president of Sales and Customer Strategy. The two new executives add more depth to an existing management team with an impressive track record for solving complex problems in the cyber security space.

Finance and government veteran Mark Morrison joins OCC as chief security officer (CSO Online) OCC will look to Morrison to implement security best practices and to minimize risk.

Products, Services, and Solutions

ThreatQuotient and Bandura Integrate to Simplify Threat Defense (ThreatQuotient) Superior Prioritization of Indicators and Noise Reduction Enables Powerful Security Teams

EclecticIQ Simplifies Threat Intelligence with Fusion Center Launch (PRNewswire) EclecticIQ, the cyber threat intelligence technology provider, has announced the launch of EclecticIQ Fusion Center, a revolutionary approach to the collection, analysis, and distribution of cyber threat intelligence.

​Optus, LifeJourney launch online cybersecurity experience for students (ZDNet) The Optus Cyber Security Experience is aiming to teach students the skills needed to combat the cybersecurity threats expected to face Australia in the future.

Townsend Security Secures Nonpublic Personal Information (NPI) for Financial Services and Personally Identifiable Information (PII) (Yahoo! Finance) Townsend Security, a leading provider of encryption and key management solutions, today announced that Alliance Key Manager can help businesses in the ...

Deloitte Earns NSA's Certified Incident Response Assistance Accreditation (PRNewswire) Deloitte announced today that it has earned the prestigious National Security...

Sophos Intercept X Thwarts Ransomware Before It Encrypts Files (eWEEK) Sophos Intercept X watches for activity that presages a ransomware-like activity to warn users and system managers of suspicious activity before files are encrypted and ransomware demands are dispatched.

Zscaler Announces FedRAMP "In Process" Milestone (Yahoo! Finance) Zscaler, Inc., the leading cloud security company, today announced that its certification for the Federal Risk and Authorization Management Program is "in process," under the sponsorship of the ...

ESET launches free security awareness training (BetaNews) Cyber attacks are a big problem for businesses and since many of them are caused by human error training employees to spot the signs of an attack is vital.

UBF launches cyber threat intelligence sharing platform (GulfNews) New initiative will enable banks to collect and share data on cyber threats

Waterfall Unidirectional Security Gateways Earn Common Criteria EAL4+ and NITES Certifications for Its Latest Products (Yahoo! Finance) Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructures and industrial control systems, today announced ...

Red Education signs security training deal with Symantec, EC-Council (Security Brief) IT training firm Red Education has signed deals with Symantec and EC-Council, with a third vendor expected to be announced this week.

Technologies, Techniques, and Standards

NSA suggests using virtualization to secure smartphones (CSO Online) The U.S. National Security Agency is now suggesting government departments and businesses should buy smartphones secured using virtualization, a technology it currently requires only on tablets and laptops

Data security and mobile devices: How to make it work (Help Net Security) There has been a lot of hype in the media about messaging tools. But recently, some of the headlines have taken a negative turn.

Defending Against the Quantum Future (SIGNAL Magazine) The government is racing to identify technologies that will resist the threat from quantum computers, which will render today’s encryption obsolete.

GDPR and ePrivacy will impose 'a much higher bar' on website owners, marketers and list brokers (Computing) While the finer points of the new legislation are still being hammered out, the direction of travel is clear

Deception as Defense - Turning the Tables on the Hackers (Infosecurity Magazine) New approaches are emerging in which organizations can turn the tables on the attackers

Czech cybersecurity experts win cyber defense exercise (Fifth Domain Cyber) International security experts focused on protecting national IT systems have competed and completed Locked Shields 2017, the annual live-fire cyber defense exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

DISA working on gray network pilot with combatant commands (C4ISRNET) Gray networks would allow for greater connectivity to classified networks in more austere locations.

US Air Force invites British hackers to test its defences (Computing) Only 'vetted computer specialists' from 'Five Eyes' nations invited to participate in USAF bug-bounty program

New Free Shodan Tool Roots Out RATs (Dark Reading) Shodan teams up with Recorded Future to crawl the Net for computers serving as command-and-control (C2) for remote access Trojans (RATs).

8 Considerations in Cybersecurity Risk Management (Bricata) Rigor, diversity, and process in cybersecurity risk management enable organizations to identify and prioritize the true risks in order to provide business assurance.

Cyber Attack Protection Steps for Investment Firms (The National Law Review) We are spreading awareness of an email “spear phishing” scam that has targeted investment firms recently, attempting to lure their personnel into inadvertently revealing their email accoun

Justifying Cybersecurity Investment with a Warfare Mindset (SecureWorks) Learn how healthcare organizations can find security gaps in order to create a Protection Strategy to better control these conditions and protect against future threats.

17 Measures Every Company Should Consider to Reduce the Risk of Cyber-Intrusions (JD Supra) The cars we drive to work every day run primarily on computers that collect thousands of data points. Same goes for the factory that manufactured them...

Why We Should Let Our Walls Down When It Comes to Cybersecurity (Infoblox) With digital threats growing more rampant across the country and from around the world, the idea of building “walls” for cyber defense and protection can seem appealing. But even in this age of hackers relentlessly penetrating our networks, in the information technology security industry, we know ...

Seven truths about network security (Computing) There are many misconceptions surrounding network security requirements

Why You Need Actionable Threat Intelligence - Palo Alto Networks Blog (Palo Alto Networks Blog) Agility and visibility: why you need actionable threat intelligence.

Design and Innovation

Senseless Government Rules Could Cripple the Robo-Car Revolution (WIRED) Opinion: The government is driving automotive innovation into the past.

Research and Development

Doing The Math For Better Encryption (SIGNAL Magazine) They do not necessarily match the hero stereotype, but computer scientists improving methods of generating random numbers just may save the day.

When Confidentiality and Security Collide (SIGNAL Magazine) You might think that homomorphic cryptography, obfuscation techniques and privacy concerns have nothing in common. You would be mistaken.

Academia

Pixel Academy Announces Free Event for Kids to Explore Newly Emerging STEM Technologies (ABNewswire) Reality leaves much to our imagination, and it seems the gap is now being filled up by virtual reality and other emerging technologies. Since these gadgets are new and perplexing even for adults, Pixel Academy has announced a new event called Future STEM Technology Playground. The free event for kids above seven years will be held in Cobble Hill, Brooklyn on Saturday, May 13, 2017 between 12:00-3:00 pm EDT.

Veteran Cyber Security Professional Tina Williams (TCecure, LLC) to Implement USM Cybersecurity Engagement and Innovation Activities with NCCoE (University of Maryland) The University System of Maryland in 2014 teamed with the not-for-profit MITRE company on a successful bid for the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) Federally Funded Research & Development Center (FFRDC). To facilitate the FFRDC's goals, USM has contracted with TCecure, LLC, a Maryland-based cybersecurity company, to bring on Tina Williams as the USM's Cybersecurity Academic Innovation Officer for the FFRDC.

Legislation, Policy, and Regulation

Social media firms should face fines for hate speech failures, urge UK MPs (TechCrunch) Social media giants Facebook, YouTube and Twitter have once again been accused of taking a "laissez-faire approach" to moderating hate speech content on their..

US praises China’s efforts to pressure North Korea (South China Morning Post) US National Security Adviser puts Beijing’s cooperation down to Trump’s pledge to take military action against Pyongyang

North Korea: Trump keeps options open against 'smart cookie' Kim Jong-un (Guardian) McMaster reassures South over defence costs as nuclear tensions rise, while president tells CBS: ‘Eventually, he’ll have good missiles’

Putting Hackers on Notice (SIGNAL Magazine) The deftness with which hackers access critical U.S. assets means network defense is a job for government as much as for private businesses and citizens.

Hackers Aren’t the Only Ones Defending Your Right to Federal Data (WIRED) On Thursday, two senators introduced a bill that would make it much, much harder for any administration to disappear public data.

'Cybersecurity resiliency' bill would fund states and cities (StateScoop) If passed, federal dollars funneled through the Department of Homeland Security would help state and local government agencies protect their networks from a growing barrage of attacks.

Changing cyber access on state and local levels (C4ISRNET) Receiving sensitive and sometimes classified cyber intelligence is critical to addressing the growing cyberthreats that target state and local government systems.

National Guard strengthens cyber incident response capabilities (Fifth Domain Cyber) The National Guard kicked off its premier cyber defense training exercise, also known as Cyber Shield 17, at Camp Williams, Utah, on April 23 and will continue until May 5.

Spending deal boosts funds for DHS office securing cyber infrastructure (TheHill) $1.4 billion allocated to secure civilian government networks, stop cyberattacks and foreign espionage.

DHS conducting internal cyber assessment ahead of legislative reorg (FederalNewsRadio.com) Rep. Mike McCaul (R-Texas) is getting closer to introducing a bill to create a stand-alone cybersecurity agency in DHS.

This Trump FCC Transition Official Just Made a Great Accidental Argument for Net Neutrality (Motherboard) Nice work.

Litigation, Investigation, and Law Enforcement

US Federal Court Says Net Neutrality Is Legal. Trump’s FCC Wants to Kill It Anyway (Motherboard) Activists win in US court ahead of battle to defend the internet’s open access principle.

Too little, too late? FCC wins net neutrality court case (Ars Technica) Wheeler's court win over ISPs reaffirmed, but Pai plans to overturn the rules.

()

Election hack? (SC Magazine US) It "could've been China," President Trump told an interviewer who asked about the hack into the 2016 presidential election.

Three young women arrested in London under anti-terrorism laws: police (Reuters) Three young women were arrested under anti-terrorism laws in east London on Monday in connection with a security operation in the capital last week, police said.

Security Researcher and Alleged Spam Operator to Square Off in Court in Ugly Lawsuit (BleepingComputer) River City Media, an email marketing company that was reported last month as allegedly one of the world's largest spam operators, has filed a lawsuit against the security researcher who made the revelations.

Hacker Arrested for Stealing $100 Million from Facebook and Google (eSecurity Planet) Evaldas Rimasauskas allegedly used phishing attacks to trick the companies into transferring tens of millions of dollars to accounts he controlled.

How a Woman' Fitbit Fitness Tracker Helped Solve Her Murder Case (HackRead) A man killed his wife and tried to have someone else convicted of his crime. However, the whole case was solved through Fitbit timeline.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Law Enforcement and Public Safety Technology Forum (Washington, DC, USA, May 9 - 10, 2017) For the ninth year, AFCEA Bethesda is gathering the law enforcement and public safety IT community. The Law Enforcement and Public Safety Technology Forum will bring together more than 300 executives,...

SANS Minneapolis 2017 (Minneapolis, Minnesota, USA, June 19 - 24, 2017) Get relevant, practical cybersecurity training at SANS Minneapolis 2017 (June 19-24). This event features the information needed to build crucial skills in protecting your organization from the latest...

SANSFIRE 2017 (Washington, DC, USA, July 22 - 29, 2017) Now is the time to advance your career and develop skills to better protect your organization. At SANSFIRE 2017, choose from over 45 hands-on, immersion-style security training courses taught by real-world...

SANS New York City 2017 (New York, New York, USA, August 14 - 19, 2017) Be better prepared for cyber-attacks and data breaches. At SANS New York City 2017 (August 14-19), we offer training with applicable tools and techniques for effective cybersecurity practices. Gain the...

SANS Network Security 2017 (Las Vegas, Nevada, USA, September 10 - 17, 2017) SANS is recognized around the world as the best place to develop the deep, hands-on cybersecurity skills most in need right now. SANS Network Security 2017 offers more than 45 information security courses...

Upcoming Events

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community...

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider...

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.