skip navigation

More signal. Less noise.

Daily briefing.

"Greenbug," the group associated with Shamoon attacks against Saudi enterprises, uses the remote access Trojan Ismdoor to steal credentials from its targets. Researchers at Arbor Networks say they've found that Greenbug has moved away from http-based command-and-control, and that it now cloaks its communication with Ismdoor in DNS TXT record queries and responses.

Don't use the Super Free Music Player app from Google's PlayStore: it's malware.

Fraudulent SIM swaps enable criminals to take over your phone's identity (and kill your phone). 

A researcher claims to have demonstrated a privilege-escalation vulnerability in demotically named VPN service HideMyAss.

Research presented at the IEEE European Symposium on Security and Privacy found that ultrasonic beaconing (a marketing tool with privacy implications) is becoming increasingly common in Android applications—some two-hundred-thirty-four current apps use it. Many of those apps are quite mainstream, and their users are typically quite unaware that the functionality is part of the package. 

TrendLabs warns of the risks inherent in industrial routers.

Concerns over fake news has spooked service providers and emboldened various national authorities to seek ways of controlling it. China plans to establish its own state-vetted Wikipedia alternative inside the Great Firewall, UK MPs want a legal review of hate speech, and Malaysia threatens WhatsApp admins with jail for spreading rumors. Facebook plans to hire three-thousand analysts to review its users' content. 

Commenting on espionage in cyberspace, security expert and entrepreneur Eugene Kaspersky observes that "everyone hacks everyone." Two accounts of US and Russian practices merit comparison and contrast.

Notes.

Today's issue includes events affecting Canada, China, Czech Republic, Iran, Democratic Peoples Republic of Korea, Republic of Korea, Malaysia, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States.

In today's podcast, we hear from our partners at Level 3 Communications as Dale Drew explains the evolution of botnets. Our guest is Craig Young from Tripwire, who reviews his research into your TV's vulnerability to hacking, so tune in, but don't touch that dial, because someone controls the horizontal, and the vertical, just like on the old "Outer Limits" (nah, just kidding).

Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.

Cyber Attacks, Threats, and Vulnerabilities

Eugene Kaspersky on cyber-espionage: 'The reality is that everyone hacks everyone' (International Business Times UK) "In cyberspace it's much easier to manipulate someone's opinion," says Russian tech pioneer.

Hack Job (Foreign Affairs) The United States has been waging digital warfare for over a quarter century now. But in the future it must use its cyberpower more cautiously. If a cyberwar spun out of control, the United States would have the most to lose.

Russia’s armed forces on the information war front (Ośrodek Studiów Wschodnich) The current militarisation of the public space in Russia is the result of a long process. Since 2000, the so-called information threats have been the subject of widely publicised strategies justifying the military’s information policy and its tasks related to information warfare. Those tasks have not been limited to domestic projects; Russia’s ambition is to act regionally and globally, and is building a common Eurasian information space. The country has put forward drafts of international conventions and codes of conduct concerning the international information space, thus demonstrating its own vision and asserting its right to co-decide on matters of global security.

Shamoon Collaborator Greenbug Adopts New Communication Tool (Threatpost) New clues surface on Shamoon’s ability steal credentials ahead of attacks.

Super Free Music Player in Google Play is malware: a technical analysis (Naked Security) Listening to tunes via Super Free Music Player on your Android phone? If so, get rid of it: it’s malware, and here’s what we’ve learned about it

Powershelling with exploits (SANS Internet Storm Center) It should be no surprise to our regular readers how powerful PowerShell (pun intended) really is. In last couple of years, it has become the main weapon of not only white hat penetration testing, but also various attackers.

Fraudsters draining accounts with ‘SIM swaps’ – what to do (Naked Security) If crooks can get a new SIM issued in your name, they take over your phone number and your text messages… and your phone goes dead.

More and more apps equipped with ultrasonic tracking capability (Help Net Security) Researchers have found 234 Android applications that are constantly listening for ultrasonic beacons in the background, without the users' knowledge.

Hundreds of Apps Can Listen for Marketing ‘Beacons’ You Can’t Hear (WIRED) So-called ultrasonic beacons are becoming even more popular with marketers. Here's how to shut them out.

HideMyAss! privilege escalation flaws exposed (ZDNet) The researcher on the case says the VPN provider will not be fixing them.

Watch Hackers Sabotage an Industrial Robot Arm (WIRED) Researchers were able to take control of a 220-pound robotic arm to damage the products it manufactures---or the person that operates it.

Researchers Hack Industrial Robot (Dark Reading) New research finds more than 80,000 industrial routers exposed on the public Internet.

Compromising Industrial Robots: The Fallacy of Industrial Routers in the Industry 4.0 Ecosystem (TrendLabs Security Intelligence Blog) The increased connectivity of computer and robot systems in the industry 4.0. ecosystem, is, and will be exposing robots to cyber attacks in the future. Indeed, industrial robots—originally conceived to be isolated—have evolved, and are now exposed to corporate networks and the internet.

Breach at Sabre Corp.’s Hospitality Unit (KrebsOnSecurity) Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.

Netflix declines to pay Orange is the New Black ransom to hacker (Naked Security) It’s never great when a company has a data breach and IP is stolen – but perhaps this one isn’t so bad for Netflix after all

Report: Average ransomware demand now over $1,000 (CSO Online) The average amount of a ransomware demand has increased from $294 in 2015 to $1,077 last year, according to a new report by Symantec.

Insecure security – do you trust your cameras? (Fos 13 Salt Lake City) Security cameras aren't just for banks and museums anymore, millions of people peek at their property while they're away - catching criminals in the act; trespassers, burglars and porch pirates.

Criminals turning to fraudulent gift cards (CSO Online) As retailers and other businesses increase security measures to prevent the use of gift cards purchased with stolen credit card numbers, cyber criminals have been focusing on fraudulent gift cards, according to a report released this morning.

ATMs have become an attractive site of attack from cyber criminals globally: Aleks Gostev, Kaspersky Labs (The Economic Times) Aleks Gostev, the chief security expert at Kaspersky Labs explains the looming threat on the Indian banking system and what should be done to prevent a major financial loss.

California Auto Loan Firm Spills Customer Data (BankInfo Security) Make sure your Amazon S3 buckets have no holes. A California vehicle financing company has learned the hard way after exposing up to 1 million records online

Researchers Find 300+ Fake UK Banking Sites (Infosecurity Magazine) Researchers Find 300+ Fake UK Banking Sites. Cybersquatting domains often used for phishing, warns DomainTools

As Phishing Attacks Continue to Scam Shoppers, DomainTools’ PhishEye Data Showcases Most Spoofed Retail Websites (SAT PR News) Research reveals many top US retail brands are targeted by phishing emails and false websites

Security Patches, Mitigations, and Software Updates

Critical Android security patches released – but will your phone ever see them? (HOTforSecurity) Google has released new security patches for its Android operating system this week, tackling a wide array of vulnerabilities that could be exploited by malicious attackers. The most critical of the patched vulnerabilities address security flaws in its troubled...

Xen hypervisor faces third highly critical VM escape bug in 10 months (CSO Online) The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer between them.

GE patches flaws allowing attackers to ‘disconnect power grid at will’ (Naked Security) Patches come in response to notification of a talk at Black Hat discussing how hackers ‘broke the homebrew encryption algorithm

Cyber Trends

Simple exploits have a big impact in cyber crime (FCW) Cyber attackers are leveraging cloud, email and off-the-shelf tools to open more attack windows, according to a new security study.

The False Binary of IoT and Traditional Cyber Security (Security Week) There’s a new challenge in cyber defense and it’s coming from everyday objects that increasingly surround us — the Internet of Things (IoT). From coffee machines and fridges to virtual assistants and video cameras, consumers are embracing a new wave of connected devices. But they seldom consider the host of unforeseen vulnerabilities that come with them.

Watch out IT admins: you're a hacker's new target (iTnews) Why attackers are changing their focus.

Schools among the most sought after cyber targets: ESET report (SC Magazine) When it comes to finding a one-stop shopping experience for a cybercriminal it's hard to find a better target than an educational institution.

Healthcare Breaches Hit All-Time High in 2016 (Dark Reading) More than 300 healthcare businesses reported data breaches in 2016, but a drop in leaked records put fewer Americans at risk.

UK Office Workers ‘Too Trusting’ of Email Attachments (Infosecurity Magazine) UK businesses expose themselves to hackers and zero-day attacks by failing to implement good email security practices

UK not a frontrunner in staff cyber security awareness (Acumin Recruitment, London) A recent study revealed that the UK ranked ninth in the Barclays’ Digital Development Index, behind such countries as South Africa, China, and Brazil.

In the UAE, one in 136 emails is malicious: research (Arabian Business) The country's cybercrime threat ranking has improved in the past two years, says Symantec report

Marketplace

Cybersecurity business continues to solidify at U.S. military contracting giants (Cyberscoop) While stocks and profits at the biggest U.S. military contractors are driving up across the board under the saber-rattling of President Donald Trump, first-quarter financial results for industry giants like Lockheed Martin, Raytheon and Northrop Grumman show that cybersecurity is a growing if still relatively small part of their businesses.

Forcepoint Data Loss Prevention Solutions Drive Strong Business Momentum (Yahoo! Finance) Global cybersecurity leader Forcepoint today announced strong data protection momentum driven by enterprise customers adopting centrally managed data loss prevention ...

Cyber security firm FireEye posts surprise rise in revenue (Reuters) Cyber security firm FireEye Inc reported a surprise 3.4 percent rise in quarterly revenue, helped by strength in its product subscription and services business.

It's Time to Forgive FireEye Inc (FEYE) Stock (InvestorPlace) FireEye (FEYE) has consistently lagged other cybersecurity stocks, but financial discipline and rising global demand should boost FEYE stock.

3 Reasons HP Inc. is a Better Value Stock than Hewlett Packard Enterprise (The Motley Fool) HP’s stronger core markets, better growth figures, and simpler business model all make it a better value play than its enterprise counterpart.

BC Partners and Medina Capital Announce Launch of Cyxtera Technologies (PRNewswire) New Venture Begins Operations Following Completion of Transaction that Combines CenturyLink's Data Centers and...

CACI Awarded $349 Million in Previously Unannounced Classified National Security Contracts (Businesswire) CACI International Inc (NYSE: CACI) announced today that it has been awarded $349 million in previously unannounced awards on classified contracts wit

General Dynamics to Provide IT, Cyber Support to Naval Meteorology & Oceanography Command - GovCon Wire (GovCon Wire) A General Dynamics (NYSE: GD) business unit will provide cybersecurity

Thales joins Industrial Internet Consortium (Thales) Thales’s e-Security business to contribute well-established cryptographic expertise to IIoT security activities

Sophos Teases Launch Of Cloud Security Partner Program, Certifications, Competitive Hotline (CRN) On the heels of strong partner growth, Sophos says it will be rolling out a new cloud security provider partner program, training certifications, channel community, and competitive hotline.

Thycotic Accelerates New Customer Acquisitions through Global Channel Enablement (PRNewswire) Thycotic, provider of privileged account management (PAM) solutions for more...

LogRhythm Announces Technology Alliance Partner (TAP) Program Designed to Facilitate Deeper Engagements with Key Technology Integration Partners and Deliver Greater Protection Across the Full Threat Lifecycle (Yahoo! Finance) LogRhythm, The Security Intelligence Company, today announced the launch of its new Technology Alliance Partner Program. The program is designed to foster interoperability to deliver a more complete security solution for customers, and build awareness around the value of robust technology integrations

Verint Welcomes 2017 Customer Advisory Board (Businesswire) Verint® Systems Inc. (Nasdaq: VRNT) today announced and welcomed the member organizations that comprise its 2017 Americas Customer Advisory Board.

Endace hires new VP Product Management to drive growth of partner program (Channel Life) Cary Wright will be joining the provider of high speed network recording and network history playback with the aim to drive channel growth.

Fidelis Cybersecurity appoints security executive Jason Clark to board of directors (CSO Online) Clark is expected to bring insight into the needs of CISOs.

EY Announces ThreatConnect's CEO Adam Vincent Entrepreneur Of The Year® 2017 Mid-Atlantic Award finalist (ITBriefing.net) EY today announced that Adam Vincent, CEO of ThreatConnect, provider of the industry's only extensible, intelligence-driven security platform, is a finalist for the Entrepreneur Of The Year® 2017 Award in the Mid-Atlantic region. The awards program, which is celebrating its 31st year, recognizes entrepreneurs who are excelling in areas such as innovation, financial performance and personal commitment to their businesses and communities. Vincent was selected as a finalist by a panel of independent judges.

Products, Services, and Solutions

Blue Cedar Redefines Enterprise Mobility Management (Yahoo! Finance) Blue Cedar today redefined enterprise mobility management with a new release of its highly acclaimed mobile security platform, which can extend or completely replace traditional EMM solutions to provide secure mobile data access for all enterprise mobile end users, employees, external partners and customers

Verizon releases software-defined perimeter security service (The Stack) Verizon has launched a new software-defined perimeter solution to allow customers to build a virtual boundary around their network.

Verizon launches Software-Defined Perimeter service to help enterprises proactively prevent cyberattacks (Yahoo! Finance) Verizon Enterprise Solutions has launched a new Software-Defined Perimeter (SDP) service that enables enterprise customers to proactively identify and block cyberattacks ...

Kensington VeriMark Fingerprint Key, Now Generally Available, Offers Best-inClass Cyber Security (Kensington) World’s first fingerprint security key to support both Windows Hello and Fast IDentity online universal second factor authentication to protect against unauthorized access on compromised devices

Palo Alto Networks Expands the Preventive Strengths of Its Traps Advanced Endpoint Protection Offering (PRNewswire) Palo Alto Networks® (NYSE: PANW), the next-generation security...

Shodan search engine starts unmasking malware command-and-control servers (CSO Online) There's now a new tool that could allow researchers and companies to quickly block communications between some malware families and their constantly changing command-and-control servers.

Shodan and Recorded Future Release Malware Hunter (Yahoo! Finance) Recorded Future, the threat intelligence company, and internet search engine Shodan announced today a specialized crawler for security researchers that explores the internet to find computers acting as remote access trojan (RAT) command and control centers. The crawler

Malware Hunter — Shodan's new tool to find Malware C&C Servers (The Hacker News) Shodan launches Malware Hunter search crawler designed for finding botnet command and control (C&C) servers

TrapX Integrates with ForeScout to Contain Active Attackers Inside the Network Perimeter (Marketwired) The combined solution leverages TrapX's deception technology and ForeScout's agentless visibility and control capabilities to detect, divert, quarantine and proactively mitigate advanced threats

Distrix Networks Returns to IoT World Following Innovation of Things Award Win and Successful Year of New Partnerships (PRNewswire) Industrial Internet of Things (IIoT) networking software company, Distrix Networks, will be returning to the IoT World Show in Santa Clara May 16-18, 2017 to share insights and learnings after a year of successful partnerships following their 2016

PasswordPing Releases Free Compromised Password Tool in Honor of World Password Day (PRNewswire) In honor of World Password Day 2017, PasswordPing Ltd. is proud to launch...

KnowBe4 Releases Weak Password Test Tool (Benzinga) New weak password test tool allows IT managers to check active directory for multiple password-related vulnerabilities caused by users

Fox Technologies Launches Release 7.1 of Its Privileged Access Management Solution, Designed to Meet the Operational Challenges for Accelerated Deployments of Enterprise Linux (PRNewswire) Fox Technologies, Inc, a leader in Linux security solutions, today...

Leveraging ThreatQ and AutoFocus to Combat Ransomware (ThreatQuotient) In this post, we will look at “AutoFocus,” which gives access to Palo Alto’s Wildfire data and, when used with ThreatQ, allows you to more effectively and efficiently combat ransomware.

Nominum Offers Analysis of 15.3 Trillion DNS Records to Explain Rapid Growth and Evolution of Cybercrime in New Spring 2017 Security Report (Marketwired) DNS security pioneer's unique position in service provider networks combined with cybersecurity expertise and proprietary data science methods bring deep understanding of cyberthreat landscape

National Police Board of Finland and Gemalto win leading industry award for new ePassports and eID cards (NASDAQ.com) Sophisticated fraud prevention features combined with striking design concepts

Yikes! Antivirus Software Fails Basic Security Tests (Tom's Guide) Your antivirus software may be more vulnerable to attack than the files it's meant to protect, a recent evaluation suggests.

Technologies, Techniques, and Standards

GDPR requirements: Five high-priority actions (Help Net Security) The European General Data Protection Regulation (GDPR) will have a global impact when it goes into effect on May 25, 2018. Gartner predicts that by the end

Making sense of cybersecurity qualifications (CSO Online) Organizations push for equitable and transparent credentials. Several credentialing initiatives are in the works to make cybersecurity credentials easier to understand and classify according to their value.

Crypto-economist Jon Matonis pushes for actual bitcoin protocol status quo (CalvinAyre) The battle to reshape to existing landscape of bitcoin protocol influencers has gained a new ally—leading bitcoin researcher Jon Matonis.

How organizations can protect against new CERBER variations (Trend Micro: Simply Security) It will be important to understand how to protect against new CERBER strains and what is being done to close current vulnerabilities.

7 Steps to Fight Ransomware (Dark Reading) Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.

Beyond the Backup: Defending Against Ransomware (eSecurity Planet) When you're hit by a ransomware attack, it's tempting to think that just restoring from backup can make the problem go away -- but according to DataGravity CEO Paula Long, it's not necessarily that simple.

Do Indicators of Compromise Matter? The Devil is in the Details (Security Week) Instead of discounting indicators of compromise, it’s time to use them more effectively

False positives still cause threat alert fatigue (CSO Online) How you set up and prioritize which alerts to look at and act on is the basis for an effective threat management strategy.

Getting Threat Intelligence Right (Dark Reading) Are you thinking of implementing or expanding a threat intelligence program? These guidelines will help you succeed.

Humans wanted: No such thing as 100% automated threat intelligence, says panel (SC Magazine US) Automation, machine learning and artificial intelligence continue to play a growing role in detecting and diagnosing network threats based on traffic analy

Design and Innovation

Facebook to add 3,000 to team reviewing posts with hate speech, crimes, and other harming posts (TechCrunch) A week after news broke of multiple videos of suicides posted on Facebook remaining on the site for hours, the company has announced a new plan to add..

Userfeeds aims to stop fake news by linking the blockchain to social content (TechCrunch) Userfeeds is a new startup which has a platform which applies blockchain tokens to news discovery. The idea is to combat so-called "fake news" by providing an..

Microsoft’s new head of research has spent his career building powerful AI—and making sure it’s safe (Quartz) Eric Horvitz has been working to make machines self aware for 30 years.

Legislation, Policy, and Regulation

China taking on Wikipedia with online encyclopaedia (South China Morning Post) More than 20,000 scholars involved in country’s biggest publication project

Social media companies "shamefully far" from tackling illegal and dangerous content - News from Parliament (UK Parliament) Home Affairs Committee publishes report on hate crime, criticising biggest and richest social media companies

White House Creates IT Council (SIGNAL Magazine) The White House has created a council charged with tackling federal information technology services.

NSA Commends Navy Task Force Cyber Awakening (DVIDS) The National Security Agency (NSA) recognized the Navy's Task Force Cyber Awakening (TFCA) for its achievements in the realm of national information systems security and defensive information operations, April 6.

Litigation, Investigation, and Law Enforcement

N. Korea Behind 2016 Cyber Attack Against Cyber Command (KBS World Radio) Anchor: Prosecutors have concluded an investigation into the 2016 hacking of the nation's military cyber command, finding that North Korea was behind the attack. A few dozen military officials are now facing punishment for failing to prevent the cyber security breach.

FBI Director Comey, NSA Director Rogers will testify about Russia on Thursday (Newsweek) The hearing on Thursday will be the first since March 20, when Comey confirmed the FBI’s investigation into Russia’s election tampering and possible collusion with Trump associates.

How cybersleuths decided Russia was behind US election hack (CNET) Digital clues led security pros to agencies in Putin's government. It's as close as we'll ever get to proof that Russia did it.

Report: Government officials 'unmasked' more than 1,900 Americans swept up in foreign surveillance (PBS NewsHour) The report showed that even under the new law, the NSA still collected more than 151 million records about Americans' phone calls last year.

Reined-In N.S.A. Still Collected 151 Million Phone Records in ’16 (New York Times) A system created in 2015 to end the bulk collection of calling records took in a large amount of data, but a fraction of what the N.S.A. once gathered, a report shows.

US sought names of 1,934 Americans in intelligence reports (WRCB) Government officials requested to know the identities of more than 1,900 Americans whose information was swept up in National Security Agency surveillance programs last year, according to an...

Statistical Transparency Report Regarding the Use of National Security Authorities for Calendar Year 2016 (IC on the Record) In June 2014, the Director of National Intelligence (DNI) began releasing statistics relating to the use of critical national security authorities, including the Foreign Intelligence Surveillance Act (FISA), in an annual report called the Statistical Transparency Report Regarding Use of National Security Authorities (hereafter the Annual Statistical Transparency Report). Subsequent Annual Statistical Transparency Reports were released in 2015 and 2016.

From Czechia with Love (RealClearDefense) U.S., British and German intelligence have confirmed that Putin’s spies have been hard at work trying to infiltrate Trump’s team. After the FBI had busted a Russian spy ring in New York, media...

Briton who promoted Islamic State with special cufflinks jailed for eight years (Reuters) A British man who stored material about missile systems on data sticks disguised as cufflinks and created an extensive online manual for members of Islamic State was sentenced to eight years' jail on Tuesday.

Policing cybercrime: a national threat (Information Age) How is law enforcement addressing the increasing problem of cybercrime in the UK?

Intel on 'imminent threat' drove airline electronics ban, top lawmaker says (Fox News) Strong intelligence pointing to an imminent threat drove the decision in March to ban large electronics in carry-on baggage on flights into the U.S., according to a senior House Republican.

Fox News ‘hacked Andrea Tantaros’, says lawsuit (Naked Security) Fox ‘hacked’ Tantaros’s devices to install a keylogger, claim her lawyers, and used the information they found to harass her

Clinton: FBI Letter and “Russian WikiLeaks” Cost Me Election (Infosecurity Magazine) Clinton: FBI Letter and “Russian WikiLeaks” Cost Me Election. Former frontrunner in no doubt about impact of last minute “events”

This Is How the Free Press Dies (Motherboard) Former Motherboard editor Ben Makuch has been pursued by the Canadian government since 2014 for doing his job.

Malaysia Is Threatening to Jail WhatsApp Group Admins Over Spread of Fake News (Motherboard) Message apps are the latest technology to fall under the control of Malaysia's controversial Communications and Multimedia Act.

UK Cops Can Now Remotely Disable Phones Even If No Crime Has Been Committed (Motherboard) The power relates to phones suspected of being used for drug dealing, but in some cases, a phone can be disabled even if no offense has taken place.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

Law Enforcement and Public Safety Technology Forum (Washington, DC, USA, May 9 - 10, 2017) For the ninth year, AFCEA Bethesda is gathering the law enforcement and public safety IT community. The Law Enforcement and Public Safety Technology Forum will bring together more than 300 executives,...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community...

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider...

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.