skip navigation

More signal. Less noise.

Daily briefing.

Support the CyberWire: become a Patron

We're happy to announce that we've established a Patreon site where anyone interested in supporting the CyberWire and helping us continue to provide our popular news service can sign on as a Patron today. Thanks for your consideration. And, as always, thanks for reading and listening, and we hope you'll want to become a part of the CyberWire story. 

ESET found Sednit (a.k.a. Fancy Bear, a.k.a. GRU) distributing two zero-days in phishing emails with a "Trump's Attack on Syria" theme. Microsoft patched both vulnerabilities yesterday. 

US NSA and CYBERCOM head Rogers told Congress yesterday that Russian actors penetrated French election "infrastructure," and that NSA tipped off its French counterparts that the Russians were actively targeting their election. "Infrastructure" was left vague, but most read it as referring to the now well-known penetration of En Marche! emails. Admiral Rogers urged public confrontation of Russia over its cyber activities.

Observers believe the Russian services are turning their principal attention to September's German federal elections, pursuing a long-term goal of EU disruption. 

NSA Director Rogers also outlined (for Senator McCain) a worst-case cyberattack:  "outright destructive attacks focused on some aspects of critical infrastructure" and data manipulation "on a massive scale".

Wandera reports a dramatic rise of SLocker Android ransomware variants (and infections) over the last six months.

Check Point says a flaw in Android 6.0.0 (Marshmallow) permissions could allow malicious apps to download directly from Google Play.

In addition to the Microsoft patching mentioned above, Adobe yesterday addressed seven issues in Flash Player, and Cisco closed the Vault7 zero-day affecting various switch models.

US President Trump dismissed FBI Director Comey late yesterday over his handling of campaign-season email security investigations. Sources indicate that the FBI's need to correct the Director's inaccurate testimony before the Senate last week was the proximate cause of the firing, but that termination was likely in any case. 

Notes.

Today's issue includes events affecting Australia, Canada, China, France, Germany, Japan, Democratic Peoples Republic of Korean, Republic of Korea, Russia, Syria, United Kingdom, United States.

In today's podcast, Malek Ben Salem from our partners at Accenture Labs reviews the results of the Accenture Security Survey. Our guest, Rohit Sethi from Security Compass, discusses his company's Managing Application Security report.

Who's in Your Cloud? Gaining Visibility Into Your Network and Critical Assets (Webinar, May 11, 2017) Since cloud services are accessible from anywhere, at any time, getting visibility into your cloud activity is critical. Delta Risk experts examine the increasing importance of cloud monitoring and how it can protect your organization.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June. Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!

Cyber Attacks, Threats, and Vulnerabilities

Sednit adds two zero-day exploits using 'Trump's attack on Syria' as a decoy (WeLiveSecurity) Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.

NSA Director Confirms That Russia Really Did Hack the French Election (WIRED) NSA Director Michael Rogers provides the first US government confirmation that Russia successfully compromised elements of the French election.

US tipped France to Russian election hacking, says Cyber Command chief (Defense News) The U.S. watched as Russia “penetrated” French systems during the election runup and gave French officials “a heads up,” Adm. Mike Rogers said Tuesday.

NSA chief: US alerted France to Russian election hacking (Washington Examiner) Adm. Mike Rogers said the agency witnessed Moscow "penetrate" public infrastructure before a major dump of winning candidate Emmanuel Macron...

Putin Lost France, but He’s Still Got a Chance in Germany (The Daily Beast) The Kremlin’s chosen candidate, Marine Le Pen, failed to win the French presidency, but Germany’s election in September provides one last chance to disintegrate the European Union.

NSA director describes worst case scenario cyber attack for U.S. (Washington Post) At a Senate Armed Services Committee hearing May 9, Cyber Command and National Security Agency chief Adm. Michael S. Rogers responded to Sen. John McCain's question about the worst and best case scenarios for the future of cyber.

NSA chief: This is what a worst-case cyberattack scenario looks like (ZDNet) Cyber chief outlines the three main features of a serious cyberattack.

Russian espionage, hackers exploited Microsoft Office flaw: report (TheHill) The trio was uncovered by the security firm FireEye.

EPS Processing Zero-Days Exploited by Multiple Threat Actors (FireEye) FireEye recently identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild.

Information Warfare: Acceptable Islamic Porn (Strategy Page) Recently the eighth edition of an online magazine for ISIL (Islamic State in Iraq and the Levant) fans in the West appeared. Called Rumiyah, it first showed up in September 2016 and has appeared about once a month ever since. Rumiyah was designed for those in the West interested in ISIL style mayhem and especially “lone wolf “attacks.

China cries 'fake news' in reaction to report about U.S. Navy chief Harris (The Japan Times) China's Foreign Ministry has labeled as "fake news and not worth refuting" a report that Beijing urged Washington to fire the top U.S. naval commander in t

Android App Permission in Google Play Contains Security Flaw (Dark Reading) Android's app permission mechanisms could allow malicious apps in Google Play to download directly onto the device.

Downloading Chrome for Android? Be careful – we’ve found an evil twin (Naked Security) Techniques used to poison a version of the Android Chrome browser with Andr/SandRat-C, Andr/Rootnik-AH are finding their way into other apps – and into the Play Store

Defeating Magento security mechanisms: Attacks used in the real world (Help Net Security) Magento security is always under the microscope. Here are examples of attacks that combine common vulnerabilities with faulty Magento security mechanisms.

A Vicious Microsoft Bug Left a Billion PCs Exposed (WIRED) A newly fixed flaw in Microsoft's malware protection could have been bad news for a whole lot of PCs.

Google found over 1,000 bugs in 47 open source projects (Help Net Security) Google has unearthed over 1,000 bugs in 47 open source software projects, and it's now ready to escalate its fuzzing open source efforts.

SLocker Ransomware Variants Surge (Dark Reading) SLocker, one of the top 20 Android malware families, has seen a six-fold increase in the number of new versions over the past six months.

Infoblox On DDoS Attack On FCC Site (Information Security Buzz) Following the news that the FCC site was subject to a DDoS attack last night, Dr Malcolm Murphy, Technology Director at Infoblox commented below. Dr Malcolm Murphy, Technology Director at Infoblox:  “We’re increasingly seeing cyberattacks used with political intent: from the release of emails from newly elected French President Macron’s party just two days before voters went …

Hacked Industrial Robots Destroy Business (LinkedIn) No, this isn’t the title of a B movie or a sci-fi thriller for teens.

Dating site users spammed with smut after ‘third-party’ data leak (Naked Security) The publisher’s blaming a third-party contractor and “human error.”

Primary Care Services investigating cyber-attack (WHBQ) Primary Care Services is investigating a cyber-attack that happened in February.

Security Patches, Mitigations, and Software Updates

Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies (CSO Online) Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including three flaws that have already been exploited in targeted attacks by cyberespionage groups.

Microsoft May Patch Tuesday faces down three zero-day exploits, but is it too little, too late? (Computing) Russian hackers swarm all over bugs as company plugs gaps long after the event

Microsoft admins: Update your systems now to prevent "crazy bad" zero-day bug exploits (TechRepublic) Two members of Google's Project Zero discovered a serious exploit over the weekend. It's so bad it can take over a system just by sending an email-no opening or reading necessary.

Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models (Ars Technica) Fix neutralizes attack code that was put into the wild in early March.

Adobe Patches Seven Security Flaws Affecting Flash Player (BleepingComputer) Today, Adobe has released two security advisories affecting two of its products, Adobe Flash Player and Adobe Experience Manager Forms, the latter being an application part of the Adobe Marketing Cloud service for, a collection of integrated online marketing and Web analytics products.

The Long Tail of the Intel AMT Flaw (Dark Reading) Organizations impacted by easily exploitable privilege escalation vulnerability may need time to apply firmware patches, analysts say.

Cyber Trends

Corporate finance employees at fault for rising data losses (IBS Intelligence) Verizon’s research shows that a great number of data breaches are a result of poor utilisation of the security measures.

Verizon Eyes Human Tactics In Enterprise Crime (PYMNTS.com) The bad news keeps on coming for businesses facing cyberattacks. The FBI released new data last week warning businesses that the business email compromise scam has led to an uptick in wire fraud. The scam resulted in $5.3 billion in attempted fraud between October 2013 and 2016. Previous data from the FBI found that between October […]

Warning – Finding Casandras to Stop Catastrophes – can this book help get management onboard (Control Global) Hopefully, the book Warning- Finding Casandras to Stop Catastrophes can reach the appropriate decision makers to help move the needle on cyber securing the control systems in our commercial and industrial infrastructures.

Is remote access technology leaving you vulnerable? (Help Net Security) Despite rising awareness of the threats posed by users with privileged access permissions, most still allow remote access technology in their organizations.

Cybercriminals Are Winning: Even Security Professionals Admit to Paying Ransom and Bypassing Corporate Security (MarketWired) Cybercriminals Are Winning: Even Security Professionals Admit to Paying Ransom and Bypassing Corporate Security

Shining a Light on Security's Grey Areas: Process, People, Technology (Dark Reading) The changing distributed and mobile business landscape brings with it new security and privacy risks. Here's how to meet the challenge.

In 5 years AI may replace pros in tasks within medicine, law and IT (Help Net Security) Gartner predicts that by 2022, smart machines and robots may replace highly trained professionals in tasks within medicine, law and IT.

Cyber attacks on Canadian companies starting to 'explode', says president of cybersecurity firm (Financial Post) Canadian companies are facing an increasing number of cyber attacks, says Travis Reese, president of FireEye Inc. — and for him, that’s an opportunity

Marketplace

Fortinet Announces Investment in UBIqube to Bolster Cybersecurity Automation across Multi-Vendor Environments - NASDAQ.com (NASDAQ.com) Further illustrates Fortinet's commitment to drive security innovation for virtualized network functions and software-defined networks

Mobileye acquisition to start Israeli auto-tech boom (Globes) Intel could make more acquisitions in Israel, and Check Point and the defense industries are also interested in the sector.

SAP co-founder's VC firm leads $15M investment in Vera (Help Net Security) Vera announced a $15 million strategic investment led by HP-Ventures, the venture capital firm founded by of SAP Chairman, Hasso Plattner.

https://www.automationworld.com/article/industry-type/all/deloitte-and-dragos-partner-industrial-cybersecurity (Automation World) The industrial control system cybersecurity space continues to attract new investments, partnerships and companies.

TalkTalk posts further revenue decline in 2017, but claims subscriber numbers grew in fourth quarter (Computing) Cut-price contracts have started to lure back residential customers to TalkTalk

Better Buy: Palo Alto Networks, Inc. vs. Check Point Software (The Motley Fool) The data security peers are taking decidedly different approaches to their businesses.

Top DRaaS companies to watch (CSO Online) Forrester Research recently released its report naming Sungard AS, Bluelock, IBM, and iland as the top disaster recovery-as-a-service companies. See its reasoning why.

Federal Cyber Pros Surveyed in Largest Known Workforce Study to Date Identify Keys to Attracting and Retaining Talent (PRNewswire) According to the Center for Cyber Safety and Education™ Global...

Cyber Security Will Generate £60m In Salaries In Northern Ireland (Silicon UK) Cyber security looks to be a strong career choice in Northern Ireland, as the sector is on course to generate £60 million in salaries per annum.

Avast joins watchdog ranks as No More Ransom partner (Security Brief) Avast is one of the latest security providers to join the No More Ransom campaign, alongside law enforcement agencies and the private security sector.

Cavirin Wins 2017 TiE50 Award for Its Innovation in Cloud Security (BusinessWire) Cavirin Systems is the recipient of the 2017 TiE50 award. This award was preceded by another recognition for the company’s cloud security vision

Infoblox Hires Polycom Vet as Channel Chief (Channel Partners) Chris Jones, Infoblox’s new vice president of worldwide partners, plans to launch an expanded global partner program later this year.

Lawrence Jones appoints MD for security firm Secarma (CRN) Paul Harris rejoins Jones following spell as marketing director at UKFast earlier in his career

CyberArk Appoints Marianne Budnik as Chief Marketing Officer (BusinessWire) CyberArk (NASDAQ: CYBR) today announced the appointment of Marianne Budnik as chief marketing officer (CMO).

Malwarebytes Appoints Raj Mallempati as Senior Vice President of Marketing and Elena Verna as Senior Vice President of Growth (BusinessWire) Malwarebytes announced today a strategic expansion to its marketing department.

Products, Services, and Solutions

LifeJourney™ Releases Cyber University Product (PRWeb) CyberU enables community colleges and universities to rapidly increase their enrollment in cyber programs.

Comodo launches free enterprise threat analysis (BetaNews) Data breaches not only cost businesses money in the short term, they can cause long term reputational damage as stolen details turn up for sale in dark corners of the internet.

Radware Attack Mitigation Solutions Help e-Commerce Company Manutan to Ensure Uninterrupted Service to Its Customers - NASDAQ.com (NASDAQ.com) Radware® (NASDAQ:RDWR), a leading provider of cyber security and application delivery solutions, today announced that French-based Manutan, a subsidiary of The Manutan Group, uses Radware's Attack Mitigation Solution (AMS) to ensure high-availability of its IT infrastructure.

Verizon Readies Its Universal CPE (Light Reading) The Universal CPE, driven by OpenStack and off-the-shelf hardware, should help Verizon deliver virtual services straight to the enterprise.

Gemalto and Veridos Strengthen Citizen Identity Security with eID Cards for Macao SAR Government (CSO) Gemalto, the world leader in digital security, is partnering with Veridos, a German company specializing in Identity Solutions, to supply contactless electronic identity cards to the Macao Special Administrative Region Government.

Inphi safeguards its Intellectual Property with Darktrace (Cambridge Network) News from Cambridge businesses. Network members upload news here about their products, services and achievements.

Fortinet : Edward Jones Selects Fortinet to Deliver High-Performance Network Access at Scale to its Data Center and Branch Office Networks Across North America (4Traders) Chris Boedges, chief technology officer, Edward Jones It is critical that our branches have responsive, reliable network access to serve our clients. By partnering with Fortinet, we were able to deploy a network architecture to help us improve the delivery of our data with high-performance, more bandwidth and improved redundancy.

The Watchlist: Collaborating to Build Better Adversary Dossiers Faster (ThreatQuotient) Have you ever wanted to be alerted about new information related to the TTP of an adversary? Well now that’s possible!

Harland Clarke and LockPath to Launch Valuable Risk Management and Compliance Solution (BusinessWire) Harland Clarke and LockPath align to launch governance, risk and compliance solution, GRC Spotlight, a comprehensive platform for FIs to manage today'

Westcon-Comstor Bolsters Network Portfolio with Infoblox Infrastructure Protection Solutions (Infoblox) Infoblox, Inc. a network management and control vendor, has made its award-winning network infrastructure protection solutions available to Westcon-Comstor in order to strengthen its reach with channel partners across North America. The addition of Infoblox’s core network services (including DNS, DHCP and IP address management offerings) and secure DNS solutions to Westcon-Comstor’s Security Solutions Practice …

Trying to Find the Can’t Miss Gift for that Special Someone? Check-out Kensington’s 2017 Dads & Grads Gift List (Kesington) Topping this Year’s Roster: Kensington’s New Pro Fit Low Profile Wireless Desktop Set – Ensures Clutterfree, Secure Work Space

Technologies, Techniques, and Standards

Opinion: Some thoughts about Gizmodo's Phishing story (CSO Online) On Tuesday, Gizmodo published a story about how easy it was to get Trump Administration officials and associates to click a Phishing link. In order to do this, the Gizmodo Special Projects Desk developed a fake Google Docs email, complete with a false sign-in page. But did they go too far?

Gizmodo security test proves everyone (even team Trump) can get phished (Graham Cluley) Gizmodo's "security preparedness test" that targeted members of the Trump administration illustrates how everyone and anyone can fall for a phish.

SSA.GOV To Require Stronger Authentication (KrebsOnSecurity) The U.S. Social Security Administration will soon require Americans to use stronger authentication when accessing their accounts at ssa.gov. As part of the change, SSA will require all users to enter a username and password in addition to a one-time security code sent their email or phone. In this post, we’ll parse this a bit more and look at some additional security options for SSA users.

SAFECode Unveils Software Best Practices for Threat Modeling and Third Party Components White Papers (BusinessWire) SAFECode Unveils Software Best Practices for Threat Modeling and Third Party Components White Papers

Prevent SQL injection vulnerabilities in PHP applications and fix them (Acunetix) SQL injection (SQLi) refers to an injection attack wherein an attacker can execute arbitrary SQL statements by tricking a web application in processing an attacker’s input as part of an SQL statement. This post will focus on how to prevent SQL injection vulnerabilities within PHP applications and fix them.

How a threat intelligence platform can anticipate future attacks (TechTarget) If your organization is considering using a threat intelligence platform to delve into the possible risks it faces, it is important to understand the strengths and limits of this type of technology.

How to protect your Google and Facebook accounts with a security key (CSO Online) Security keys offer a more secure alternative to code-based two-factor authentication.

Game of Thrones actress reveals cast forced to embrace two-step verification, and so should you (Graham Cluley) Two-step verification makes it much harder for hackers to break their way into email accounts.

Public Wi-Fi: How to Secure Your Data in 10 Minutes (TheBestVPN.com) Ever felt uneasy doing your online banking in your favorite coffee shop? Me too. Are you sure you want to hit “buy” on that chic blue and black (or was it gold and white?) dress, exposing your credit card details to cyber criminals who may be watching? Think again. I don’t blame you if every time you log …

Design and Innovation

Digital Identity Part I - Storing Sovereign Identities on the Blockchain (Crypto Insider - Bitcoin and Blockchain News) Designing a solid digital identity system may be the biggest problem of the digital age. If formalized civilization depends on identity, free civilization depends on self-sovereign identity. No identity system housed in a privately-owned computer system will be free from the whims of the parent company. Blockchain technology comes to the rescue.

Academia

CyberPatriot X Surpasses 1,000 Teams in Record-Breaking Time - EconoTimes (EconoTimes) The Air Force Association (AFA) today announced that CyberPatriot, AFA’s premier STEM education initiative, has surpassed 1,000 registered teams for the 2017-2018 CyberPatriot X...

Legislation, Policy, and Regulation

F.B.I. Director James Comey Is Fired by Trump (New York Times) President Trump abruptly terminated Mr. Comey, who was leading an investigation into whether Mr. Trump’s advisers colluded with Russia to influence the election.

Trump fires FBI Director James Comey over email investigation (NBC News) In a letter from Trump to Comey, the president said, "While I greatly appreciate you informing on three separate occasions that I am not under investigation, I nevertheless concur with the judgment of the DOJ that you are not able to effectively lead the bureau."

‘You’re terminated’: Trump sacks FBI chief in shock move (Times (London)) President Trump fired the head of the FBI last night for mishandling an investigation into Hillary Clinton’s controversial secret emails. Officials said that James Comey was dismissed for...

Comey firing: Reaction from members of Congress on FBI director’s dismissal (Washington Post) Rounding up reaction from Capitol Hill.

James Comey firing was inevitable (USA TODAY) The FBI director has long been a dead man walking.

Sessions was told to find reasons to fire Comey: reports (TheHill) President Trump’s decision Tuesday to fire FBI Director James Comey has been in the works since at least last week, according to multiple media reports.

Could Anybody Be Worse Than James Comey On Encryption? We're About to Find Out (Motherboard) A look back at former FBI Director James Comey’s years-long battle against privacy.

CYBERCOM Head Rogers: U.S. Should ‘Publicly Out’ Kremlin Cyber Attacks (USNI News) The United States needs to make it clear it is unacceptable and there is a price to pay if any adversary takes action like manipulating voter registration rolls, the head of U.S. Cyber Command told the Senate Armed Services Committee on Tuesday.

Intelligence Leaders Are Practically Begging Trump to Condemn Russian Hacking (Defense One) The president’s unwillingness to call out Moscow’s electoral meddling is doing the Kremlin a favor, one former top spy testified to lawmakers.

Cyber Command Increases Readiness to Hold Targets at Risk (U.S. Department of Defense) Amid the intensified pace of international conflict in cyberspace threats, U.S. Cyber Command continually increases its Cyber Mission Forces’ readiness, the director of the National Security Agency

McCain refocuses his Obama cyber criticisms onto Trump (TheHill) During a Senate Armed Services Committee hearing Tuesday, McCain, who routinely criticized the Obama administration for lacking a coherent cyber strategy, repeatedly chided the Trump administration for not developing its own strategy.

N. Korean officials meet U.S. experts in Oslo (Yonhap News Agency) North Korean officials began informal talks Monday with a group of American experts in Oslo, Norway, amid speculation that Washington may seek dialogue with Pyongyang, diplomatic sources said.

Summer of airport chaos likely if US devices ban is extended (The Independent) “As threats change,” says the US Transportation Security Administration (TSA), “so too will TSA’s security requirements”. Reports suggest that those requirements are about to get much tougher for European airline passengers wanting to fly to the US.  In March, the Department of Homeland Security rushed out a ban on electronic devices in hand luggage on flights from eight countries in North Africa and the Middle East. 

Condoleezza Rice: 'We have to call' out radical Islamic terrorism 'by name' (Washington Examiner) "We have to stop the ideology as well as — it is evil in our times."

U.S. Cyber Command chief briefs senators on building its acquisition authority (Inside Cybersecurity) The U.S. Cyber Command is working with Senate staff on implementing new cyber acquisition authority under National Defense Authorization Act provisions aimed at elevating the command’s role, according to Adm. Michael Rogers, commander of the agency.

DOD needs cyberwarriors so badly it may let skilled recruits skip boot camp (Ars Technica) Shortage of skilled “cyber operators” has services scrambling to find ways to recruit.

EU plans more regulation for internet giants (Computing) Web giants to be told by the EU to play fair with small businesses

Census fires DTA cyber response (InnovationsAus.com) Census fires DTA cyber response Budget 2017...

Litigation, Investigation, and Law Enforcement

James Comey’s Testimony on Huma Abedin Forwarding Emails Was Inaccurate (ProPublica) The FBI hasn’t decided how to correct the director’s false claim that she forwarded thousands of Clinton emails to the laptop computer of her husband, former Congressman Anthony Weiner.

Why James Comey had to go (New York Post) A curious belief in some circles of journalism holds that if both sides are equally unhappy with your story, you’ve done a good job. I never subscribed to that approach, and thankfully, President T…

Sally Yates: ‘We believed that Gen. Flynn was compromised’ (POLITICO) Trump's former national security adviser could have been blackmailed by the Russians, Yates tells the Senate.

Trump ax falls on FBI's Comey in midst of Russia probe (FederalNewsRadio.com) President Donald Trump abruptly fired FBI Director James Comey Tuesday, saying it was necessary to restore "public trust and confidence" in the agency.

Trump Firing Comey Won’t Slow Down the Russia Probe—Yet (WIRED) The president has fired the FBI director in charge of investigating him. But that won't slow the Russia probe.

Kamala Harris Calls For Special Prosecutor Following Comey Firing (Talking Points Memo) In the wake of the news that President Donald Trump fired FBI Director James Comey, Sen. Kamala Harris (D-CA) called...

Kaspersky Lab Says it Has ‘No Ties to Any Government’ (MSP Mentor) In an email statement to MSPmentor today, company officials said the company’s reputation is being attacked unfairly.

We are not Russian spies: Kaspersky (iTnews) Security vendor denies US allegations.

Lawyers demand answers after artist forced to unlock his phone (Naked Security) Artist who arrived home in San Francisco faced ‘unconstitutional’ demands to unlock his phone

Hackers Face $8.9 Million Fine for Law Firm Breaches (Dark Reading) A federal court orders three Chinese nationals to pay $8.9 million in fines and penalties for hacking into two law firms and using stolen confidential information to trade stocks.

Durham Constabulary to use AI to help assess risks of offending by criminal suspects (Computing) AI to help police in Durham with their custody decisions

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the...

Upcoming Events

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include:...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community...

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider...

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies...

SecureWorld Chicago (Rosemont, Illinois, USA, June 7, 2017) Join your fellow security professionals for high-quality, affordable training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn...

NYS Cyber Security Conference (Albany, New York, USA, June 7 - 8, 2017) June 2017 marks the 20th Annual New York State Cyber Security Conference and 12th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Technology's...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.