skip navigation

More signal. Less noise.

Daily briefing.

Join the CyberWire story with our new Patron program

We're pleased to remind all that it's now possible to become a CyberWire Patron. Your support will help us continue to provide our free cyber security news service, the briefings and podcasts so many have come to use and enjoy. Thanks for your consideration, and as always, thanks for reading and listening. This will be the last of our major announcements of the Patron program, but rest assured, it will always be possible to become a patron.

Romania's Ministry of Foreign Affairs is said to be among the diplomatic organizations and missions across Europe being phished by Fancy Bear (APT28, or Russia's GRU). The phishing emails spoof NATO addresses and seek to induce the unwary to download a remote-access Trojan that FireEye researchers are calling "GameFish." Romanian authorities haven't commented, but NATO, while declining to say anything about this particular episode, says it comes under attack all the time, and that spoofed emails are no novelty.

Part of the reason the hacking of En Marche! emails didn't have the kind of effect seen in the earlier attack against the US Democratic National Committee is that the hackers had less time to establish themselves, but a bigger part of the failure seems due to the Macron's campaign early and active mitigation efforts.

The US Directors of Central Intelligence and National Intelligence tell Congress that rising Russian assertiveness, activity, and influence in cyberspace are an enduring and growing threat. Senator McCain regrets that US preparations seem unequal to that threat and excoriates the current national state of readiness.

The Guardian runs a long and rather breathless account of a pro-Brexit cabal of billionaires and populists it sees as behind the vote to take the UK out of the EU. It warns that such influence could manifest itself in the UK's general elections.

WannaCry ransomware is spreading worldwide via the ShadowBrokers' dumped "Eternal Blue" tool.

Jaff ransomware, looking like Locky, is spreading by Necurs and asking for a $3700 payoff.

Notes.

Today's issue includes events affecting Canada, France, Germany, India, Japan, NATO/OTAN, Romania, Russia, United Arab Emirates, United Kingdom, United States.

In today's podcast our partners at the University of Maryland's MC2 are represented by Jonathan Katz, who talks us through HTTPS inspection tools. Our guest, Politico's Eric Geller, offers an inside-that-other-Beltway look at President Trump's cyber Executive Order.

 

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June. Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!

Dateline Washington: Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (The White House) EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

US Executive Order on Cybersecurity (with industry reactions) (The CyberWire) US President Trump yesterday signed his long-anticipated Executive Order on cyber security. Its sections address "Cybersecurity of Federal Networks," "Cybersecurity of Critical Infrastructure," and "Cybersecurity for the Nation." It's a Federal-Government-centric order whose recurring themes are IT modernization and rationalization (including more shared services and use of the cloud), an emphasis on resilience, and an assertion that henceforth agency heads will be held accountable for the security of the organizations they lead. It mandates use of the NIST Framework across the Federal Government and places a strong emphasis on implementing sound risk management practices. It also calls for increased cyber deterrent capability. We cover a selection of industry reaction to the Executive Order.

President’s Executive Order Will Strengthen Cybersecurity for Federal Networks and Critical Infrastructure (US Department of Homeland Security) The Executive Order signed by the president today, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, follows through on a key campaign promise made to the American people. It reaffirms the important role the Department of Homeland Security (DHS) plays in strengthening the security and resilience of federal networks and the nation’s critical infrastructure.

A Summary of the Cybersecurity Executive Order (Lawfare) This afternoon, President Trump signed a long-awaited executive order on cybersecurity, titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” This post will walk through the three substantive sections of the order.

Trump signs cyber EO promoting IT modernization, shared services (FederalNewsRadio.com) The much anticipated executive order refocuses agencies' cybersecurity efforts and further details the new American Technology Council’s role.

Trump signs cybersecurity order to create an 'executive branch enterprise' (Washington Examiner) The order has three major components: protecting federal networks, cybersecurity of critical infrastructure and promoting cybersecurity work...

Trump signs long-delayed executive order on cybersecurity (TechCrunch) President Trump signed a executive order today commanding a review of the United States' cybersecurity capabilities. Trump was initially set to sign the order..

Trump's cybersecurity order: Out with 'antiquated systems' (CNET) The executive order aims to improve US systems by protecting federal networks, critical infrastructure and Americans online.

Trump's cyber order pushes for modernized IT shared services (Fedscoop) President Donald Trump wants agencies to begin buying more modernized shared IT services where feasible. As part of the cybersecurity executive order released Thursday, agency heads are required to “show preference in their procurement for shared IT services,” such as email, cloud and cybersecurity services. “Effective immediately, it is the policy of the executive branch to …

'Keep America safe in cyberspace': Trump signs cybersecurity executive order (RT International) President Donald Trump has signed a long-awaited executive order designed to strengthen the cybersecurity of critical infrastructure and the federal government’s computer networks. It is the White House’s first action at defending the US against hackers.

Trump’s signed cybersecurity EO emphasizes risk management, resilience (Fifth Domain | Cyber) President Donald Trump on Thursday released the long-awaited presidential executive order on cybersecurity. The EO is similar in substance to the draft EO released last week and covered in depth by Fifth Domain.

Industry reactions to Trump's executive order on cybersecurity (Help Net Security) Here are some industry reactions to President Trump's executive order on cybersecurity, which requires reviews across agencies of the federal government.

Trump's cybersecurity executive order met with mixed reviews (ZDNet) The order asks for a full review of all cyber capabilities in an effort to strengthen federal systems, but that might be tough — if not impossible — given the timeline.

Trump Administration Cybersecurity Order Is “Plan for a Government Plan,” Not the Private Sector-Led, Actionable Agenda the Country Needs (ITIF) We are disappointed to see that this executive order is mostly a plan for the government to make a plan, not the private sector-led, actionable agenda that the country actually needs to address its most pressing cyber threats.

HITRUST Applauds the Presidential Executive Order on Cybersecurity (BusinessWire) HITRUST Applauds the Presidential Executive Order on Cybersecurity

Mixed reviews for Trump’s Executive Order on cybersecurity (CSO Online) Experts generally agree that President Trump’s cybersecurity Executive Order is well intended and a good start. But several of them have specific suggestions on how it could be improved.

Some notes on Trump's cybersecurity Executive Order (Errata Security) President Trump has finally signed an executive order on "cybersecurity" . The first draft during his first weeks in power were hilariously ...

McCain on Trump cyber order: 'We do not need more reviews' (Washington Examiner) Trump signed an executive order Thursday ordering federal agencies including the Defense Department to conduct reviews of cyber vulnerabilit...

Cyber Attacks, Threats, and Vulnerabilities

Russia-linked hackers impersonate NATO in attempt to hack Romanian government - Cyberscoop (Cyberscoop) An elite hacking group linked to the Russian government masqueraded as a NATO representative to send a barrage of phishing emails to diplomatic organizations in Europe, including Romania’s Foreign Ministry of Affairs, documents show. CyberScoop obtained a copy of one such phishing email that researchers have attributed to the hacking group, which is known as APT28 or Fancy Bear.

Macron's campaign proactive after hack, mitigated damage (SC Magazine US) Hackers' efforts against Macron didn't have the same yield as Russian attacks on the Democratic National Committee (DNC) and other Democrat-affiliated persons and organizations during the U.S. presidential election.

MacronLeaks – A Timeline of Events (Alien Vault) It's been a very familiar feeling reading about the documents leaked to impact the elections in France tomorrow.Often the best defence is to have a proper understanding of what has happened. A quick draft timeline of events from an analysis of document meta-data and forum posts is below.Attacks in March and AprilA number of domains, identified by Trend Micro as linked to a group of attackers known as APT28, were registered for use in attacks against Emmanuel Macron's campaign.It

The great British Brexit robbery: how our democracy was hijacked (Guardian) A shadowy operation involving big data, billionaire friends of Trump and the disparate forces of the Leave campaign heavily influenced the result of the EU referendum. Is our electoral process still fit for purpose?

Intelligence Officials Warn of Continued Russia Cyberthreats (New York Times) Dan Coats, the director of national intelligence, and Mike Pompeo, the C.I.A. director, offer a dire view of Russian meddling, one that differs starkly from the president.

Russia has 'upped its game' in cyberwarfare and the threat isn't going away, US intel officials say (CNBC) Russian political interference is spreading to more countries around the world, according to senior U.S. intelligence officials.

NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet (The Intercept) IBM's confidential "WindsorGreen" was detailed in documents exposed via an apparent backup drive.

PUA Operation Spreads Thousands of Explicit Apps in the Wild and on Legitimate App Stores (TrendLabs Security Intelligence Blog) One of the most popular ways to make money online is through pornography—whether through legitimate distribution or different online scams. Last year we detected a new variant of the Marcher Trojan targeting users through porn sites, and the year before that popular porn apps were used as lures to compromise millions of mobile users in...

An NSA Cyber Weapon Is Behind A Massive Global Ransomware Outbreak (Forbes) It's been a matter of weeks since a shady hacker crew called Shadow Brokers dumped a load of tools believed to belong to the National Security Agency (NSA). It now appears one NSA tool, an exploit of Microsoft Windows called EternalBlue, is being used as one method of spreading a ransomware variant called WannaCry across the world.

'Jaff' Enters the Ransomware Scene, Locky-style (Forcepoint) Forcepoint Security Labs™ have observed today a major malicious email campaign from the Necurs botnet spreading a new ransomware which appears to call itself 'Jaff', peaking within our telemetry at nearly 5m emails per hour.

Jaff Ransomware Distributed via Necurs MALSPAM and asking for a $3,700 Ransom (BleepingComputer) A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.

SLocker: Android ransomware threat returns in undetectable form (Computing) Wandera claims to have uncovered 400 variants of malware

Up to 40 percent of Android devices at risk of screen hijack exploit (CRN Australia) But Google doesn't plan to fix it until winter.

Google won’t fix Android ‘contentjacking’ flaw for months (Naked Security) Google Play is a bit like a happening nightclub: the faster you let people in, the less time you have to spend keeping troublemakers out.

Keylogger Found in Audio Driver of HP Laptops (BleepingComputer) The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

Vanilla Forums Open Source Software Vulnerable to RCE, Host Header Injection Vulnerability (Threatpost) Vanilla Forums open source software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbit…

Avast blocks the entire internet – again (Register) Now that's cast-iron antivirus

Edge Security Flaw Allows Theft of Facebook and Twitter Credentials (BleepingComputer) Argentinian security researcher Manuel Caballero has discovered another vulnerability in Microsoft's Edge browser that can be exploited to bypass a security protection feature and steal data such as passwords from other sites, or cookie files that contain sensitive information.

When Bad Guys are Pwning Bad Guys... (SANS Internet Storm Center) A few months ago, I wrote a diary about webshells[1] and the numerous interesting features they offer. They’re plenty of web shells available, there are easy to find and install. They are usually delivered as one big obfuscated (read: Base64, ROT13 encoded and gzip'd) PHP file that can be simply dropped on a compromised computer. Some of them are looking nice and professional like the RC-Shell...

DDOS attacks in Q1 2017 (Exploit This) Although the first quarter of 2017 was rather quiet compared to the previous reporting period, there were a few interesting developments. Despite the growing popularity of IoT botnets, Windows-base…

Unhappy 39th birthday, spam, and many unhappy returns (Naked Security) As computing reaches middle age, expect to see more of these kinds of anniversaries

Pro-net neutrality group skeptical of FCC cyber attack claim (TheHill) A pro-net neutrality group says the Federal Communications Commission (FCC) is hiding something in regard to the cyberattacks that brought the agency's website down this week.

Security Patches, Mitigations, and Software Updates

Latest firmware updates for Asus routers fix CSRF security flaws (CSO Online) Users of Asus RT-N and RT-AC series routers should install the latest firmware updates released for their models because they address vulnerabilities that could allow attackers to hijack router settings.

Microsoft’s New Security Update Guides Get Mixed Reviews (Threatpost) Microsoft gets a lukewarm response with its new Microsoft Security Guides that replaced Security Bulletins.

Anglophiles: Hang up your VPN; iPlayer isn’t for you anymore (Ars Technica) BBC collects IP address, location, e-mail address in fight against online cheats.

Cyber Trends

181 Third-Party Vendors Access the Average Company's Network Each Week (eSecurity Planet) And 67 percent of companies have already experienced a data breach that was either definitely or possibly linked to a third-party vendor.

Anti Public Combo List Analysis Reveals Password Habits Improving (Threatpost) Researchers take a deep dive analysis on a recently discovered database of more than 500 million username and password pairs.

Marketplace

Do you need hacker insurance? (High Tech Bridge) Touted as the next big thing by the insurance industry, cyber insurance is coming to your peers – but should you take the plunge?...

CyberArk Snaps Up Conjur for $42M to Secure Software Development | Xconomy (Xconomy) CyberArk Software said Thursday it has acquired Conjur for $42 million in cash, a tie-up that unites two cybersecurity firms with offices in the Boston are

Electromagnetics, cyber warfare systems contract awarded to Raytheon (UPI) Raytheon has been awarded a $10 million contract by the Department of Defense for high power electromagnetics systems and cyber electronic warfare systems.

SAIC Awarded $61 Million Task Order by SSC Atlantic (BusinessWire) The Space and Naval Warfare Systems Center (SSC) Atlantic awarded Science Applications International Corp. (NYSE: SAIC) a task order to perform comman

Federal Agencies Pay Cyber Security Personnel $7,000 Less Than the Private Sector (eSecurity Planet) Still, federal information security personnel say hiring and retaining qualified professionals is key to securing their infrastructure.

VMware reveals partnerships with AWS, Google, Pivotal and Dell EMC (CRN Australia) Including AWS, Google, Pivotal and Dell EMC.

Whistic Joins Cloud Security Alliance to Extend the Reach of the Consensus Assessments Initiative Questionnaire (CAIQ) | HostReview.com (HostReview.com) Whistic, a leading third-party security assessment platform, today announced that it has joined the Cloud Security Alliance (CSA), the world’s l

Darktrace the new Stevie wonders (Business Weekly) Cambridge cyber security specialist Darktrace scooped four accolades at The Stevie’s 15th Annual American Business Awards.

Products, Services, and Solutions

New infosec products of the week​: May 12, 2017 (Help Net Security) New information security products of the week include interesting releases from Bomgar, FinalCode, Seclore, Versive, and Waterfall Security.

Seclore Announces the Industry’s First Agent-less Data-Centric Security Solution (Seclore) New innovations make rights management seamless by eliminating the barriers preventing widescale adoption

Cybernance Prepares Federal Agencies for Trump’s Cybersecurity of Federal Networks Executive Order (Sys-Con Media) Cybernance Corporation, a provider of cyber risk governance technology solutions, today announced availability of the Cybernance Platform for federal agencies that must comply with President Trump’s Cybersecurity of Federal Networks executive order.

Exabeam and Crowdstrike Partner to Improve Cyber Security (Marketwired) Leaders in behavioral analytics and endpoint protection provide comprehensive protection

SageNet Deploys Cryptzone Security App to Reduce Cost of PCI Compliance (BusinessWire) Tulsa-based SageNet has leveraged an authentication gateway security app to help large, multi-site retailers better meet Payment Card Industry complia

Experian outlines the benefits of biometrics (Planet Biometrics) Credit identity firm Experian has revealed plans to offer multiple biometric security option through partnering with biometric companies on its CrossCore platform.

Shinobi Defense System Arrives in the U.S. (eSecurity Planet) Already "big in Japan," Shinobi Cyber's API and kernel-level monitoring security solution hits the states.

Tests according to the EMC Standard IEC 60601-1-2 (4th edition) for medical electrical devices (Pressebox) CETECOM is expanding its service portfolio for testing and certification of medical technology products. After a successful audit by the ZLG (Zentralstelle der Länder...

Technologies, Techniques, and Standards

What Developers Don't Know About Security Can Hurt You (Dark Reading) Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.

Understanding the human behaviour is key to enterprise security: Forcepoint (ETCIO.com) Behaviour of humans or employees in organisations is a very important aspect of enterprise security, according to Forcepoint experts

Q&A Citrix CSO: How to deal with security across multiple generations of employees (CSO Online) Citrix’s CSO Stan Black has been in the cybersecurity field for 20 years. He talks about how security has changed among employees in each generation.

Simple Ways To Make Your Twitter Safer (Panda Security Mediacenter) Anyone can fall victim to a twitter hack. What Can We Do To Keep Our Twitter Accounts Safe? Check out our Panda's tips...

Design and Innovation

FASTR Automotive Security Consortium Adds Uber Security Lead as Technical Committee Chair (BusinessWire) The FASTR consortium—Future of Automotive Security Technology Research—has added Uber security lead as technical committee chair; adds new

Good to Great: Innovation in the Industrial Base (War on the Rocks) “Thoughtless reliance on technology is a liability.” This quote did not come from a disgruntled acquisition professional in the Pentagon, but from noted au

Advantages of quantum processing shown in head-to-head race (Help Net Security) A prototype quantum processor beat a traditional, classical processor in a race to solve a puzzle, figuring out a secret combination up to 100x faster.

Creativity is overrated (TechCrunch) Today’s creative workplaces work hard to obscure the uncreative labor that makes them run. While “creativity” is presented as the panacea for our overly..

Legislation, Policy, and Regulation

How Trump’s N.S.A. Came to End a Disputed Type of Surveillance (New York Times) The move increased the risk of missing something important, but removed a privacy issue at a time when the law on which the program is based will expire unless Congress extends it.

Andrew McCabe New FBI Director And His Views On national security (ValueWalk) Until Andrew McCabe is replaced, he’s likely to have an influence on the agency’s encryption stance going forward as the deputy under comey FBI

The Real Problem With Our Government? It’s Tech-Illiterate (WIRED) Drafting sane tech policy is hard. But that's no excuse for not doing it, as Comey's tenure as FBI director proves.

The True Costs of Selling Out Our Privacy (Infosecurity Magazine) Weakened encryption standards will hurt the US where it can least afford it – in its wallet.

USCG Makes 'Significant' Move to Operationalize Cyber (SIGNAL Magazine) Technological development has transformed U.S. Coast Guard networks into warfighting platforms as the service operates in a dramatically different realm.

It’s Time For A Dedicated Military Cyber Force, Says Former NATO Commander (The Daily Caller) It is time for the U.S. defense community to consider creating a dedicated cyber force in the U.S. military, unique from the other branches, retired Adm. James Stavridis told the Senate Thursday.

Litigation, Investigation, and Law Enforcement

Acting FBI Chief Defends Ousted Comey, Vows Independent Russia Investigation (Foreign Policy) Andrew McCabe shoots down Trump’s rationale for firing Comey, and defends the agency’s "significant" Russian counterintelligence investigation before a Senate panel.

Five takeaways from FBI Director Andrew McCabe's testimony on Comey, Trump, Russia (Washington Examiner) McCabe said Trump's firing of Comey has not measurably slowed down the bureau's investigation into Russian meddling in the 2016 elections.

Why James Comey Had to Go (Wall Street Journal) The FBI head’s sense of perfect virtue led him to ignore his own enormous conflicts.

Deputy attorney general asked to brief senators after Comey firing (TheHill) Senate Majority Leader Mitch McConnell has asked him to meet with all senators.

White House’s FBI story unravels (TheHill) Key portions of the White House’s explanation of how President Trump decided to fire FBI Director James Comey came into question on Thursday, underlining a growing credibility crisis for the administration.

US intel chiefs are reviewing use of Kaspersky software (CRN Australia) Following reports of links to Kremlin.

Russian firm under FBI scrutiny offers to help any federal investigation (ABC News) A world-renowned software company -- the Moscow-based Kaspersky Lab -- says it wants to dispel security concerns about its products by helping any government probe of the company.

Kaspersky Lab Hits Back at US Spy Bosses (Infosecurity Magazine) Kaspersky Lab Hits Back at US Spy Bosses. Intelligence chiefs raise concerns over AV vendor

Release of the FISC Opinion Approving the 2016 Section 702 Certifications and Other Related Documents (IC on the Record) Today the ODNI, in consultation with the Department of Justice, is releasing three sets of Foreign Intelligence Surveillance Act (FISA) Section 702 documents in redacted form.

This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About You (Motherboard) The court found an "institutional lack of candor on NSA's part and emphasized that this is a very serious Fourth Amendment issue."

Canadian spies mobilized after Montreal airport terrorism scare (National Observer) Over 160,000 people have security clearances at Canadian airports, says Transport Canada.

IPCC Probes Claims Met Police Outsourced Email Hacking to India (Infosecurity Magazine) IPCC Probes Claims Met Police Outsourced Email Hacking to India. Whistleblower’s allegations claim police spied on journalists and activists for years

The Guy Who Saved Your iPhone From Hackers Is Stuck in a UAE Jail (Motherboard) 'Million dollar dissident' Ahmed Mansoor’s actions protected millions of iPhone users from sophisticated spyware. If you care about your privacy and security, you should be fighting for his release.

One more way to get busted on the Dark Web (Naked Security) Tor users suspected of child abuse imagery may have visited an outside file-sharing service – simply because Tor is so slow at routing traffic

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

K(no)w Identity Conference (Washington, DC, USA, May 15 - 17, 2017) To converge identity experts from across all industries in one space, to be at the nexus of ideas and policies that will fundamentally change identity around the world. Provides business leaders, privacy...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

SANS Northern Virginia - Reston 2017 (Reston, Virginia, USA, May 21 - 26, 2017) This event features comprehensive hands-on technical training from some of the best instructors in the industry and includes courses that will prepare you or your technical staff for DoD 8570 and GIAC...

Enfuse 2017 (Las Vegas, Nevada, USA, May 22 - 25, 2017) Enfuse™ is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. Enfuse offers unsurpassed networking opportunities,...

2017 Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the $100+ billion dollar cyber security industry. Attendees will explore the financial opportunities, trends, challenges,...

Citrix Synergy (Orlando, Florida, USA, May 23 - 25, 2017) Learn how to solve your IT flexibility, workforce continuity, security and networking challenges—and power your business like never before—with the workspace of the future.

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D. The agenda for 2017 will include:...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 24 - 25, 2017) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in C4I technology and systems R&D.

SECON 2017 (Jersey City, New Jersey, USA, May 25, 2017) Social engineering impacts security. (ISC)2 New Jersey Chapter is a 501(c)(3) not-for-profit charitable organization. Our chapter’s mission is to disseminate knowledge, exchange ideas, and encourage community...

Cyber Southwest (Tucson, Arizona, USA, May 27, 2017) CSW will be dedicated to furthering the discussion on cyber education and workforce development in Arizona, healthcare cybersecurity, and technical training in areas such as threat intelligence, insider...

SANS Atlanta 2017 (Atlanta, Georgia, USA, May 30 - June 4, 2017) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

Cyber Security Summit: Seattle (Seattle, Washington, USA, June 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Seattle. Receive...

SANS Houston 2017 (Houston, Texas, USA, June 5 - 10, 2017) At SANS Houston 2017, SANS offers hands-on, immersion-style security, security management, and pen testing training courses taught by real-world practitioners. The site of SANS Houston 2017, June 5-10,...

Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt (Brussels, Belgium, June 6, 2017) The Consortium for IT Software Quality is bringing the Cyber Resilience Summit to Europe, to take place on 6 June 2017 in Brussels, Belgium, the vibrant heart of political Europe and headquarters of the...

National Cyber Security Summit (Huntsville, Alabama, USA, June 6 - 8, 2017) The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation’s infrastructure from the ever-evolving cyber threat. The summit...

Infosecurity Europe 2017 (London, England, UK, June 6 - 8, 2017) Infosecurity Europe is the region's number one information security event featuring Europe's largest and most comprehensive conference programme and over 360 exhibitors showcasing the most relevant information...

Cyber 8.0 Conference (Columbia, Maryland, USA, June 7, 2017) Join the Howard County Chamber of Commerce for their 8th annual cyber conference, where they will explore innovation, funding, and growth. Participants can expect riveting discussions from cyber innovators...

2017 ICIT Forum: Rise of The Machines (Washington, DC, USA, June 7, 2017) The 2017 ICIT Forum brings together over 300 cybersecurity executives from across critical infrastructure sectors to receive the latest ICIT research from our experts, share knowledge, develop strategies...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.