skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Yesterday Adobe patched a Flash Player zero-day (CVE-2017-11292) that Kaspersky Lab discovered being exploited in the wild. The exploitation, attributed to the little-known and less-understood threat actor "Black Oasis," was installing FinFisher spyware into selected targets.

It's been revealed that a 2014 North Korean cyberattack against British production company Mammoth Screen prompted cancellation of a projected television series. The show, "Opposite Number," had a plot revolving around the imprisonment of a British nuclear scientist in the DPRK. This is the second major known hack of a media company related to Pyongyang's objections to media content. The other case, of course, is the Sony hack.

An Infineon firmware patch closes a vulnerability that could be exploited to reveal private encryption keys in a fast prime attack. A proof-of-concept uses a variant of the Coppersmith's attack ("ROCA," for "Return of Coppersmith's Attack"). 

Much advice is offered on protection from from the KRACK wi-fi vulnerability. Several vendors have issued patches to deal with the issues, but it's likely to persist for a long time, especially in the Internet-of-things.

WikiLeaks' Julian Assange has tweeted out some odd code that looks like the "insurance code" released in advance of past major leaks. 

Yesterday the US Department of Homeland Security issued Binding Operational Directive 18-01. This will require US Federal agencies to adopt DMARC security standards to increase email and web security.

The US Supreme Court has agreed to hear an appeal of a Second Circuit decision that exempted data stored abroad from US search warrants.

Notes.

Today's issue includes events affecting Afghanistan, Angola, Bahrain, Belgium, China, Germany, Indonesia, Iran, Iraq, Jordan, Democratic Peoples Republic of Korea, Libya, Netherlands, Nigeria, Russia, Saudi Arabia, Spain, Tunisia, United Kingdom, United States.

Are your needs being addressed at every stage of the cyber attack cycle?

Security organizations face numerous challenges, from increasingly large volumes of data and lack of tools and trained staff to validate intelligence, to the inability to operationalize threat intelligence. Learn how the threat intelligence-as-a-service model can strengthen and complement security postures of varying maturity levels in a webinar with Intellyx’s Principal Analyst Charles Araujo and LookingGlass’ Doug Dangremond, Senior Vice President of Threat Intelligence Services. Thursday, November 9 @ 2PM ET. Sign up now.

In today's podcast we talk with our partners at Webroot, as David DuFour gives everyone the skinny on Bluetooth vulnerabilities. Our guest, Richard Henderson from Absolute Software, offers some useful perspectives on patching in the light of the Equifax breach.

SecurityWeek’s 2017 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 23 - 26, 2017) As the largest and longest-running cyber security-focused conference for the ICS/SCADA sector, SecurityWeek’s ICS Cyber Security Conference caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

North Korean hackers hit UK TV company (BBC News) The TV series Opposite Number was cancelled following a cyber-attack in 2014.

A Closer Look at North Korea’s Internet (TrendLabs Security Intelligence Blog) This blog post summarizes our findings from studying internet traffic going in and out of North Korea. It reviews its small IP space of 1024 routable IP addresses.

Lost in Cyber Translation? U.S. Cyber Signaling to North Korea (Council on Foreign Relations) The United States wants to use cyber operations to signal its resolve against North Korea's nuclear program, but it is unclear whether Pyongyang will get the message.

From Cybercrime to Cyberpropaganda (TrendLabs Security Intelligence Blog) A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used?

Middle East Group Uses Flash Zero-Day to Deliver Spyware (Security Week) A threat group believed to be located somewhere in the Middle East has been using a zero-day vulnerability in Adobe Flash Player to deliver a piece of spyware to targeted individuals.

Hackers Exploit Adobe Flash Flaw To Install Infamous Spyware (PCMAG) Kaspersky Lab noticed the attack last week, and said it was carried out partly through an Office document.

Tech Giants Warn of Crypto Flaw in Infineon Chips (Security Week) Microsoft, Google, HP, Lenovo and Fujitsu have warned customers of a potentially serious crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies.

'Worse Than KRACK' -- Google And Microsoft Hit By Massive 5-Year-Old Encryption Hole (Forbes) It's just another manic Monday in the cybersecurity world. First there was KRACK, a vulnerability that allowed for snooping on almost anyone's Wi-Fi. Now there's the plainer-named ROCA -- another complex but dangerous weakness in widely used cryptography found in chips made by German company Infineon Technologies AG.

Estonia - Just One of Global Cryptography ‘Factorization’ Victims (Cointelegraph) A fatal cryptographic flaw has exposed private details of millions of people worldwide since 2012, research shows.

KRACK For Dummies (Motherboard) What you need to know to protect yourself from the new KRACK Wi-Fi attack.

Krack has broken Wi-Fi security... but it's not all doom and gloom (WIRED) Security researchers have released details of Krack, a Wi-Fi WPA2 vulnerability that can compromise almost all Wi-Fi devices. Thankfully, updates are already being released

Some notes on the KRACK attack (Errata Security Blog) This is my interpretation of the KRACK attacks paper that describes a way of decrypting encrypted WiFi traffic with an active attack...

McAfee offers users advice after WPA2 crack report (iTWire) While the flaw in the WPA2 protocol reported overnight compromises wireless networks, point-to-point encryption between devices and websites or applic...

Wi-Fi at risk from KRACK attacks – here’s what to do (Naked Security) KRACK attacks work against networks using WPA and WPA2 encryption

Falling through the KRACKs (A Few Thoughts on Cryptographic Engineering) The big news in crypto today is the KRACK attack on WPA2 protected WiFi networks. Discovered by Mathy Vanhoef and Frank Piessens at KU Leuven, KRACK (Key Reinstallation Attack) leverages a vulnerab…

KRACK: Breaking Point Flaw For The Internet Of Things (International Business Times) The discovery of several vulnerabilities that exploit a flaw in a popular wireless encryption protocol could provide a make-or-break moment for the Internet of Things.

New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide (Dark Reading) Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.

Hancitor malspam uses DDE attack (SANS Internet Storm Center) Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) changed tactics on Monday 2017-10-16.

Microsoft Kept Quiet About 2013 Bug Database Hack: Report (Infosecurity Magazine) Microsoft Kept Quiet About 2013 Bug Database Hack: Report. Five former employees reveal lack of transparency

Deloitte says 'very few clients' impacted by cyber attack (Financial Review) Deloitte says that no Australian clients and "very few" international clients have been impacted by a cyber-attack that allegedly gave intruders access to the firm's global email platform.

FT30 Firms at Risk from Equifax-Style Breach (Infosecurity Magazine) FT30 Firms at Risk from Equifax-Style Breach. RiskIQ report reveals vulnerable web infrastructure

WikiLeaks' Julian Assange tweets mysterious code – is a new leak about to be released? (International Business Times UK) WikiLeaks is known to release "insurance files" before major document leaks.

Poorly Secured SSH Keys Exposing Firms to Breaches (Infosecurity Magazine) Poorly Secured SSH Keys Exposing Firms to Breaches. Venafi finds 90% of orgs don’t even know what they have

Digital Vikings and the Internet of Ransomed Things (Citrix Blogs) Let's look at history and predict Tomorrow's Internet by looking at the parallels between the cyber world and the kinetic world. And there is a certain period in history that is repeating — The Viking Age.

Hacking container ships is dead easy, warn security consultants (SC Media UK) Container ships could be at a very real risk of being hacked, warned security consultants saying that there are many security lapses on the high seas

Petya and NotPetya: The basics (CSO Online) NotPetya superficially resembles the Petya ransomware in several ways, but there are a number of important ways in which it's different, and much more dangerous.

Verizon and AT&T accused of selling your phone number and location to almost anyone (Android Authority) Verizon and AT&T have programs that provide your phone number and location to third-party companies but don't verify if you opted to share that info.

Kiski Area School District reports it was hit by a cyber attack last week (TribLIVE.com) The Kiski Area School District was the victim of a cyber attack last week, district officials said Monday. A letter sent to staff and students, ...

Security Patches, Mitigations, and Software Updates

TPM update (Infineon Technologies) Firmware updates are available for Infineon`s Trusted Platform Modules (TPMs) based on TCG specification family 1.2 and 2.0 and will be rolled out to end users by device and OS manufacturers (e.g. hardware OEMs such as PC manufacturers).

Microsoft already has a fix for that severe WiFi security exploit (updated) (Engadget) Check for updates on your Windows PC: Microsoft has fixed a serious WiFi security flaw that threatens millions of users. Google has Android's patch on the way.

Adobe Patches Flash Zero-Day Exploited in Targeted Attacks (Security Week) A Flash Player security update released on Monday by Adobe patches a zero-day vulnerability that has been exploited in targeted attacks.

Google's 'Advanced Protection' Locks Down Accounts Like Never Before (WIRED) Google offers a powerful new security setting aimed its most (rightfully) paranoid users.

Google isn't saying Microsoft security sucks but Chrome for Windows has its own antivirus (Register) ESET scanning engine now built in – plus other defenses

Cyber Trends

Interview: Maria Loughlin, SVP of Engineering, Veracode (Infosecurity Magazine) Why is software still insecure, and is the state of software improving?

Marketplace

Federal watchdog tells Equifax—no $7.25 million IRS contract for you (Ars Technica) Equifax-IRS ordeal exposes the strangeness of the government contracting system.

Lifelock attempts to capitalise on Equifax attack (Computing) Lifelock is capitalising on the Equifax hack, but has failed to disclose its relationship with the doomed company

Spain’s biggest companies are charging into crypto (TechCrunch) The global adoption of blockchain technology is starting to feel like an inevitability. Following on the news that Moscow is launching a cryptocurrency..

Cisco: Those Who Lie In Wait (Seeking Alpha) Cisco markets ACI as an IBNS software and branded hardware combination, with many components built on the company’s Digital Network Architecture. Gartner states

IBM's Long String Of Quarterly Revenue Declines Expected To Continue (Investor's Business Daily) The consensus estimate looks for IBM to report revenue of $18.6 billion, a 3% drop from the year-ago quarter.

Facebook Is Looking for Employees With National Security Clearances (Bloomberg) Social media giant wants help to spot future election meddling. Russian group bought ads to sow discord during 2016 campaign.

Grammatech's future still bright after 29 years (Ithaca Times) While tech in Tompkins County may seem like a new thing, GrammaTech – a multinational developer of software-assurance tools and advanced cyber-security solutions based in Ithaca – has been at

Products, Services, and Solutions

The Chertoff Group's Security Risk Management Consulting Methodology Granted SAFETY Act Designation by the U.S. Department of Homeland Security (Chertoff Group) The Chertoff Group is one of the only professional services companies in the world to have achieved SAFETY Act designation for its proven Security Risk Management Consulting Methodology

Ntrepid Announces Nfusion 2 to Provide Stronger Misattribution Environments for Online Research and Investigation (BusinessWire) Ntrepid today announced a re-architected version of Nfusion, the company’s fully-managed VDI designed for secure, non-attributable online resear

Top Ten Managed Security Service Providers 2017 (Enterprise Security Magazine) While the world is at the verge of technological greatness...

Barracuda Introduces Simple and Affordable DDoS Prevention (Barracuda) Today we are very excited to introduce our new Active DDoS Prevention (ADP) which is a cloud-based service that provides customers with DDoS protection and application security under a single solution.

AsTech Launches Vigilance, a $1 Million Guarantee for Managed Qualys Services (AsTech) AsTech Vigilance provides an industry first $1 million guarantee for Managed Qualys Services.

Carbon Black and IBM Security tighten partnership with rapid response tool (Channel Life) An expanded partnership between Carbon Black and IBM Security aim to provide increased cyberattack visibility and accelerated incident response times.

General Dynamics Mission Systems releases Fortress Wireless Gateway Product (Financial News) General Dynamics Mission Systems has introduced its Fortress® Wireless Gateway, allowing users to connect quickly and securely to a wireless network to enhance and extend wireless network coverage, the company said.

Crayon, Secured2 and Ridge Global / Risk Cooperative Announce Partnership at the Microsoft Government Cloud Forum (PRNewswire) Crayon Software Experts, Secured2 Corporation and Ridge Global / Risk...

CENTRI Announces Immediate Availability of IoT Advanced Security for the Arm Mbed IoT Device Platform (PRNewswire) CENTRI, a leading provider of advanced security for the Internet of Things...

Technologies, Techniques, and Standards

Packets don't lie: how to expose the DNA of a cyber attack (Computing) In the event of a cyber-attack, the ability to quickly and accurately quantify the impact of the incident is paramount

Ethereum blockchain is sailing to Byzantium – hard fork up and running (Register) Promises clearer user interaction and extra privacy

Post Equifax Plea: Change Your Software Security Practices or Be Damned (Again) (Infosecurity Magazine) Anyone looking to identify a fixable vulnerability or single out a culprit inside of Equifax to explain this breach is missing the point.

As GDPR implementation date approaches, cyber risk gets more attention (Help Net Security) As the GDPR implementation date approaches, cyber risk has been elevated to the top of the corporate agenda for organizations doing business in Europe.

5 ways agencies can promote cyber hygiene from within [Commentary] (Fifth Domain) With National Cybersecurity Awareness Month happening this October, we must remind ourselves and others that no one is too cyber sophisticated.

Bitcoin, Fueling the Ransomware Epidemic (LegalTech News) Money is a powerful motivator, but it alone wasn't enough to fuel the ransomware epidemic since it was first discovered in 1989. So what changed? In short, bitcoin.

Research and Development

The Army is developing navigation tech to help the GPS-denied soldier (C4ISRNET) The Army is pursuing a range of initiatives to bolster wayfinding for those cut off from the usual means of guidance.

Academia

Cybersecurity program obtains $493,000 in NSA-funded grants to elevate curriculum, lab infrastructure - UMSL Daily (UMSL Daily) The two grants will fund lab infrastructures, enhance equipment and advance curricula.

Legislation, Policy, and Regulation

As U.S. Confronts Internet’s Disruptions, China Feels Vindicated (New York Times) It censors online expression, but it has also taken a hard line against fake news, hacking and deception.

Compliance guru sees holes in Australia’s privacy law (CSO) While Australia’s privacy law has made a good start in encouraging better security hygiene, it may not go far enough to get all Australian and partner businesses in line, according to Chris Strand, Carbon Black’s global senior director of compliance.

DHS issues mandate for agencies to beef up their email, web security (Federal Times) DHS plans for agencies to adopt email and web security standards akin to ones found in the private sector, specifically when it comes to phishing emails, spam minimization and the protection of the confidentiality and integrity of internet delivered data.

Enhance Email and Web Security - Binding Operational Directive 18-01 (US Department of Homeland Security) ...Based on current network scan data and a clear potential for harm, this directive requires actions related to two topics: email security and web security...

Here’s What Might Come of NSA’s Surveillance Powers (MeriTalk) As the deadline to renew the National Security Agency’s (NSA) surveillance powers looms, proposed bills and speculations of bills drive the conversation on national security versus privacy.

DoD CIO sets baseline for mobile app security (FederalNewsRadio.com) John Zangardi, the acting DoD chief information officer, signed a memo outlining a new process for securing mission-critical mobile apps.

Shaking Up the Top of Cyber Command (The Cipher Brief) U.S. Cyber Command will soon be a unified combatant command. Now, the focus can shift to its "dual-hatted" arrangement with the NSA.

DoD still working toward CYBERCOM elevation (C4ISRNET) The item currently setting the pace is the nomination and confirmation of a new commander that will lead the unified combatant command.

Protecting Partners or Preserving Fiefdoms? How to Reform Counterintelligence Outreach to Industry (ITIF) It’s time for a new approach to counterintelligence outreach to the commercial sector—one that focuses more on recognizing and responding to threat indicators, less on turning to investigators once damage has already been done.

Exclusive: New York City Hires Quiessence Phillips as Deputy CISO to Help Lead New Cyber Command (Government Technology) Phillips brings a decade of information security experience to the job.

Litigation, Investigation, and Law Enforcement

U.S. Supreme Court to decide major Microsoft email privacy fight (Reuters) The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp (MSFT.O) over whether prosecutors should get access to emails stored on company servers overseas.

SCOTUS Takes Up Microsoft Case on Email Privacy (New York Law Journal) In a case closely watched by the tech industry, the justices could unwind a Second Circuit decision that held data stored overseas is beyond the reach of U.S. law enforcement.

The Fraud Scandal Engulfing Russia's Media Watchdog, Explained (Moscow Times) The case has implicated Roskomnadzor’s spokesman, the head of its legal department among other top officials

FCC’s DDoS claims will be investigated by government (Ars Technica) GAO will investigate after Democrats asked for evidence that attacks happened.

OIG: Energy Department’s cybersecurity needs improvement (Fifth Domain) The Department of Energy responded to more than 18,000 potential cyber incidents in fiscal year 2017, prompting a need for DOE to enhance its overall security posture, according to a recent independent evaluation.

Does Our Digital Age Require New Fourth Amendment Rules (New York Law Journal) In her Internet Issues/Social Media column, Shari Claire Lewis writes: We live in a world where cellphones are omnipresent. It is perhaps no coincidence, the...

Apple responds to Senator Franken’s Face ID privacy concerns (TechCrunch) Apple has now responded to a letter from Senator Franken last month in which he asked the company to provide more information about the incoming Face ID..

OIG: Energy Department’s cybersecurity needs improvement (Fifth Domain) The Department of Energy responded to more than 18,000 potential cyber incidents in fiscal year 2017, prompting a need for DOE to enhance its overall security posture, according to a recent independent evaluation.

When Computer Fraud Is Not 'Computer Fraud' (New York Law Journal) Jeremy M. King writes: Surprisingly, many courts have found that 'Computer Fraud' coverage does not apply to a common form of Internet fraud—the email scam—a...

How the Waltham cyberstalker’s reign of fear was ended (Naked Security) No one is truly anonymous online, not even criminals.

Cybercrime in the spotligt at first Citizens in Policing conference for North Yorkshire Police - North Yorkshire Police (North Yorkshire Police) 150 Special Constables, Police Support Volunteers and Volunteer Police Cadets attended the event which focused on cybercrime and how volunteers can play a key role in helping members of the public stay safe online. Chief Constable Dave Jones, who is also the National Police Chiefs’ Council’s lead for Citizens in Policing, opened the conference and …

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience...

Upcoming Events

Cyber Security Summit Los Angeles (Los Angeles, California, USA, November 30, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Los Angeles. Receive...

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and...

Exploring Health IT Innovation and Cybersecurity in the Digital Era (Kalamzoo, MIchigan, USA, November 2 - 3, 2017) Government, industry and academic leaders in health information technology and cybersecurity will headline a conference focused on "Exploring Health IT Innovation and Cybersecurity in the Digital Era"...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.