skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Kromtech Security says it's found more than 4000 ElastiSearch servers hosting files related to AlinaPOS and JackPOS, both strains of point-of-sale malware.

The BlueBorne vulnerability in Bluetooth (whose discovery Armis Lab announced Tuesday) may have been addressed by both Microsoft and Google in their most recent patches, but estimated rates of susceptibility to attack through this vector are astonishingly high. More than five billion devices worldwide are thought vulnerable.

Equifax has cleared up the confusion over which vulnerability attackers used in their massive theft of the credit bureau's data. It was the earlier Apache Struts vulnerability, CVE-2017-5638, which was patched in April, some two months before Equifax sustained its attack. There's some piling-on in progress. Rival credit bureau Experian complains that Equifax's clumsy disclosures have impeded Experian's ability to ensure the security of the data it holds. And there's been unseemly Schadenfreude over Equifax's choice of passwords for admin accounts (username "admin," password, "admin," too).

SAP, Adobe, and Google all joined Microsoft in patching this week.

In industry news, AppGuard announces that it's closed a $30 million round of Series B funding. Silent Circle is buying Kesala, and Thales announces its purchase of Guavus. Brocade's acquisition by Broadcom is proving rocky for employees, reports indicate.

And the US Department of Homeland Security has issued a binding order telling all US Government agencies to stop using Kaspersky software within the next ninety days. The DHS judgment is that Kaspersky is too close to the FSB to be worth the security risk.

Notes.

Today's issue includes events affecting Australia, Canada, China, Ethiopia, European Union, Russia, Saudi Arabia, United Kingdom, United States.

Third party breaches are here to stay – here’s how to stop the threat.

Threat actors are always looking for the easiest, fastest, and most inexpensive way to get what they want – enter third party breaches. How can organizations prioritize their efforts to reduce third party risk? Learn more in a webinar with LookingGlass Cyber Solutions’ Senior Sales Engineer Ryan Curran on Thursday, September 14 @ 2pm ET. Ryan will discuss how to tell if your vendors are already compromised, and how to use threat intelligence for actionable intelligence on your vendors’ vulnerabilities. Sign up now.

In today's podcast we speak with our partners at the SANS Institute, as Johannes Ullrich gives us an update on the Mirai botnet (still worth keeping an eye on). Our guest, Renato Marinho, Chief Research Officer at Morphus Labs, describes that bad Chrome browser extension that can steal banking credentials.

EAGB Breakfast Series: Leading the Cyber Transformation (Baltimore, Maryland, USA, September 19, 2017) Join us to discuss how the Baltimore-Washington region’s ‘tech hub’ reputation has helped build a solid foundation in cyber activities. Our panelists will discuss the transformation that is underway on the commercial side of cyber.

Earn a master’s degree in cybersecurity from SANS (Online, September 28, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, September 28th, at 12:00 pm (noon) ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Maryland Cyber Day Marketplace: Information. Connections. Solutions. (Baltimore, Maryland, USA, October 10, 2017) Register today to participate. Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for CYBERSECURITY BUYERS (commercial businesses, government agencies, academic institutions and non-profit organizations of any size in any industry) to connect with, get to know and purchase cybersecurity solutions from Maryland's CYBERSECURITY PROVIDERS. The day will be a combination of face-to-face meetings, technology demos, brief educational sessions, "Ask an Expert" information stations, networking and a wrap-up luncheon with a keynote speaker. Presented with our program partner the Better Business Bureau of Greater Maryland.

Florida’s Annual Cybersecurity Conference (Tampa, Florida, USA, October 27, 2017) Networking the Future, the Florida Center for Cybersecurity's fourth annual conference, will host hundreds of technical and non-technical stakeholders from industry, government, the military, and academia to explore emerging threats, best practices, and the latest research and trends.

Dateline Billington CyberSecurity Summit

The view from the ODNI (The CyberWire) Director of National Intelligence Coats describes how cyberspace looks from his perch atop the US Intelligence Community: threats, vulnerabilities, and consequences. He offers a commitment and an invitation to more effective information sharing.

Cyber Looms as Top National Security Threat, DNI Says (MeriTalk) Cybersecurity threats have risen to the top of the nation’s national security concerns, according to U.S. Director of National Intelligence Daniel Coats, who spoke at the Billington CyberSecurity Summit on Sept. 13.

Intelligence director criticizes former officials for speaking out against Trump (TheHill) Director of National Intelligence Dan Coats on Wednesday called it "troubling" to hear outside officials criticize the White House's approach to intelligence.

U.S. ‘incredibly lucky’ to have avoided cyber calamity this long (Miami Herald) State hackers in China and Russia are capable of sabotaging critical U.S. utilities, experts say. But they don’t do so because it would be seen as act of war.

US Military Readying a More Aggressive Approach Against Iran (VOA) Top general says goal is to challenge Tehran in he so-called “gray zone” with a heavy reliance on cyber operations

Ransomware defense depends on product upgrades, patches (GCN) Intelligence officials encouraged IT managers to patch software and retire products at the end of their lifecycles.

Federal CISOs want more education and training to help boost incident response (FCW) To get ahead of cyberthreats, agency CIOs and CISOs want to focus on reducing response times from weeks and months to minutes.

Rep. Hurd stresses need to get ‘ahead of the curve’ on security of AI, quantum computing (Inside Cybersecurity) House Oversight IT subcommittee Chairman Will Hurd (R-TX) says the federal government’s procurement processes need to move more quickly to ensure the government is adopting artificial intelligence and quantum computing technologies -- before adversaries do and can leverage it to conduct cyber attacks.

NIST official says cyber framework update will be ‘light touch,’ finalized during first half of 2018 (Inside Cybersecurity) A National Institute of Standards and Technology official says “version 1.1” of the federal framework of cybersecurity standards will be finalized during the first half of 2018, offering “light touch” updates to help public and private organizations improve their cybersecurity.

Cyber Attacks, Threats, and Vulnerabilities

Over 4,000 ElasticSearch Servers Found Hosting PoS Malware Files (BleepingComputer) The Kromtech Security Center has identified over 4,000 instances of ElasticSearch servers that are hosting files specific to two strains of POS (Point of Sale) malware — AlinaPOS and JackPOS.

Thousands of Elasticsearch Servers Hijacked to Host PoS Malware (Threatpost) Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.

Billions of devices at risk as Bluetooth-bourne vulnerability exposed (ARN) A Bluetooth vulnerability dubbed BlueBorne, discovered in April, has been made public after companies including Google and Microsoft issued updates.

BlueBorne Vulnerabilities Impact Over 5 Billion Bluetooth-Enabled Devices (BleepingComputer) Security researchers have discovered eight vulnerabilities — codenamed collectively as BlueBorne — in the Bluetooth implementations used by over 5.3 billion devices.

Equifax confirms unpatched Apache Struts flaw was exploited in massive data breach (Computing) Apache Struts patch released two months before hackers struck

Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees (New York Times) The credit reporting agency, which recently disclosed a data breach affecting up to 143 million people, said it would waive the fees until Nov. 21 after receiving numerous complaints.

Experian Says Still Waiting for Explanation From Equifax (Bloomberg.com) Equifax Inc.’s lack of transparency about its massive data breach makes it difficult for the credit-rating firm’s competitors to check the security of their own information, according to Experian Plc.

Equifax Website Secured By The Worst Username And Password Possible (Forbes) The Equifax breach that leaked data on 143 million Americans and Canadians was about as disastrous as they come. As Forbes' Thomas Fox-Brewster pointed out last week, it wasn't an isolated incident. Equifax has had problems with security before.

Ixia: What can we learn from the Equifax breach? (BusinessWire) Ixia offers organizations advice on how they can learn from the recent Equifax breach and protect their web infrastructure.

New Kedi RAT Uses Gmail to Exfiltrate Data (Security Week) Kedi RAT Pretends to be a Citrix Utility, Transfers Data Using Gmail

Serious Flaws Found in IBM InfoSphere Products (Security Week) IT security services company SEC Consult on Wednesday disclosed the details of several unpatched vulnerabilities affecting IBM’s InfoSphere DataStage and Information Server data integration tools.

Windows 0-day is exploited to install creepy Finspy malware (again) (Ars Technica) Microsoft patches flaw after researchers report it was used by undisclosed country.

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far (BleepingComputer) Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints.

Bish, bosh, Bashware: Microsoft downplays research on WSL Win 10 'hack' threat (Register) To be fair, it's a hard hack to pull off

Hacker Tactics - Part 2: Supply Chain Attacks (Anomali) Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated businesses of all industry verticals as it began wiping large amounts of Windows systems. Cisco’s Talos researchers found that the initial infection vector

Voting machines can be hacked without evidence, commission is told (The Washington Times) The country’s voting machines are susceptible to hacking, which could be done in a way so that it leaves no fingerprints, making it impossible to know whether the outcome was changed, computer experts told President Trump’s voter integrity commission Tuesday.

Editorial: Guarding Virginians' votes (Virginian-Pilot) THE VIRGINIA Board of Elections’ decision Friday to eliminate the use of touch-screen voting machines represents a necessary step to protect the integrity of the vote across the commonwealth in

A Fake-News Warning From a Former Propagandist (Bloomberg.com) Why readers shouldn’t underestimate the power of disinformation.

Security Patches, Mitigations, and Software Updates

SAP Resolves 16 Vulnerabilities with September 2017 Patches (Security Week) SAP on Tuesday released 16 security notes as part of its SAP Security Patch Day, to which it also added 1 out-of-band release and 6 updates to previously released Security Notes, for a total of 23 Notes.

Adobe, Microsoft Plug Critical Security Holes (KrebsOnSecurity) Adobe and Microsoft both on Tuesday released patches to plug critical security vulnerabilities in their products.

Pixel and Nexus September Security Patches Have Started, We Think (Updated) (Droid Life) Ever since Android Oreo dropped, Google has pushed the update out in manner best described as, “Who knows wtf Google is doing.” From betas to stable to images and now into our first security patch, I’m not sure anyone knows if the typical rollout pattern has changed or if Google is simply working through some …

Cyber Trends

Virtualization’s hidden traps: security has become a battlefield for CISOs (Bitdefender) The increasing adoption of hybrid cloud -- a mix of public cloud services and privately owned data centers, already in place for 70 percent of companies on a global level – is giving rise to new security challenges and prompting CISOs to adopt different technologies to fight zero-day exploits, advanced persistent threats, and other devastating types of cybercrime.

Cybersecurity Issues & NIST CSF Taking the Pulse of Information Security Leaders (Rsam) Nearly 1,000 information security professionals registered for Rsam’s NIST CSF: Best Practices for Implementation webinar. We surveyed attendees to uncover what they think about cybersecurity issues in general and NIST CSF in particular. Here is what they said...

Web Application Attack Statistics: Q2 2017 (Positive Technologies) This report provides statistics on attacks performed against web applications during the second quarter of 2017. Sources of data are pilot ...

Poll: Majority of Small Business Owners Perceive Online Marketplaces Like Amazon as a Threat (Biz Buy Sell) BizBuySell, the Internet's largest business-for-sale marketplace, surveyed 762 small business owners to get their perspective on how various economic, political and technological threats are impacting the small business environment.

New Research From Cyber adAPT Reveals CISO Motivations Behind Threat Detection Investment (Sys-Con Media) Mobile, IoT, and cloud use driving need for investment in advanced technology

37 Percent of Global Organizations Unsure if They Need to Comply with GDPR (WatchGuard) 37 Percent of Global Organizations Unsure if They Need to Comply with GDPR

(ISC)² Finds IT Professionals are an Underutilized Cybersecurity Resource ((ISC)²) Largest association of certified cybersecurity professionals enables IT pros to more quickly attain SSCP® certification and bolster their organization’s security posture

Marketplace

Endpoint Cyber Security Defender AppGuard Closes a $30 Million Series B to Accelerate Growth in Enterprise and SMB Markets (AppGuard) Series B funding brings total financing to $100m for AppGuard since April

Silent Circle Acquires Kesala to Strengthen Data Protection for Global Business Operations (BusinessWire) Silent Circle today announced the acquisition of Kesala, a Maryland-based company which gained initial startup support from DataTribe.

Thales announces acquisition of US firm Guavus (India Today) null

Brocade employees flee as Broadcom acquisition looms: report (CRN Australia) Vendor will reportedly shed hundreds of staff before acquisition.

Confusion hits consumer market over US ban of Kaspersky (ABC News) Worries rippled through the consumer market for antivirus software after the U.S. government banned federal agencies from using Kaspersky Labs software on Wednesday. Best Buy said it will no longer sell software made by the Russian company, although one security researcher said most...

Cybersecurity Innovator SecBI Launches U.S. Office (PRWeb) Wes Robinson tapped to serve as VP of Sales, North America

Zerodium Offers $1 Million for Tor Browser Exploits (Security Week) Exploit acquisition firm Zerodium announced on Wednesday that it’s prepared to offer a total of $1 million for zero-day vulnerabilities in the Tor Browser, the application that allows users to access the Tor anonymity network and protect their privacy.

Northrop to continue developing USAF’s Cyber Mission Platform (Airforce Technology) The Air Force Life Cycle Management Center's (AFLCMC) Cryptologic and Cyber Systems Division has contracted Northrop Grumman to continue the development and deployment of the US Air Force’s Cyber Mission Platform (CMP).

Secarma scores big at Defcon global hacking convention (Secarma) On 27-30 July a crack team of Secarma ethical hacking specialists went out to Defcon 25 - the world's largest hacker convention, held annually in Las Vegas.

Startups rave about DHS's Silicon Valley Innovation Program (Fedscoop) Other agencies should take a good, hard look at what the Department of Homeland Security is accomplishing with its Silicon Valley Innovation Program, startup executives reflected on Wednesday at the AFCEA Homeland Security conference. Four early-stage companies, working in areas like Internet of Things security, radar vision for drones and more, joined a panel to …

Digital Defense Named 2018 TAG Cyber Distinguished Vendor (Digital Defense) Digital Defense, Inc., a security technology and services provider with proven success, is proud to announce its designation as a Distinguished Vendor in this year’s 2018 TAG Cyber Security Annual.

Flashpoint - Industry Veteran Seán McGurk Joins Flashpoint to Lead Advisory Services (Flashpoint) I’m thrilled to announce that industry veteran Seán McGurk has joined Flashpoint as our Executive Director of Advisory Services.

Verve Industrial Protection Announces Appointment of Experienced Cyber Security Executive Jim Crowley, as Vice President Sales & Marketing (Sys-Con Media) Verve Industrial Protection, the global leader in industrial control system (ICS) cybersecurity, today announced the appointment of Jim Crowley as Vice President Sales and Marketing. He will be responsible for revenue generation and new customer acquisition globally.

Products, Services, and Solutions

Inky Phish Fence (Google Chrome) Inky eats phish for breakfast. Inky Phish Fence protects you against phishing and other email-based attacks.

Keep The Bad Guys Out: High Caliber Launches Mithril, Its Firewall-As-A-Service Offering (PRNewswire) High Caliber Solutions has just announced national availability of their...

Mercury Systems Announces Industry’s First NIAP-Certified Self-Encrypting Commercial SSD for Classified Programs (Mercury Systems) Low-power SBC brings performance and secure technology to VME legacy systems

SonicWall and SentinelOne Join Forces to Provide Best-in-Class Automated Real-Time Breach Detection, Prevention and Remediation (BusinessWire) Announcing a new agreement to bring together SentinelOne’s next-generation endpoint protection with SonicWall’s next-generation firewall s

Barracuda Amplifies MSP Focus, Unveils New Brand (PRNewswire) Enhancements to ECHOplatform, expanded educational resources to help managed service providers.

Infoblox Enhances Partner Program to Expand Benefits for Valued Channel Partners - Infoblox (Infoblox) Infoblox Inc., the network control company that provides Actionable Network Intelligence, today announced enhancements to its partner program, BuildingBLOX, to offer additional benefits and training for valued channel partners. The new program reinforces Infoblox’s commitment to the channel with increased investment and focus on partners’ go-to-market efforts. Network environments are rapidly …

Ayehu Launches its Next Generation IT Automation and Orchestration Platform Powered by Artificial Intelligence (GlobeNewswire News Room) SaaS-Ready platform is the force multiplier for overwhelmed and understaffed IT and Security operations

McAfee launches new range of consumer security products (BetaNews) With internet threats showing no signs of slowing down, it's vital to keep all of your devices protected and this applies in the home as much as the workplace.

New FinalCode 5.3 Release Extends the Types of Applications Traditional IRM Can Support (FinalCode) FinalCode, Inc., today announced the immediate global availability of the newest release of its persistent, file-centric information rights management (IRM) solution that protects files wherever they go, inside and outside of the organization.

GlobalSign Announces CloudSSL Offering for SaaS Providers (GlobalSign) Leading certificate authority’s new automated offering enables SaaS companies to provide their customers with secure, built-in encryption

VITAL4DATA Releases VITAL4SEARCH, The First of Its Kind FCRA-Compliant Global Background Screening Data and Technology Platform (PRNewswire) VITAL4DATA announced today the release of VITAL4SEARCH SaaS solutions that...

Dashlane To Support Apple's New Face ID Technology (PRNewswire) The world's leading password manager Dashlane proudly continues its...

Comodo Advanced Endpoint Protection Wins 'APT Software of the Year' 2017 CyberSecurity Breakthrough Award (PRNewswire) Comodo, a global innovator and developer of cybersecurity solutions...

Comodo, StackPath Join Forces on Holistic Security Platform (Channel Partners) The new platform will integrate capabilities from the StackPath platform, Comodo cWatch web security management solution and cWatch Office secure web platform. Both companies will also begin offering the others' services as part of their broader solution offerings.

Technologies, Techniques, and Standards

Shipowners need to tighten security against cyber attacks on vessels (LoadStar) In response to the growing threat of cybercrime to the shipping sector, the UK government has launched a new code of practice to help shipowners improve security.

Code of Practice Cyber Security for Ships (UK Government: Department of Transport) This Code of Practice should be read by board members of organisations with one or more ships, insurers, ships' senior officers (for example, the Captain/Master, First Officer and Chief Engineer) and those responsible for the day-to-day operation of maritime information technology (IT), operational technology (OT) and communications systems. It does not set out specific technical or construction standards for ship systems, but instead provides a management framework that can be used to reduce the risk of cyber incidents that could affect the safety or security of the ship, its crew, passengers or cargo.

CIS Controls Implementation Guide for Small- and Medium-Sized Enterprises (SMEs) (Center for Internet Security) This guide contains a small sub-set of the CIS Controls specifically selected to help protect SMEs.

Ransomware defense depends on product upgrades, patches (GCN) Intelligence officials encouraged IT managers to patch software and retire products at the end of their lifecycles.

Victorian hospitals aim to prevent cyber attack (Technology Decisions) A new cybersecurity trial is being launched in Victorian hospitals, aimed at keeping them safe from hackers.

Cybersecurity In Financial Services: Analyzing Third- & Fourth-Party Best Practices (BitSight) These five best practices will help align your vendor cybersecurity monitoring program with the top financial service organizations.

GDPR: Organisations ignoring paper-based risks, warns Xenith MD Justin Milligan (Computing) Lost and stolen documents a bigger source of data breaches than email, yet UK organisations are ignoring paper in their GDPR compliance strategies

Design and Innovation

Apple Brings FaceID to New iPhone X (Security Week) iPhone X Uses Facial Recognition to Unlock Device, Apple Says 1 in 1,000,000 Chance of False Positive

Research and Development

Encryption-breaking quantum computers getting closer, warns Canadian expert (IT World Canada) With research accelerating around the world on next-generation quantum supercomputers, the odds of someone creating a new machine able to crack current

Legislation, Policy, and Regulation

Saudi calls for social media informants decried as 'Orwellian' (Reuters) Saudi Arabia has urged its people to report subversive comments spotted on social media via a phone app, a move denounced by a human rights watchdog as "Orwellian".

Trump administration orders purge of Kaspersky products from U.S. government (Reuters) The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

Department of Homeland Security orders all Kaspersky products to be purged from government within 90 days (Computing) No evidence cited - order based on concerns

DHS gives agencies 90 days to remove Kaspersky Lab IT from networks (FederalNewsRadio.com) The Homeland Security Department issued their fifth binding operational directive on Sept. 13.

UK Data Protection Bill will exempt journalists and researchers (Computing) New proposals will protect professionals who have to handle personal data without consent

Equifax data breach focuses Washington's attention on security of sensitive personal information (Los Angeles Times) The data breach at credit reporting firm Equifax has put the company in the cross-hairs of congressional committees and fueled a push for stronger consumer protections.

Governments must fix the digital identity mess, says think tank (Naked Security) Digital identity schemes are surely just around the corner – and they’re already in place in India and Estonia. But there are problems to be ironed out

Cyber Warriors and Cyber Spies Struggle to Strike Balance (The Cipher Brief) On May 2, 2011 the agonizing, decade-long hunt for Osama bin Laden finally ended. The raid by U.S. Navy seals on the walled compound in Abbottabad, Pakistan was the culmination of years of intelligence gathering. Following the September 11, 2001 attacks, the CIA stepped up efforts begun years earlier to gather information on al Qaeda’s …

Litigation, Investigation, and Law Enforcement

Chinese billionaire who exposed CCP corruption on social media seeks asylum in U.S. (World Tribune: Window on the Real World) by WorldTribune Staff, September 12, 2017 A Chinese billionaire who received death threats after exposing corruption in the Chinese Communist Party’s (CCP’s) leadership has a “strong cl…

Mueller probe is said to have focus on social media (The Columbian) Russia’s effort to influence U.S. voters through Facebook and other social media is a focus of special counsel Robert Mueller’s investigation into the 2016 election and possible links to

We now know why Susan Rice requested to 'unmask' the names of Trump associates (Business Insider) Susan Rice wanted to know why the crown prince of the UAE visited Trump Tower last December without informing the US government.

How the NSA Built a Secret Surveillance Network for Ethiopia (The Intercept) Amid concerns about Ethiopia's human rights abuses, the NSA forged a secret relationship with the country that expanded exponentially over the years.

'Robot lawyer' takes on Equifax (BBC News) DoNotPay bot prints documents to help users sue Equifax in small claims courts for up to $25,000.

Opinion | The Terrifying Power of Internet Censors (New York Times) Dropping a Nazi website seems fine, but what if Cloudflare suspended security service for a political candidate that its leader didn’t like?

Stop Googling Your Symptoms; It May Just Kill You Faster (Mercola) Sign the "Don't be evil" petition to stop Google's growing monopoly and avoid all Google products, including Gmail, Google docs and Google's search engine.

Amazon in £1.5bn tax fraud row (Times) The tax authorities accused Amazon yesterday of failing to co-operate fully in tackling a multibillion-pound fraud that is putting scores of small British companies out of business. Figures from HM...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Summit: New York (New York, New York, USA, September 15, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: New York. Receive...

Cyber Security Conference for Executives (Baltimore, Maryland, USA, September 19, 2017) The Johns Hopkins University Information Security Institute and COMPASS Cyber Security are hosting the 4th Annual Cyber Security Conference for Executives on Tuesday, September, 19. It will be held on...

4th Annual Industrial Control Cybersecurity Europe (London, England, UK, September 19 - 20, 2017) Against a backdrop of targeted Industrial Control System cyber attacks against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber attacks on...

Cyber Everywhere: Collaboration, Integration, Automatio (Washington, DC, USA, September 20, 2017) We’ve seen all of the cyber headlines this year – new policies emerging, old policies evolving, the cyber workforce is multiplying, and rapidly growing connected devices are complicating governance. While...

10th Cyber Defence Summit (Dubai, UAE, September 20, 2017) Naseba’s 10th Cyber Defence Summit will address the importance of protecting critical infrastructure and sensitive information, help companies procure cyber security solutions and services, and create...

Maine Cyber Safety Institute (Waterville, Maine, USA, September 20 - 21, 2017) The Summit intends to help business protect themselves from possible losses. The Information Security Community, representing cyber professionals, found that 54% of anticipated cyberattacks against their...

2017 Washington, D.C. CISO Executive Leadership Summit (Washington, DC, USA, September 21, 2017) Highly interactive sessions will provide many opportunities for attendees, speakers and panelists to be engaged in both learning and discussion. The objective for the day is to deliver high quality useful...

Connect Security World (Marseille, France, September 25, 2017 - 27, 2014) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

(ISC)2 Security Congress (Austin, Texas, USA, September 25 - 27, 2017) (ISC)² Security Congress cybersecurity conference brings together nearly 1,500 cybersecurity professionals, offers 100+ educational and thought-leadership sessions, and fosters collaboration with forward-thinking...

Connect Security World (Marseille, France, September 25 - 27, 2017) As IoT solutions are transitioning from hype to real deployments, the “Internet of insecure things” threat is gaining ground. To address unlimited risks, threats and vulnerabilities surrounding IoT, a...

SINET61 2017 (Sydney, Australia, September 26 - 27, 2017) Promoting cybersecurity on a global scale. SINET – Sydney provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

O'Reilly Velocity Conference (New York, New York, USA, October 1 - 4, 2017) Learn how to manage, grow, and evolve your systems. If you're building and managing complex distributed systems and want to learn how to bake in resiliency, you need to be at Velocity.

24th International Computer Security Symposium and 9th SABSA World Congress (COSAC 2017) (Naas, County Kildare, Ireland, October 1 - 5, 2017) If you thought symposiums on information security and risk were all the same, look again! COSAC is an entirely different experience. Conceived by practising professionals for experienced professionals,...

Cybersecurity Nexus North America 2017 (CSX) (Washington, DC, USA, October 2 - 4, 2017) Be a part of a global conversation with professionals facing the same challenges as you at the nexus—where all things cyber security meet. Cyber security doesn’t take a vacation and it doesn’t sleep. You...

Atlanta Cyber Week (Atlanta, Georgia, USA, October 2 - 6, 2017) Atlanta Cyber Week is a public-private collaboration hosting multiple events during the first week of October that highlight the pillars of the region’s cybersecurity ecosystem and create an opportunity...

4th Annual Industrial Control Cyber Security USA Summit (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of targeted Industrial Control System cyber attacks, such as those against energy firms in the Ukraine power industry, the massive attacks against the Norway oil and gas industry, cyber...

4th Annual Industrial Control Cyber Security Summit USA (Sacramento, California, USA, October 3 - 4, 2017) Against a backdrop of continued ICS targeted cyber attacks against energy firms in the Ukraine power industry (CRASHOVERRIDE), the massive attacks against the Norway oil and gas industry, cyber attacks...

CyberSecurity4Rail (Brussels, Belgium, October 4, 2017) Facilitated by Hit Rail, this conference will bring together experts in cybercrime and digital security, plus leaders in ICT and representatives from transport and railway companies, European organisations...

Infosecurity North America (Boston, Massachusetts, USA, October 4 - 5, 2017) Organized by Infosecurity Group, which has provided the global information security community with some of the largest, longest established conferences and expos over the past 22 years including Infosecurity...

Hacker Halted (Atlanta, Georgia, USA, October 9 - 10, 2017) The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those...

European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 9 - 10, 2017) The Fourth Industrial Revolution is in full swing, giving a strong impulse to the growth of Europe’s innovation-driven economy that can compete with world’s economic superpowers. Let’s start the dialogue...

2017 ISSA International Conference (San Diego, California, USA, October 9 - 11, 2017) Each day, cyber threats become increasingly intricate and difficult to detect. Over the past year, we saw that with the rise of device connectivity came boundless opportunities for malicious hackers to...

Maryland Cyber Day Marketplace (Baltimore, Maryland, USA, October 10, 2017) Hundreds of cybersecurity providers and buyers in one location on one day. Maryland Cyber Day Marketplace provides the opportunity for cybersecurity buyers to connect with, get to know and purchase cybersecurity...

Cyber at the Crossroads (Adelphi, Maryland, USA, October 10, 2017) Join the Cyber Center for Education & Innovation (CCEI), Home of the National Cryptologic Museum (NCM) for a one-day symposium of renowned national cybersecurity leaders, including experts from past and...

ManuSec USA (Chicago, Illinois, USA, October 11 - 12, 2017) This series will bridge the gap between the process control and corporate IT senior level professionals, allowing them to discuss challenges, critical issues and debate best practice guidelines.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.