skip navigation

More signal. Less noise.

Looking for an introduction to AI for security professionals?

Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.

Daily briefing.

US EC-130 Compass Call electronic warfare aircraft are said to be encountering "disabling" Russian electronic warfare (presumably jamming) as they operate over Syria.

The University of Toronto's Citizen Lab reports that Netsweeper technology is enjoying widespread use for online censorship in South and Southwest Asia.

Kromtech Security says an exposed MongoDB database has leaked information on roughly 25 thousand individuals who had invested (or were considering investing) in the widely promoted Bezop cryptocurrency.

HPE iLO 4 remote management interfaces are reported to have been hit with ransomware.

Trustwave says that Western Digital MyCloud EX2 devices are insecure, exposing users' data to anyone with an interest in obtaining it.

Hickvision has patched a vulnerability that exposes its cameras to remote control.

CheckPoint and CyberInt say they've found new phishing tackle for sale on the dark web. The new kit, compiled and offered by a criminal whose nom-de-hack is "[A]pache," enables users to craft convincing emails and redirect sites that closely mimic branding elements of well-known firms, including Walmart, Americanas, Ponto Frio, Casas Bahia, Submarino, Shoptime and Extra. The kit seems to cater to Spanish-speaking criminal clients.

Hyperoptic's H298N broadband home routers have a hardcoded root account and suffer from a DNS rebinding vulnerability. The problems affect personal data security; they also offer the prospect of widespread surveillance or distributed denial-of-service campaigns. Hyperoptic is a British ISP, but the vulnerable routers are made by ZTE.

A Chinese think tank mulls a Sino-Russian condominium in cyberspace (and likes what it thinks it sees).

Notes.

Today's issue includes events affecting Afghanistan, Bahrain, Canada, China, European Union, France, India, Kuwait, Pakistan, Qatar, Russia, Saudi Arabia, Somalia, Sudan, Syria, United Arab Emirates, United Kingdom, United States, and Yemen.

There's a better way to stop data loss. Learn more!

Data loss is a big problem. Every organization that deals with electronic data needs to have a data loss prevention strategy in place. ObserveIT’s white paper, Building a Strategy for the Post-DLP World, explores how organizations have been dealing with data loss to date, why these strategies are failing, and what a better path forward looks like. Get information you need to build a data loss prevention strategy that works for the modern organization. Download your free copy.

In today's podcast, we hear from our partners at the University of Maryland: Jonathan Katz discusses mathematical backdoors. Our guest is Paul Burbage from Flashpoint, who talks us through the implications of recently compromised Magento sites.

HackNYC2018 (New York, New York, United States, May 8 - 10, 2018) Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely through the exploitation of vulnerable information systems and processes. Use code CWIRE20 for 20% off the $50.00 individual ticket price.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 9 - 11, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Cyber Attacks, Threats, and Vulnerabilities

Russia Widens EW War, ‘Disabling’ EC-130s In Syria (Breaking Defense) The Compass Call is supposed to be one of America’s foremost electronic warfare weapons, but the EC-130s flying near Syria are being attacked and disabled “in the most aggressive EW environment on the planet,” the head of Special Operations Command said here today.

Researchers say Canadian technology used to censor internet internationally (RCI) It’s been alleged for years that Canadian technology is being used to filter internet access in certain countries. The Citizen Lab  at the University of Toronto, which first exposed the concern and has been tracking the issue since 2013.

Planet Netsweeper: Executive Summary (The Citizen Lab) This report describes an investigation into the global proliferation of Internet filtering systems manufactured by Netsweeper. After undertaking a mapping of worldwide installations, we focus on ten country cases where we verify that Netsweeper systems are being used to censor content for subscribers of consumer ISPs.

Bezop Cryptocurrency Server Spills 25K in Private Investor, Promoter Data (Threatpost) A leaky Mongo database exposed personal information of 25,000 investors and potential investors tied to the Bezop cryptocurrency.

Ransomware Hits HPE iLO Remote Management Interfaces (BleepingComputer) Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the drives, and then demanding Bitcoins to get access to the data again. While it has not been 100% confirmed if the hard drives are actually being encrypted, we do know that multiple victims have been affected by this attack.

WD My Cloud EX2 Serves Your Files to Anyone (Trustwave) Western Digital's My Cloud is a popular storage/backup device that lets users backup and store important documents, photos and media files. Unfortunately the default configuration of a new My Cloud EX2 drive allows any unauthenticated local network user to grab...

Multiple Vulnerabilities in WD MyCloud (Trustwave) While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details.

Critical Security Configuration Issue in SAP Implementations (Onapsis) As part of our commitment to protect our customers’ business-critical applications and key business data, the Onapsis Research Labs continuously analyzes threats and attack vectors affecting SAP and Oracle applications.

MyEtherWallet users robbed after successful DNS hijacking attack (Help Net Security) Unknown attackers have managed to steal approximately $150,000 in Ethereum from a number of MyEtherWallet (MEW) users, after having successfully redirected them to a phishing site posing as MyEtherWallet.com.

Hikvision flaw could be remotely exploited to hijack cameras, DVRs (CSO Online) Hikvision patched a critical flaw that allowed attackers to access and manipulate cameras and DVRs as well as hijack accounts.

Researchers discover next generation phishing kit (Help Net Security) Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web.

Here is an Email Thread of an Actual CEO Fraud Attack (Trustwave) Business email compromise attacks, which rely on crafty social engineering, are booming. The best defense is knowing what to look for so your business doesn't fall victim.

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders (CSO Online) With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.

Why Information Integrity Attacks Pose New Security Challenges (Dark Reading) To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.

Hyperoptic's ZTE-made 1Gbps routers had hyper-hardcoded hyper-root hyper-password (Register) Firmware updates pushed out to up to 400,000 subscribers

Thousands of Android apps for kids are secretly tracking their activities (HackRead) According to researchers thousands of Android apps are collecting personal and location data of users and sharing it with third-parties.

Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant (TrendLabs Security Intelligence Blog) We came across a new version of a cryptocurrency-mining RETADUP worm through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys.

TSB brings in IBM in attempt to resolve IT crisis (Computing) Failed system upgrade which resulted in customers being able to access one another's accounts now being investigated by IBM

Researchers Hacked Amazon's Alexa to Spy On Users, Again (Threatpost) Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.

Graffiti in the digital world: How hacktivists use defacement (Trend Micro) The digital realm has become a critical space for individuals to express their opinions and further their causes.

How malware can sneak in through M&A (PaymentsSource) Companies that handle sensitive customer data have even more to worry about when making an acquisition. Not only do they have to be sure the acquired company has good security, but they can't let their guard down even after the acquisition closes.

How Malware Infiltrates Organizations (BankInfo Security) Malware is a pervasive problem that is constantly evolving, says Christopher Kruegel, CEO of the security firm Lastline, who shares key findings from new research.

Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours (BleepingComputer) Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.

Cyberattack hits Dawson County computers (WAGA) Dawson County is the latest target of a ransomware attack. The county said it’s getting help from the FBI, Georgia Bureau of Investigation, Secret Service, and cybersecurity experts.

Transcription Service Leaked Medical Records (KrebsOnSecurity) MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians.

Behind the scenes with the hackers who unlocked the Nintendo Switch (Ars Technica) "The best way to get a chip security audited is to put it in a game console"

The firms that piggyback on ransomware attacks for profit (Graham Cluley) “Don’t want to pay the ransom? Pay us, and we’ll pay it for you!”

Facebook's Targeted Ads Are More Complex Than It Lets On (WIRED) The social network's vice president of ads described a simple picture of how advertising works on the platform. But there's nothing simple about giving advertisers a near-endless number of data points to target you with.

A loud noise knocked out computers that run stock exchanges across northern Europe (Quartz) A high-decibel whistle knocked out Nasdaq's servers for several hours at a data center near Stockholm.

Security Patches, Mitigations, and Software Updates

New Drupal RCE vulnerability under active exploitation, patch ASAP! (Help Net Security) Yet another Drupal remote code execution vulnerability (CVE-2018-7602) has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild.

Apple device users, stay away from QR codes until you upgrade (Help Net Security) It's time to update your Mac and iOS-powered devices again: Apple has plugged four vulnerabilities, two of which could be exploited to execute arbitrary code if a user visits a malicious website.

For the first time, parents will be able to limit YouTube Kids to human-reviewed channels and recommendations (TechCrunch) To address parents’ concerns over inappropriate content on YouTube being seen by children, Google today is announcing an expanded series of parental controls for its YouTube Kids application. The new features will allow parents to lock down the YouTube Kids app so it only displays those chann…

Parents, rejoice: Alexa will now remind kids to say “please” (Quartz) Amazon is making it easier for kids to mind their Ps and Qs.

Amazon fixed an exploit that allowed Alexa to listen all the time (Engadget) Researchers found a way to create an Amazon Skill to turn your Echo into an eavesdropping device.

Cyber Trends

Bomgar Publishes 2018 Privileged Access Threat Report (Bomgar) Bomgar’s annual report reveals that third-party and employee access are the biggest concerns to IT pros across the globe

Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack (Dark Reading) A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.

CEOs are taking more responsibility for cybersecurity protection (Fierce CEO) CEOs and boards are stepping up to take more control of protecting their companies from cyberthreats and attacks, a study shows.

Employees still in the dark about data protection (ComputerWeekly.com) With just a month to go before the GDPR compliance deadline, many employees still don’t know how to protect confidential data, a study shows.

Marketplace

Overwhelmed by overchoice at RSA Conference 2018 (Security Boulevard) As over 500 companies vied for mindshare at this years RSA conference – a cacophony of vendors pitching thousands of products from brightly colored booths – it reminded me of how challenging it was for me to separate signal from noise when I was managing global networks. And the rapid growth of vendors and solutions Read more

The Crypto Bull Is Off Of Life Support (Hacked: Hacking Finance) There may be some bad days for cryptocurrencies in the future.  There may even be a few bad weeks. But crypto markets survived the worst shellacking in their brief history.

DataTribe Challenge showcases three innovative startups (The CyberWire) The inaugural DataTribe Challenge winnowed a large field of possible winners to three finalists. They made their pitches to an expert panel of judges on Wednesday, April 25th.

Startup offering $3 million to anyone who can hand over zero-day exploits for iOS or macOS (9to5Mac) Crowdfense, a startup company based out of the United Arab Emirates is offering up to $3 million for anyone who can offer a zero-day exploit on macOS, iOS, Android or Windows.

CACI books $145M Army intelligence services order (Washington Technology) CACI International books a $145 million task order to help research and evaluate intelligence information for the Army to combat insurgent activities and builds it lead as top prime on the $7.2 billion Global Intelligence Support Services contract.

Air Force Launches $950M in Next-Gen Cyber () The Air Force has awarded five small businesses contracts that could top out at $950 million for the rapid development of new cyber capabilities. This contract continues an effort by the service, and the Department of Defense overall, to keep up with potential adversaries in the fast-changing cyber domain.

ID Technologies and Silent Circle Form New Secure Communications Partnership (BusinessWire) ID Technologies, the technology company making it simpler for Federal government customers to buy and use fit-for-purpose IT, has announced a new part

InfoArmor, Inc. Announces Brand Redesign and Updated Website (PR Newswire) InfoArmor, Inc., an industry-leading provider of employee identity...

Former BlackBerry exec joins cybersecurity firm eSentire (Financial Post) James Yersh will take on the chief administrative officer position at eSentire, as the company looks to enter its next phase of growth

KnowBe4 Expands Team to Include Senior Vice President of Learning Inno (PRWeb) KnowBe4, providers of the world’s largest security awareness training and simulated phishing platform, today announced that it has hired John Just, EdD, as

Products, Services, and Solutions

Say hello to the new Gmail with self-destructing messages, email snoozing and more (TechCrunch) Today, Google is launching the biggest revamp of Gmail in years. The company is bringing to the flagship Gmail service many (but not all) of the features it trialed in Inbox for Gmail, and adding a few new ones, too. With those new features, which we first reported earlier this month, the company i…

Tackle cyber threats in real time with the Micro Focus enterprise security platform - Help Net Security (Help Net Security) In this podcast recorded at RSA Conference 2018, John Delk, Chief Product Officer and the General Manager of the security product group at Micro Focus, talks about how Micro Focus’ solutions comprise an enterprise-grade security platform with built-in scalability and analytics to drive the future of security. Here’s

EKINOPS PM Crypto Enables Fast and Easy GDPR Compliance with New Hardware-Based Security Engine for Optical Networks (Ekinops) EKINOPS (Euronext Paris - FR0011466069 – EKI) today launches PM Crypto, an ultra-low latency data security engine designed to help operators, cloud service providers and...

Technologies, Techniques, and Standards

(Guide) Remove Kraken 2.0 Ransomware from Windows PC or Apple MacOS / OS X (CyberByte Blog) Kraken 2.0 is a ransomware-kind virus currently observed by means of malware security researcher, Leo. Following infiltration, Kraken 2.0 encrypts maximum store

Data and privacy breach notification plans: What you need to know (CSO Online) Failure to report breaches within the rules of the many global data and privacy protection regulations can result in penalties. Planning ahead will help avoid that.

Whois Is Changing: Here’s How It Could Impact Analysts (RiskIQ) While businesses are scrambling to ensure they are GDPR compliant, another crucial discussion is happening––what’s going to happen to WHOIS?

Defending hospitals against life-threatening cyberattacks (Fifth Domain) Like any large company, a modern hospital has hundreds – even thousands – of workers using countless computers, smartphones and other electronic devices that are vulnerable to security breaches, data thefts and ransomware attacks. But hospitals are unlike other companies in two important ways.

Closing the Gaps that Result in Compromised Credentials (SecurityWeek) Most organizations don’t penalize users for loss of their credentials in situations where it’s not a malicious loss. Like most security efforts, there is no single silver bullet, and each control has a role to play in credential security.

Six Steps to Apply Risk Management to Data Security (SIGNAL) Securing data is as important as securing systems.

Moving to fast fail (CSO Online) Managing security for today’s enterprises is an increasingly complex task. But being comfortable with failure is an important skill.

Can existing endpoint security controls prevent a significant attack? (Help Net Security) Endpoint security solutions are failing to provide adequate protections to address today’s security threats, specifically malware, according to Minerva Labs. Most respondents surveyed indicated a heightened concern of a major malware breach in the coming year.

Better code won't save developers in the short run (Help Net Security) While developers improve their security and integrate it into the development cycle - as opposed to bolting it on afterward - they are facing an increasingly difficult challenge because the security landscape is hitting a watershed moment.

DISA is boosting defense network speed, resiliency (C4ISRNET) The Defense Information Systems Agency is rolling out infrastructure upgrades and a new enterprise cloud contract not called JEDI.

Design and Innovation

Sonification of DDoS Attacks: Netflow Melodies and a Tomato Panic Button (Blog | Imperva) What if we could listen in on network traffic instead of just looking at it on graphs?

This message will wash away in 5 seconds (C4ISRNET) When the form is so aesthetically pleasing, it can be hard to think about function.

Research and Development

Can This New Encryption Method Finally Crack the Crypto War? (WIRED) Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists.

Academia

Saudi cyber security college signs MoU for US training (Arab News) Saudi Arabia’s newest cybersecurity college has signed a memorandum of understanding with Chiron Technology Services Inc. in the US for a strategic training partnership. Prince Mohammed bin Salman bin Abdul Aziz College of Cyber Security, Artificial Intelligence and Advanced Technologies signed the MoU at Chiron’s headquarters in Columbia, Maryland.

Legislation, Policy, and Regulation

How to Avoid Wars in Cyberspace? (Valdai Club) In order to minimize the threats of war in cyberspace and to ensure stability and cybersecurity, Russia and China should join forces, says Shi Ze, Director of the Center for Security and Development of Eurasia, China Institute for International Studies.

An Inflection Point for Scientific and Technical Intelligence (War on the Rocks)  “…virtually all modern weapon systems depend upon data derived from scientific and technical intelligence.” -National Security Strategy, 2017 A seemingly obscure term mentioned in President Donald Trump’s National Security Strategy portends a long-overdue shift in the way the United States prioritizes intelligence

New Financial Transaction Methods Pose Challenge in Terror Fight, Officials Say (Wall Street Journal) French President Emmanuel Macron called ministers from over 70 countries to Paris in an effort to coordinate a crackdown on new terror-financing methods that French officials say pose a growing threat to global security.

Tax havens prepare to expose corrupt tycoons and oligarchs (Times) Corrupt Russian oligarchs sheltering dirty money in Britain’s overseas territories will be exposed under laws set to be forced on Theresa May next week. Tax havens such as the British Virgin...

United Kingdom Plans $1.3 Billion Artificial Intelligence Push (Fortune) It joins a list of countries like China and France announcing similar deals.

EU Presses Tech Firms on Search Results, Fake News (Wall Street Journal) The European Union tightened its effort to rein in tech giants like Alphabet’s Google and Facebook, advancing several measures that aim to shape the way they operate in Europe.

Senator wants to allow DHS to ban software from federal IT without notice (Fedscoop) The California senator said the bill was meant to curb increasing attempts of cyber espionage by foreign nations.

House lawmakers propose moving cyber defense from CYBERCOM to CYBERCOM (Fifth Domain) Recently released language for the House Armed Services annual defense policy bill seeks to transition global defense of the DoD's network from the current joint headquarters to the commander of Cyber Command.

Defense panels want the Pentagon to form a cyber reserve team to help states (Fifth Domain) The House Armed Services Committee is looking at the prospect of expanding the capacity of America's cyber power.

Election security dominates hearing for Trump Homeland Security nominee (TheHill) Christopher Krebs earns praise from both parties who signal bipartisan support for his nomination.

Democrats demand more details on CIA nominee's covert work (FederalNewsRadio.com) Three Democratic senators are stepping up their demands for more information about the former undercover spy President Donald Trump has picked to lead the CIA

A new council could advance artificial intelligence for the military (C4ISRNET) The 2019 National Defense Authorization Act defines AI and describes how the Pentagon would task a council to research machine learning.

Data Security Obligations Could be Increased in North Carolina (Infosecurity Magazine) How North Carolina's data protection obligations could be the most stringent in the USA.

Microsoft, Google urge Gov. Deal to reject new cyber crimes bill (WXIA) The bill is sitting on Gov. Deal's desk, awaiting his signature or veto.

Litigation, Investigation, and Law Enforcement

Altaba Fined $35m for Yahoo Breach Notification Failings (Infosecurity Magazine) Altaba Fined $35m for Yahoo Breach Notification Failings

Verizon says Yahoo users must waive class-action rights—or stop using Yahoo (Ars Technica) Yahoo, facing data breach lawsuits, starts enforcing mandatory arbitration.

Charter Communications, who can you trust? (CSO Online) Charter Communications, its union, its customers and the New York attorney general all are experiencing trust issues.

Police Appear to Have Seized Revenge Porn Site Anon-IB (Motherboard) "Cybercrime teams from the Dutch police have seized the Anon-IB forum in an ongoing investigation concerning criminal offenses."

Did McCabe issue 'Stand-Down' order on FBI Clinton Email Investigation? (Sara A. Carter) Former FBI Deputy Director Andrew McCabe is now facing possible criminal charges for lying under oath about leaks he made to The Wall Street Journal in 2016, in an effort to salvage his reputation and give his account to journalists who were questioning whether he gave a “stand-down” order to FBI agents investigating the Clinton …

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Integrated Cyber (Laurel, Maryland, USA, May 1 - 2, 2018) Integrated Cyber is the premier cyber event bringing together the Integrated Adaptive Cyber Defense (IACD), Automated Indicator Sharing (AIS), and cyber information-sharing communities. This two-day event...

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning...

Upcoming Events

INFILTRATE (Miami Beach, Florida, USA, April 26 - 27, 2018) INFILTRATE is a "pure offense" security conference aimed at the experienced to advanced practitioner. With the late-90s hacker con as its inspiration, the event has limited attendance in order to foster...

Automotive Cybersecurity Summit 2018 (Chicago, Illinois, USA, May 1 - 8, 2018) Smart Vehicles. Smart Infrastructures. The 2nd annual Automotive Cybersecurity Summit brings together public and private-sector manufacturers, suppliers, assemblers, technology providers and V2X partners...

Application of the Law of War to Cyber Operations (Washington, DC, USA, May 3, 2018) Cyber law experts meeting at the George Washington University will cover Title 10 vs. Title 32 vs. Title 50 and the lawful and operational restrictions related to these authorities. The panelists will...

Global Cyber Security in Healthcare & Pharma Summit (London, England, UK, May 3 - 4, 2018) The number of cyber-attacks in healthcare is on the rise, and the industry must do more to prevent and respond to these incidents. The Global Cyber Security in Healthcare & Pharma Summit 2018 will bring...

Decompiling the Government: Getting Technologists and Policymakers to Speak the Same Language (New York, New York, USA, May 3, 2018) This event brings together technologists and leading policymakers, lawyers, and journalists to bridge the gap between non-technical and technical cyber professionals and features Lisa Monaco, former Assistant...

Secure Summit DC (Washington, DC, USA, May 7 - 8, 2018) (ISC)² Secure Summit DC will assemble the best minds in cybersecurity for two days of insightful discussions, workshops and best-practices sharing. The goal of the event is to equip security leaders to...

HACKNYC (New York, New York, USA, May 8 - 10, 2018) The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience...

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, May 8 - 9, 2018) This training will provide the ITP Manager, Facility Security Officer, and others (CIO, CISO, Human Resources, IT, Etc.) supporting an ITP, with the knowledge and resources to develop, manage, or enhance...

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for...

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will...

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018...

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations...

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign...

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.