skip navigation

More signal. Less noise.

Who Ya Gonna Call? Threatbusters!

The threat intelligence event of the year is just around the corner—Detect '18! Join team ANOMALI and your fellow professionals at the Gaylord National Resort & Convention Center September 19-21, 2018 in National Harbor, Maryland for timely education and training on today’s most compelling, relevant threat intelligence topics, breakout sessions designed for all levels of experience, and insights from compelling customer presentations highlighting real-world threat intelligence big data issues. Register today!

Daily briefing.

Tensions between the US and Turkey, connected to Turkey's detention of a US missionary and Turkey's growing rapprochement with Russia, have manifested themselves in hacktivism by supporters of Turkish President Erdogan. Crowdstrike reports that members of the group Ayyildiz Tim took over social media accounts belonging to journalists at Fox News, Bloomberg, and The New York Times. Ayyildiz Tim claims the support of Turkish security services, but it's worth noting that Turkey has for some years had active groups of patriotic hacktivists.

Iranian cyber operators active in Cobalt Dickens appear connected with the Mabna Institute, named in earlier US indictments of Iranian hackers. They've also appropriated journalists' identities.

The New York Times reported over the weekend that CIA sources inside Russia have gone dark, possibly gone underground, leaving Langley with much less insight than it formerly had into Russian intentions, especially intentions with respect to US midterm elections. 

In news that's been evergreen since AD 1054, the Russian government is said to be collecting intelligence on the Orthodox Church. This time the target is private correspondence of Ecumenical Patriarch Bartholomew I, whose see is in Istanbul (formerly Constantinople). Russian interest in Ukrainian religious developments apparently provides the proximate motive.

US Army Cyber Command's leader thinks ISIS will step up its online activity as the small remaining physical territory of its aspiring caliphate shrinks to insignificance.

Booz Allen Hamilton reports on RtPOS, a newly identified point-of-sale malware family. RtPOS's lack of data exfiltration capability suggests, disturbingly, that it's a post-compromise tool.

Notes.

Today's edition of the CyberWire reports events affecting Australia, China, European Union, India, Iran, Ireland, Myanmar, Russia, Saudi Arabia, Syria, Turkey, Ukraine, United Kingdom, United States.

Find out what solutions are emerging, peaking and working for cyber risk managers.

In this recently-released report, Gartner Research analysts apply their “hype cycle” framework to describe the related services, software platforms, applications, methods and tools that organizations can use to develop programs to withstand risk events or take advantage of risk-related opportunities. Read the Gartner report, “Hype Cycle for Risk Management, 2018” courtesy of Coalfire.

In today's podcast, we speak with our partners at Webroot, as David Dufour discusses the role engineers play in securing an organization.

IR18: Don’t Forget to Register for the first and only community-driven IR conference! Built by the community, for the community. (Arlington, Virginia, United States, September 5 - 6, 2018) IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve incident response processes. Receive 20+ hours of practical training on today’s best practices in IR topics, including 36 breakout sessions designed for all levels of experience.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, October 2, 2018) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Tuesday, October 2nd, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. To receive the early-bird rate, register now!

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

Turkish 'hacktivists' take over social media accounts of US journalists (CNBC) Pro-Erdogan hackers said they took over social media accounts belonging to U.S. journalists in the past week. 

Online Propaganda Builds Islamic State Brand in the Face of Military Losses (Wall Street Journal) Even as Islamic State has lost territory in Syria and Iraq, it reigns supreme in cyberspace, where its critical recruitment and marketing tool has helped it build a brutish brand using propaganda and sometimes false claims.

Will ISIS make up for lost territory virtually? (C4ISRNET) One Army leader looks at a way ISIS could

Facebook bans military accounts in Myanmar as UN accuses leaders of coordinating genocide (The Verge) Facebook has been criticized for its role fueling ethnic violence in Myanmar since at least 2014. A report from the UN today accuses Myanmar’s military leaders of coordinating genocide, but Facebook says it has removed a number of high-profile accounts.

‘We don’t have any fear’: India’s angry young men and its lynch mob crisis (Washington Post) Rage fueled by gender imbalances, identity politics and economics is stirring trouble.

Cobalt Dickens threat group looks to be similar to indicted hackers (Cyberscoop) Secureworks researchers say this campaign used some of the same infrastructure as the Iranian hackers indicted earlier this year.

Inside Iran's disinformation campaign on the West (The National) Tehran is using fake social media personas and websites to support its interests

How FireEye Helped Facebook Spot a Disinformation Campaign (New York Times) The cybersecurity company has shifted its attention to detecting disinformation and uncovering social media campaigns intended to influence politics.

Una Mullally: How I was caught up in an Iranian fake news operation (The Irish Times) A random experience points to the sinister future of false news operations

Will more sanctions drive Iran to a cyberattack? (Fifth Domain) If the Trump administration's sanctions on Iran are strong, the Persian nation may respond by targeting banks, critical infrastructure and the U.S. government.

Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor (Dark Reading) The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.

Nothing sacred: Russian spies tried hacking Orthodox clergy (AP News) The Russian hackers indicted by the U.S. special prosecutor last month have spent years trying to steal the private correspondence of some of the world's most senior

Kremlin Sources Go Quiet, Leaving C.I.A. in the Dark About Putin’s Plans for Midterms (New York Times) The spy agency does not believe its Russia informants have been killed, but sources have gone largely dormant amid heightened scrutiny and rising threats.

DHS, FBI Hold Joint Briefing for Election Officials with Facebook and Microsoft (Department of Homeland Security) On August 24, 2018, the Department of Homeland Security was joined by the Federal Bureau of Investigation, Facebook, and Microsoft to host a briefing for the National Association of Secretaries of State and the National Association of State Election Directors on recent actions taken by both companies to combat foreign threats.

Oops. DNC Cyber Attack Backtrack Casts Doubt on Midterms' Security (InsideSources) The Democratic National Committee told the press its voter database was hacked on Monday, then Wednesday the DNC's Chief Information Security Officer Bob

The DNC False Alarm Hack Is Good Cybersecurity, Bad PR (Motherboard) The DNC thought it was getting hacked again, but it was just a false alarm set off by a security test. It's a sign that the organization is taking its cybersecurity seriously.

Midterm Election Hacking -- Who Is Fancy Bear? (Forbes) Russian-affiliated hacking group Fancy Bear is trying to influence elections across the world. Who is it, exactly, and how can it be stopped?

Chinese Communist Party Funds Washington Think Tanks (Washington Free Beacon) China's Communist Party is intensifying covert influence operations in the U.S. that include funding Washington think tanks and coercing Chinese Americans

"This is now the new normal": An expert explains why cybersecurity risks aren’t going away (Vox) There are threats not just from Russia and Iran, but from other countries and lone wolves, heading into the 2018 midterms.

Cyberattack on Malaysia: Imminent or imagined? (The ASEAN Post) Analysts observed a pattern of targeting by China-based groups and others against organisations with links to the BRI.

New Point of Sale Malware Family Uncovered (Booz Allen Hamilton) RtPOS is a newly-discovered Point of Sale malware that analysis suggests could be a post-compromise tool instead of standalone malware.

Cosmos Bank SWIFT/ATM US$13.5 Million Cyber Attack Detection Using Security Analytics (Securonix Threat Research) The Securonix Threat Research team recently learned of a new high-profile cyber attack targeting SWIFT/ATM infrastructure of Cosmos Bank (COSDINBB), a 112-year old cooperative bank in India and the second largest…

T-Mobile, AT&T customer account PINs were exposed by website flaws (Engadget) Apple and Asurion have fixed problems that could've let an attacker figure out the PIN number for some AT&T or T-Mobile accounts.

Pune bank fraud: Out of Rs 94 crore, hackers transferred Rs 13.5 crore to Macau (DNA) Pune bank fraud: Out of Rs 94 crore, hackers transferred Rs 13.5 crore to Macau - Probe into the Cosmos Bank in Pune revealed that thehackers had transferred Rs 13.5 crore to Macau. It should be noted that Macau is known for being the top gambling hub

Emergency warning: The GlobeImposter ransomware family is growing up wildly (360 Total Security Blog) 360 Security Center issues an emergency warning to alert users: Since August 21 2018, the GlobeImposter ransomware incident has occurred frequently. The main goal of this attack is to start the server of Remote Desktop Service.

Hacking smart plugs to enter business networks (Help Net Security) Hacking smart plugs reality. A buffer overflow flaw in Belkin's Wemo Insight Smart Plug can be exploited to interfere with the networked devices.

Epic's first Fortnite Installer allowed hackers to download and install anything on your Android phone silently (Android Central) Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background.

Google disclosed man-in-the-disk attack flaw in Fortnite Android app (CSO Online) Epic Games hit back after Google publicly disclosed the security vulnerability in the Fortnite Android app installer.

Fortnite fury over how Google handled its security hole (Graham Cluley) Epic Games isn’t happy about how Google handled the disclosure of the serious security hole in Fortnite.

Fortnite Installer for Android made our worst fears come true (SlashGear) It was really only a matter of time. Epic Games was, after all, tempting fate, not to mention hackers and criminals in its righteous zeal to open up the Android (but not iOS) app ecosystem. A bug i…

Cybercriminals Undeterred by ToS For Remcos RAT (BleepingComputer) Researchers from Cisco Talos are calling out the developer of a remote administration tool (RAT) for allowing its use for malicious purposes.

Attack Status: Apache Struts Vulnerability (CVE-2018-11776) (Akamai) This blog post is a follow-up to https://blogs.akamai.com/2018/08/apache-struts-vulnerability-cve-2018-11776.html and its purpose is to highlight attack data we have seen on the Akamai network related to this vulnerability....

FTC, FBI Issue Alerts on Bitcoin Blackmail Scams (Credit Union Times) The alert warns members that the scam isn't new but simply adjusts as technology evolves.

Thwarting Fault Attacks against Lightweight Cryptography using SIMD Instructions (IEEE Conference Publication) A growing number of connected objects, with their high performance and low-resources constraints, are embedding lightweight ciphers for protecting the conf

Who’s Behind the Screencam Extortion Scam? (KrebsOnSecurity) The [extortion] email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals.

Abbyy leaked 203,000 sensitive customer documents in server lapse (TechCrunch) Abbyy, a maker of optical character recognition software, has exposed a trove of sensitive customer documents after a database server was left online without a password. The exposed server was found by former Kromtech security researcher Bob Diachenko, who now works independently. In a blog post sh…

Cheddar's Scratch Kitchen Chain Suffers Data Breach (Dark Reading) The cyberattack occurred sometime between Nov. 3, 2017, and Jan. 2, 2018.

Three weeks after cyberattack, Mat-Su Borough computers still aren’t back to normal (Anchorage Daily News) The public can use borough services but some still can't take credit cards after a late July malware attack. Employee email remains spotty too.

Security Patches, Mitigations, and Software Updates

Bitdefender Disables Anti-Exploit Monitoring in Chrome After Google Policy Change (BleepingComputer) Chrome has started displaying alerts that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. In order to resolve these issues Bitdefender has decided to no longer monitor newer versions of Chrome with their anti-exploit technology.

Cyber Trends

Corporate Cybersecurity Is Becoming Geopolitical. Are U.S. Tech Companies Ready? (Harvard Business Review) Platforms have a propaganda problem.

A Big Choice for Big Tech (Foreign Affairs) Don't break up digital giants that monopolize online markets; force them to share their data with their competitors instead.

The Internet's Lost Promise (Foreign Affairs) The United States long promoted its vision of an open and free Internet on the global stage. But today, as authoritarian governments and private actors increasingly weaponize the web, U.S. leadership is largely absent. It’s time for Washington to overcome its belief that the Internet can fix itself and instead work to maintain the Internet as a tool for strengthening democracy.

Why too much attention on foreign actors and voting machines can hurt cybersecurity (Fifth Domain) The overwhelming majority of cyberattacks occur because of basic security failures, phishing attempts and human error, according to research.

23% of UK SMBs still use USB drives as their primary data storage solution (Help Net Security) Only 35% of SMBs have company storage centralised with on-site servers. 23% of SMB employees reported using portable storage such as USB drives.

Marketplace

‘Cybersecurity budgets of Indian firms have tripled’ (The Hindu) Companies spend more on network safety: A10 Networks

FireEye is tech firms' weapon against disinformation, staffed with 'the Navy SEALs of cyber security' (Los Angeles Times) FireEye — best known for its work on high-profile cyberattacks against companies including Target, JPMorgan Chase and Sony Pictures — is emerging as a key player in the fight against election interference and disinformation campaigns.

Array Networks Says It's the Nutanix of Private Cloud Networking (SDxCentral) Array Networks wants to be the Nutanix of networking and security virtual appliances. It recently updated to its hyperconverged platforms.

Splunk CEO: Accenture, Optiv, SecureWare Partnerships Gain Momentum (ChannelE2E) Splunk (NASDAQ: SPLK) is gaining momentum with channel partners like Accenture, Optiv and SecureWare, according to CEO Doug Merritt. Here's why.

Exabeam Wins 70% Of Splunk Faceoffs As It Targets 10% Market Share (Forbes) Splunk faces well-funded rivals in the market for detecting hackers and detailing the damage they cause. Exabeam says it's winning 70% of the time against Splunk and wants 10% of its market. Will that show up in Splunk's next earnings report?

Zscaler Buys Piece Of Cybersecurity Startup TrustPath For AI Expertise (CRN) TrustPath has developed artificial intelligence-based algorithms through machine learning to identify new threats, resulting in enhanced security efficacy and accelerated incident response.

3SG Plus Acquires Cybersecurity Powerhouse (PRNewswire) 3SG Plus will now offer cybersecurity solutions

Products, Services, and Solutions

WireGuard VPN review: A new type of VPN offers serious advantages (Ars Technica) Fewer lines of code, simpler setup, and better algorithms make a strong case.

Atos and Nozomi Networks team to deliver security to OT environments (Help Net Security) Atos and Nozomi Networks will work together to provide industrial enterprises real-time OT network visibility, data analysis and cybersecurity protection.

Trend Micro's new program helps IoT device makers tackle risk at source (Help Net Security) Trend Micro designed a new IoT security program to leverage its ZDI to minimize vulnerabilities as smart products are developed.

Samsung’s Exynos i S111 delivers efficiency and reliability for NB-IoT devices (Help Net Security) Samsung’s Exynos i S111 is the new narrowband IoT solution that includes modem, processor, memory and GNSS functions in one chip.

Trend Micro simplifies advanced threat detection and network analysis (Help Net Security) The new network analytics capabilities of Deep Discovery empower organizations struggling with skills shortages to keep themselves protected and productive.

Plurilock Surpasses $1M Revenue, Launches SaaS Products to Meet Demand for Behavioral-Biometric Security (PRNewswire) Fueled by growth and $3M in financing, the AI-based behavioral biometrics company now offers multiple options to meet customers' cybersecurity needs

6 artificial intelligence cybersecurity tools you need to know (Packt Hub) Investments in building AI systems to analyze the huge data trove have increased. Cybersecurity professionals with the help of AI can also identify possible threats and take precautions or immediate actions to solve it. For a more hands-on experience, here are 6 AI cybersecurity tools you should know to safeguard your organization from a counter AI attack.

Technologies, Techniques, and Standards

Social media firms manage expectations for stopping foreign influence campaigns (TheHill) U.S. tech companies are tamping down expectations on their ability to prevent foreign influence campaigns on social media.

‘Project Spartacus’ aims to save electric grid from nuclear, solar attack (Washington Examiner) After years of shrugs over concerns about the potential calamity an attack on the nation’s electric grid would cause, government and business leaders are joining to map a path to protect and maintain the system that powers everything from cellular phones to nuclear missile bases.

DHS Creating New Cyber Threat ‘Risk Radar’ For Agency Leaders (Meritalk) The Department of Homeland Security is working with multiple Federal agencies to develop a new “risk radar” that will help agencies’ top executives contextualize cybersecurity risk and clarify where they need to apply focus and resources, according to Mark Kneidinger, director of the Federal Network Resilience division of DHS’ Office of Cybersecurity and Communications (CS&C).

The Difference Between Sandboxing, Honeypots & Security Deception (Dark Reading) A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.

Supply Chains Struggle With GDPR Compliance (PYMNTS.com) The European Union (EU) General Data Protection Regulation (GDPR) came into effect in May, but most businesses in the region still aren’t compliant with the rules. The data security requirements have wide-reaching implications for businesses across sectors, but as companies expand globally and business partners connect on digital channels, supply chains’ GDPR compliance is an […]

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office (CSO Online) Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.

New Hampshire working to prevent hacking of election system (AP News) Amid concerns about hacking from Russia, Iran and other countries, New Hampshire plans to spend a quarter of a million dollars in federal grant money on asses

What we’re reading: 4 ways the U.S. can secure the 2020 election (Axios) It’s already too late for 2018.

Army Cyber Changing Double-Time (GlobeNewswire News Room) Leaders share insights into what’s next for the service.

5 times tech failed and we had to do things the old-fashioned way (Irish Examiner) After Gatwick Airport’s digital flight board failure, we take a look at previous big IT blackouts.

What are next generation firewalls? How the cloud and complexity affect them (CSO Online) Nextgen firewalls add features like behavioral analytics, malware detection, and content monitoring to prevent unauthorized access and data exfiltration. They could do much more in the future.

Blocking compromised passwords: How and why to do it (Help Net Security) Passwords are beginning to feel like the zombie that just won’t die. Even after Bill Gates famously called for their demise in 2004, this antiquated form

Design and Innovation

Virginia Tech partners with startup DeepSig to protect wireless devices (Virginia Tech News) The new technology can be applied to everything from personal cellphones and Bluetooth devices to vehicular communications, radars, and sensing systems.

Gamification Engineer Richard Moore Proves Anyone Can Be a Hacker (Security Intelligence) Security gamification engineer Richard Moore designs cyberthreat scenarios to unlock the competitive spirit of cybersecurity professionals and demonstrate how easy it is for anyone to hack a system.

Academia

Trend Micro steps forward to help plug IT security skills gap in KSA (Zawya) The Trend Micro Saudi Academy for Cybersecurity Program is seen to boost the government's efforts to strengthen its cybersecurity infrastructure

Legislation, Policy, and Regulation

Australia’s Ban on Huawei Is Just More Bad News for China (WIRED) The move reflects US influence, and Australia's tense, complicated relationship with China.

Defense Science Board Task Force On Improving Cyber As A Strategic Weapon (OODA Loop) The United States is currently years behind its rivals in cyberspace, both conceptually and operationally. The findings of this study illuminate the scope of the problem.

Former NSA, CIA director on cyber, Facebook and hacking back (Fifth Domain) Former head of the NSA and CIA Michael Hayden sat with Fifth Domain to discuss American cyber policy and global digital threats.

Can Silicon Valley Fight the Cyber-War the White House Won’t? (The Hive) In advance of the midterms, tech companies have become something of a last line of defense in a country where the president seems disinterested in protecting U.S. elections from foreign interference.

US Commerce's Ross Picks ZTE Monitor After Rejecting 'Never Trump' Lawyer (VOA) A new monitor for ZTE is required as part of a June settlement that ended a ban on U.S. companies selling components to China's No. 2 telecommunications equipment maker

GDPR and California's New Privacy Could Mean Millions in Costs to Organizations (Infosecurity Magazine) Data access requests could result in millions of dollars in operational costs for organizations that already face unprecedented fines in case of a security breach.

Litigation, Investigation, and Law Enforcement

Analysis | The Cybersecurity 202: FBI's encryption fight with Facebook could have broad impact on smartphone users' privacy (Washington Post) Even more than the high profile case against Apple.

You Could Be Kicked Offline For Piracy If This Music Industry Lawsuit Succeeds (Motherboard) And the evidence “proving” your guilt could be little more than fluff and nonsense.

Ukrainian hacker sentenced to 6 years in U.S. prison (Cyberscoop) Ukrainian national Ruslan Yeliseyev was sentenced to six years in U.S. prison on Friday for hacking and trafficking stolen financial information.

CFTC Wins Enforcement Action Against Alleged Virtual Currency Scammer (New York Law Journal) The decision by U.S. District Judge Jack Weinstein of the Eastern District of New York gave the U.S. Commodity Futures Trading Commission one of its first trial wins in its aggressive approach to crack down on virtual currency fraud.

Top dark web drug vendors nabbed by ‘Operation Darkness Falls’ (Naked Security) The DoJ announced arrests, charges and guilty pleas as part of Operation Darkness Falls, which involved several government agencies.

PG&E Identified as Utility That Lost Control of Confidential Information (Wall Street Journal) PG&E was identified as the utility that authorities had fined in May for losing control of a database with confidential information about its systems and leaving it exposed on the internet for 70 days.

WaPo: Transparency Is Fine For Others But Too Expensive For Us (Daily Caller) The Post is challenging a law that would require publishers to disclose the source and funding of political ads

How a Lawsuit Could Check Trump's Power Over Security Clearances (The Atlantic) Can the president restrict a person’s access to classified material for any reason he wants? It may take a claim from former CIA Director John Brennan to find out.

Clapper: Obama Ordered The Intelligence Assessment That Resulted In Mueller Investigation (Real Clear Politics) Former Director of National Intelligence James Clapper revealed in an interview last week that if not for President Obama asking for an intelligence community assessment that "set off a whole sequence of events" we would not have the Mueller investigation. Clapper, a CNN contributor, said the effects of that intel assessment "are still unfolding today."

Why Did Reality Winner Do It? (Rolling Stone) How an Air Force vet exposed Russian interference in our election — and got 63 months in prison

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...

Upcoming Events

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.