skip navigation

More signal. Less noise.

1 million credentials fall into criminal hands every single day.

That's just one of the findings from the 2018 Credential Spill Report, which analyzed all of the usernames and passwords that were reported as compromised last year. The report also studied credential stuffing attack data across four major industries, finance, airlines, retail, and hotels, finding that retailers were by far the most targeted for account takeover. Read the report to learn about new ways attackers disguise credential stuffing and the total cost of attacks.

Daily briefing.

The CyberWire's redesign is complete.

We launch our redesigned email with this issue. We trust it will reach you now in a shorter, more user-friendly format. The full range of selected reading you're accustomed to seeing is still there, accessible on our webpage.

China has summoned the US ambassador to demand an explanation for the arrest (in Canada) of Huawei CFO Meng, promising significant consequences if she's not promptly released (Guardian). The US charges Meng faces could bring significant prison time, should she be tried and convicted: multiple charges of conspiracy to commit fraud could bring thirty years each (CNBC). US companies are jittery about possible retaliation—Cisco, for one, is said to have moved to restrict non-essential employee travel to China (Bloomberg). The lawfare may grow sharper: the US is said to be preparing to unseal a number of additional indictments of Chinese nationals, perhaps as early as this week (Wall Street Journal).

Huawei is working to recover its image with a global cybersecurity upgrade (Bloomberg) even as US allies grow more vocal about the company’s perceived threat to their security (Wall Street Journal).

The Kubernetes privilege escalation vulnerabilities recently revealed continue to pose a very widespread risk to users of the popular container technology (Dark Reading).

Researchers at Stealthcare report that Russia’s seizure of three Ukrainian vessels in the Kerch Strait at the end of November was preceded by coordinated cyber operations directed against Ukrainian government assets. The threat groups involved include the familiar demimondaines of Carbanak and FSB-associated Gamaredon. The campaign is thought to have aimed at developing intelligence for the anticipated naval operation (Defense One). Stealthcare also reads the attack on FSBI Polyclinic Number 2, a hospital connected to Russia’s Presidential Administration, as probably Ukrainian retaliation (360 Core Security).

Notes.

Today's edition of the CyberWire reports events affecting Australia, Canada, China, European Union, Israel, Russia, Saudi Arabia, Taiwan, Turkey, Ukraine, United Kingdom, United States.

How Are You Responding to Threats? Find Out Now in the SANS 2018 Incident Response Survey

What new and continuing threats were uncovered in investigations and how are organizations dealing with those threats? In this SANS 2018 Incident Response Survey, learn how IR teams are coping with organizational structures, resources and IR implementation in an ever-changing threat environment. Find out how they have structured their incident response functions, what systems they’re conducting investigations on, the threats they’re uncovering and how they're uncovering them. Then apply these findings in your 2019 programs.

In today's podcast, up later this afternoon, we hear from our partners at Terbium Labs: Emily Wilson talks about why she feels the Lesbians Who Tech conference gets diversity right.

And if you haven't yet listened to Research Saturday, you can catch it here. In this edition, "Operation Red Signature targets South Korean supply chain," we hear how researchers at Trend Micro uncovered a supply chain attack targeting organizations in South Korea. With the goal of information theft, attackers compromised the update server of a third party support provider, resulting in the installation of a RAT, or remote access trojan. Rik Ferguson is Vice President of Security Research at Trend Micro, and he guides us through their discoveries.

DreamPort Event: The Red Hat OpenShift Container Platform Bootcamp (Columbia, Maryland, United States, January 3, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting the Red Hat OpenShift Container Platform Bootcamp. This is all about Containers, DevOps, & Agile Development. Attendees will learn, hands on, how to create, develop, use, deploy, and access containers as DevOps & Agile Development tools.

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Cyber Attacks, Threats, and Vulnerabilities

Russia Launched Cyber Attacks Against Ukraine Before Ship Seizures, Firm Says (Defense One) Researchers claim to have uncovered Russian cyber attacks aimed at the Ukrainian military and government before and during the Sea of Azov captures.

Huawei: A Trojan Horse Inside Taiwan? (The National Interest) How much of a threat is the telecommunications giant to Taipei?

Vulnerability Exposes Rockwell Controllers to DoS Attacks (SecurityWeek) Remotely exploitable DoS vulnerability found in some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules.

In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes (Register) First proof-of-concept, SplitSpectre, requires fewer instructions in victim

With 20,000 sites swallowed up, a botnet is eating WordPress alive (Digital Trends) Hackers controlling a “botnet” of over 20,000 infected WordPress sites are attacking other WordPress sites, according to a report from The Defiant Threat Intelligence team.

Botnet of Infected WordPress Sites Attacking WordPress Sites (Wordfence) The Defiant Threat Intelligence team recently began tracking the behavior of an organized brute force attack campaign against WordPress sites. This campaign has created a botnet of infected WordPress websites to perform its attacks, which attempt XML-RPC authentication to other WordPress sites in order to access privileged accounts. Between Wordfence’s brute force protection and the premium real-time ...

Critical Kubernetes vulnerability could have widespread effects (SearchCloudSecurity) A severe Kubernetes vulnerability was discovered in the cloud container orchestration software's API server. This marks the open source system's first serious security vulnerability.

Kubernetes Vulnerability Hits Top of Severity Scale (Dark Reading) The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.

Old and new OpenSSH backdoors threaten Linux servers (Help Net Security) ESET has found 12 previously undetected families of Linux backdoors based on OpenSSH, the most common tool for sysadmins to manage rented Linux servers.

22 malware infected apps on Play Store found draining phone's battery (HackRead) Another day, another malware targeting Android users – This time, 22 apps have been removed from the Play Store after security researchers found malware draining user phone’s battery and also downloading files without their consent.

Unprotected MongoDB Exposes Scraped Profile Data of 66 Million (BleepingComputer) Information belonging to more than 66 million individuals was discovered in an unprotected database, within anyone's reach, if they knew where to look on the web. The records look like scraped data from LinkedIn profiles.

ESET discovers 21 new Linux malware families (ZDNet) All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.

Fileless Attacks Grow as Attackers Find New Ways Past System Security (Computer Business Review) New research by cybersecurity enterprise Malwarebytes highlight the risk businesses face from fileless cyberattacks...PowerShell

DanaBot Banking Trojan Gets into Spam Business (BleepingComputer) Authors of the DanaBot banking trojans updated the malware with new features that enabled it to harvest email addresses and send out spam straight from the victim's mailbox.

Sextortion with a side of ransomware (Proofpoint) Proofpoint researchers describe recent so-called “sextortion” campaigns, some of which featured links to ransomware as well.

Those annoying sextortion scams are redirecting users to ransomware now (ZDNet) Sextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.

'PowerSnitch' Hacks Androids via Power Banks (Dark Reading) Researcher demonstrates how attackers could steal data from smartphones while they're charging.

Supply chain compromise: Adding undetectable hardware Trojans to integrated circuits (Help Net Security) Attackers could equip integrated circuits with hardware Trojans that will not change the area or power consumption of the circuit.

Thieves Can Now Nab Your Data in a Few Minutes for a Few Bucks (Wall Street Journal) Data thieves’ tactics are getting more ingenious and more intrusive, as Marriott’s Starwood database breach adds to a string of large-scale corporate data intrusions.

Arrest of Huawei CFO Inspires Advance Fee Scam (SANS Internet Storm Center) Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news.

Fake tax scam warning for university students (Action Fraud) University students have been warned by HM Revenue & Customs (HMRC) that fraudsters are targeting them with a wave of fake tax scams.

Hacker-besieged DNA data tucked away under military care (Naked Security) Genomics England announced it’s sequenced 100K Brits’ genomes… and then had to store them in a military base after multiple hacking attacks.

German engineering group KraussMaffei blackmailed in cyber attack (Xinhua,net) Operations at the Munich-based engineering group KraussMaffei are returning to "normal conditions" and production is being ramped up again.

Rockaway Twp. police computer hacker still unknown; leaders want answers (Daily Record) More than two weeks later many are mad that they don’t have more information about the hack that brought down police computer systems.

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret (Mew York Times) Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is.

Security Patches, Mitigations, and Software Updates

Windows 10: Microsoft pulls patch that gives Surface Book 2 Blue Screen of Death (ZDNet) Having first blocked it for Surface Book 2 users, Microsoft now removes buggy patch completely.

Why, in 2018, is Microsoft adding security questions to Windows 10? (Ars Technica) Attackers with admin control can abuse the feature to create a persistent backdoor.

Cyber Trends

Hackers will target more young video game players in 2019 (Quartz) There's a lot of money to be stolen from the online gaming community. And young gamers are especially vulnerable, a new report warns.

The next big risk to your privacy: Your child’s video-game habit (MarketWatch) Hackers are increasingly targeting video games, new report finds.

Report Sheds Light on Massive Ransomware Problem (Threat Vector) Datto, a managed service provider of IT services, recently released their 2018 Global State of the Channel Ransomware Report, in which they surveyed over 2,400 IT professionals from around the world. Here are some of the key findings.

Cybersecurity Canon Candidate Book Review: Cyber-War: Anatomy of the Global Security Threat (Palo Alto Networks Blog) William Yurek reviews "Cyber-War: Anatomy of the Global Security Threat" for the Cybersecurity Canon.

Not all data collection is evil: Don't let privacy scandals stall cybersecurity (Help Net Security) We are now operating in a world where all data collection and analysis practices are increasingly portrayed as evil, according to Dtex Systems.

Marketplace

U.S. Allies Raise New Security Worries About China’s Huawei (Wall Street Journal) U.S. allies from Australia to Japan to the European Union raised new security questions about Huawei Technologies, putting fresh pressure on the Chinese telecommunications giant.

EU Should Worry About Huawei, Other Chinese Firms: Official (SecurityWeek) The European Union and its citizens should be "worried" about telecoms giant Huawei and other Chinese firms that cooperate with Beijing's intelligence services, official warns.

Under Fire Huawei Agrees to UK Security Demands: Report (SecurityWeek) Embattled Chinese telecoms giant Huawei has agreed to British intelligence demands over its equipment and software as it seeks to be part of the country's 5G network plans, the FT reported.

Huawei Is Planning a $2 Billion Cybersecurity Reboot (Bloomberg) Chinese vendor said to plan global software systems overhaul. Commitment comes as company risks more bans in Western markets.

Cisco's Errant China-Travel Alert Shows Tech's Huawei Alarm (Bloomberg) The arrest of a high-profile Chinese executive has amped up jitters among U.S. technology companies already fretting that a trade war between the two countries could hurt business.

Senator slams Google's censored search engine work in China  (CNBC) Sen. Warner said tech companies need to do more to support cybersecurity in the U.S. and to fight information warfare from U.S. rivals

Chinese Mobile App Companies Are A National Security Risk, Says Top Democrat (BuzzFeed News) “It’s enormously worrisome to me that Google allowed these highly over-permissioned apps to gain such prominence,” he said.

Michael Dell plots his return to the public market (The Economist) The largest private tech firm has an updated vision for computing’s future

US National Oceanic and Atmospheric Administration taps Leidos (Australian Defence Magazine) Leidos has been awarded a task order by the US National Oceanic and Atmospheric Administration (NOAA) to manage cyber and enterprise security operations.

Qualcomm laying off more workers in San Diego, North Carolina to cut costs (San Diego Union Tribune) The company is shedding 125 jobs in San Diego and 144 workers in Raleigh as part of its continuing cost cutting plan.

Marine Cyber Command Is Getting In On Other Transaction Contracting (Nextgov.com) The Marine Corps Forces Cyberspace Command’s executive director said the command expects to sign its first OT contract in the coming days.

3 priorities for the Marines' information directorate (C4ISRNET) Here's what the deputy commandant for information is focused on.

Nasdaq-Listed Akamai Leases 6,800 Square Meters in Tel Aviv’s ToHa Tower (CTECH) The content delivery company operates a research and development center in Israel. Its current offices span over 3,000 square meters

GlobalPlatform Announces 2019 Board of Directors (Global Security Mag Online) GlobalPlatform, the standard for secure digital services and devices, has announced its Board of Directors for fiscal year 2019. Six Board seats were open and after a close election, the following individuals were re-elected to serve a further two-year term:

Products, Services, and Solutions

Dave Bitner on The CyberWire’s Unique Approach to Security News Coverage (Security Boulevard) In this video, Matt Stephenson speaks with The Cyberwire Producer and Podcast host Dave Bittner, the top-ranking daily cybersecurity podcast in the world according to iTunes.

SentinelOne Adds New Features to Remove Need for Legacy AV Suites (Best Mobility Management Vendors, MDM Software and EMM Platforms) Endpoint protection solution provider, SentinelOne, recently announced two new features that extend the scope of the SentinelOne platform past traditional endpoint protection and endpoint detection…

HackerOne Offers Free Sandboxes To Replicate Real-World Security Bugs (BleepingComputer) HackerOne has announced that it makes available to hackers that want to test and hone their skills a set of five sandbox environments modeled after popular security bugs reported through its platform.

Technologies, Techniques, and Standards

Shipping groups publish cyber security guidelines update (Riviera) A group of the world's largest international shipping associations have published an update to their cyber security guidelines.

Singapore lauded for financial sector cyber security guidelines (Channel Asia Singapore) MWR InfoSecurity has praised Singapore for developing a set of security assessment guidelines aimed at strengthening cyber resilience in finance.

Top engineer discloses how China deals with foreign intelligence-backed cyber attacks (Global Times) In reality, China has always been a victim of cyber attacks. The Global Times (GT) interviewed Xiao Xinguang (Xiao), the chief technical architect of Beijing-based Antiy Labs, on the cyber threats China has been facing in recent years.

Holding execs accountable can prevent future hacks like Marriott's (TheHill) We should expect more from the leaders we entrust with our data.

We Will Never Hack Our Elections Secure (Forbes) Instead, we need the vendors who create these systems to share their security stories publicly, including all the supporting evidence, so that anyone can evaluate, challenge and improve them.

Cyber Security Will Be a Slow Evolution - Harris Balcombe Warns SMEs to Invest in the Right Protection for the Coming Year (Bdaily Business News) 2018 has seen its fair share of high profile security breaches - British Airways, Amazon, Facebook and FIFA are only…

Mitigating the risk of Office 365 account hijacking (Help Net Security) UK's National Cyber Security Centre warns about the danger of Office 365 account compromise and offers Office 365 compromise prevention advice.

How can businesses get the most out of pentesting? - Help Net Security (Help Net Security) The goal of penetration testing is to identify the worst case scenario. But an organization will also be able to understand what the approach is.

How Tomer Agayev Fights Financial Fraud With Curiosity and Suspicion (Security Intelligence) As threat research team lead at Trusteer, Tomer guards the gateway to both known and unknown threats and passes along his insights to help banking customers protect themselves from social engineering.

Research and Development

DeepPhish Project Shows Malicious AI is Not as Dangerous as Feared (SecurityWeek) A security research project called DeepPhish examined the extent to which AI & ML technologies can aid in the detection of phishing, and the extent to which those technologies could be used by cybercriminals to by-pass anti-phishing defenses.

Nearly $1 million NSF grant to bolster cyber-physical systems security (Missouri S&T) Funded through a National Science Foundation grant, Missouri S&T researchers are developing stronger safeguards for a wide array of complex systems that rely on computers – from public water supply systems and electric grids to chemical plants and self-driving vehicles.

Legislation, Policy, and Regulation

When China Rules the Web (Foreign Affairs) China is set to remake cyberspace in its own image. That will make the Internet less open and allow Beijing to reap vast economic, diplomatic, and security benefits that once flowed to Washington.

EU governments agree to tougher stance on e-evidence (Reuters) EU governments agreed on Friday to toughen up draft rules allowing law enforceme...

Aussie Surveillance Law Imperils Secure Comms (Infosecurity Magazine) Hastily passed legislation apes the infamous UK Snooper’s Charter

GCHQ boosts powers to launch mass data hacking (the Guardian) Expanded intelligence gathering is ‘a grave threat’ warn rights groups

Why Huawei arrest deepens conflict between US and China (WHDH 7News) The dramatic arrest of a Chinese telecommunications executive has driven home why it will so hard for the Trump administration to resolve...

Former NSA official urges Britain to block Huawei technology over 'legitimate security concerns' (The Telegraph) A former top official at the US National Security Agency has warned that a failure to block Huawei technology from being embedded in critical UK infrastructure would pose “real, legitimate security concerns”.

Analysis | The Cybersecurity 202: Internet ecosystem needs a complete overhaul to be cybersecure, House panel warns (Washington Post) But Congress has little leverage to make it happen.

Sen. Warner: Cyber Threat is Here (Multichannel) Edge must step up and stop being 'petri dish' for foreign propaganda

Warner wants more Pentagon spending on cybersecurity (Fifth Domain) Sen. Mark Warner, the ranking member of the Senate’s intelligence committee, called for a realignment of Pentagon spending priorities to boost cybersecurity and technology investments.

CIA taps first woman to lead key part of agency (TheHill) The CIA on Friday named Elizabeth Kimber to run the part of the agency that recruits spies overseas, gathers intelligence and engages in covert actions.

Forcepoint’s Eric Trexler: Automation, ‘National Guard’ Could Help Agencies Maintain Stable Cyber Workforce (ExecutiveBiz) Eric Trexler, vice president of global governments and critical infrastructure at Forcepoint, has said agencies should initiate efforts to hire and retain a stable pool of cybersecurity professionals and one of those measures is to establish a cyber “National Guard.” Trexler wrote in a Nextgov article published Friday that the National Guard initiative would provide agencies with...

Futures Command Adds New Tool for Preparing Army for Next War (Military.com) Army Futures Command will be responsible for making sure the service sees the threats it may face on tomorrow's battlefield.

Dubious CLOUD: Law allows foreign governments to access citizens’ data (Pittsburgh Post-Gazette) Warrantless surveillance of American citizens, by our own government or any other, is unconstitutional.

Government bans NHS fax use (Computing) Experts disagree on NHS use of legacy communications technology

Litigation, Investigation, and Law Enforcement

U.S. Readies Charges Against Chinese Hackers (Wall Street Journal) U.S. prosecutors are preparing to unseal criminal charges against hackers linked to the Chinese government who have allegedly engaged in a multiyear scheme to break into U.S. technology service providers.

China summons US ambassador over Huawei CFO's arrest (the Guardian) Terry Branstad urged to cancel arrest warrant for Meng Wanzhou and end her ‘egregious’ detention

Chinese executive facing US extradition to appear in court (Washington Post) Huawei arrest complicates US-China trade talks, illustrating an underlying clash over technology

Canadian Prosecutor Lays Out U.S. Allegations Against Huawei CFO (Wall Street Journal) A Canadian prosecutor said Huawei’s finance chief was arrested because of U.S. allegations that she fraudulently covered up the Chinese tech giant’s control of a company was doing business in Iran.

Huawei CFO could face sentence of up to 30 years per charge if extradited to US (CNBC) U.S. prosecutors want a top executive of China's Huawei Technologies, the world's largest supplier of telecommunications network equipment, to face charges of fraud linked to the skirting of Iran sanctions.

Two British Banks Ensnared in Huawei Dispute (Wall Street Journal) Two large British banks are among those ensnared in the controversy over Huawei Technologies. The dispute escalated over the weekend after the Chinese government warned Canada it would face “severe consequences” if it didn’t release the Chinese telecom giant’s finance chief.

Opinion | How a chilling Saudi cyberwar ensnared Jamal Khashoggi (Washington Post) Inside the 21st-century battle of ideas waged by the fearful crown prince and a conniving courtier.

Israel signed off on sale of phone spying tool to Saudi Arabia — report (Times of Israel) Washington Post cites US officials who say export of NSO's Pegasus program was approved despite hesitation from some Israelis over selling sensitive technology to Arab country

Israeli cyberware company disputes software related to Khashoggi murder (The Jerusalem Post) "We follow an extremely rigorous protocol for licensing our products — which are only provided after a full vetting as well as licensing by the Israeli government.“

Marriott CFO Calls $1 Billion Estimate on Cyber Breach Premature (Bloomberg) Attack exposed personal records of up to 500 million guests. Hack targeted Starwood Hotels, acquired by Marriott in 2016

New Lawsuit Claims Marriott Still Exposes Customer Information (SecurityWeek) A new class action lawsuit filed against Marriott following the massive data breach alleges that the hotel giant still exposes customer information.

The Mueller Investigation Nears the Worst Case Scenario (WIRED) Sentencing documents for Paul Manafort and Michael Cohen drag President Trump in the legal spotlight.

Mueller says Manafort told ‘discernible lies,’ including about contacts with an employee alleged to have Russian intelligence ties (Washington Post) The allegations came in a new court filing by the special counsel that pointed to some the questions prosecutors have been asking a key witness.

Mueller Sentencing Memo Details Cohen's Aid in Russia Investigation (New York Law Journal) The Special Counsel's Office provided numerous examples of Cohen's assistance into Russian interference in the 2016 presidential election.

Analysis | 5 big takeaways from the new Michael Cohen and Paul Manafort filings (Washington Post) Prosecutors say Cohen has oversold his cooperation with Robert Mueller -- and that he doesn't deserve much leniency given his egregious conduct.

Preliminary approval of class action settlement for Experian data breach exceeds $47M (The National Law Review) Remember Experian’s massive data breach of 15 million customers in 2015?  The resulting consolidated class action is nearly resolved.  On December 3, 2018, a California federal judge g

Skripal police revisit ‘suicide’ of Scot Young and collapse of whistleblower Alexander Perepilichnyy (Times) Detectives who led the investigation into the attempted assassination of a former Russian spy in Salisbury have uncovered new evidence that links the Kremlin to at least two other suspected murders...

The Feds Are Now Looking Into Who Sent Millions of Fake Net Neutrality Comments to the FCC (Gizmodo) Federal investigators are looking into whether the mass submission of millions of fraudulent letters on net neutrality to the Federal Communications Commission’s digital comment system was a crime as part of a Department of Justice investigation, BuzzFeed News reported on Saturday.

Bikini app maker draws another disgruntled developer to its Facebook fight (Ars Technica) Six4Three's website: "Tell Zuckerberg we will no longer be his patsy!"

Apple Hit With Sales Ban on Older iPhones in China, Qualcomm Says (Wall Street Journal) A Chinese court ordered Apple to stop selling older iPhone models in the country after finding the tech giant infringed on two patents held by Qualcomm, the chip supplier said.

235 members of dark web money counterfeiting gang busted (HackRead) The Dark Web has become a thriving hub of all sorts of criminal activities from selling illegal drugs to the distribution of ransomware and running child porn platforms.

Teen Email Hoaxer Gets Three Years (Infosecurity Magazine) Duke-Cohan targeted thousands of schools in UK and US

Bomb Threat Hoaxer, DDos Boss Gets 3 Years (KrebsOnSecurity) The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K. prison, and faces the possibility of additional charges from U.S.-based law enforcement officials.

California Man Gets 26-Month Prison Sentence for DDoS Attacks (SecurityWeek) A 44-year-old man from California has been sentenced to 26 months in prison for launching DDoS attacks against two astronomy websites.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise...

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.