skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

As US Congressional and other attention continues to be lavished on the threat that Russia poses (by general consensus and specific evidence) to both infrastructure and elections, security firms warn of an increase in cyber activity emerging from Iran. Palo Alto Networks repeats its warnings of the OilRig campaign against the energy sector. Symantec notes that the Leafminer group, also thought associated with Tehran, represents a rising threat, still stumbling, but also clearly on its way up. Iran's recent cyber activity has focused on regional rivals and associated targets, but this seems a matter of strategic decision and not necessarily a sign of limited capability.

LifeLock, the well-known identity protection company, has fixed a problem with its systems that enabled any interested party to browse and index customer email addresses to customer accounts. It would have been possible for an attacker to unsubscribe customers from LifeLock communications. More seriously, it could have facilitated spoofing millions of LifeLock customers with phishing emails purporting to come from LifeLock.

The US Department of Homeland Security has warned businesses that hackers are actively targeting SAP and Oracle enterprise resource planning (ERP) systems. There's been a dramatic rise in attacks detected, and also a spike in dark web chatter related to ERP vulnerabilities. The attackers represent the full mix of usual suspects: criminals, hacktivists, hobbyists, and espionage services.

TrendLabs is tracking Underminer, a cryptojacking bootkit with an encrypted TCP tunnel.

Australia and the US appear ready to take a more assertive joint position in cyberspace.

Notes.

Today's issue includes events affecting Australia, China, Egypt, Iran, Israel, Pakistan, Philippines, Russia, Saudi Arabia, Taiwan, United Kingdom, United States.

Find out what midsized enterprises are doing right to hit the cybersecurity “sweet spot.”

Despite having bigger budgets and greater resources, large enterprises aren't better protected from cyberattacks than are their smaller counterparts. The sweet spot for cybersecurity is found among midsized businesses, which testing finds performed best at protecting their assets and mitigating their security risks. That's the conclusion of Coalfire's inaugural Coalfire Penetration Risk Report, based on more than 300 penetration tests in 148 companies worldwide.  Download the report to gather data-driven insights and make informed decisions based on Coalfire’s innovative analysis.

In today's podcast we hear from our partners at the Johns Hopkins University's Information Security Institute: Joe Carrigan talks about the propensity infosec pros have to reuse passwords. Our guest is Jessica Ortega from Sitelock, explaining how having social media icons on your website can increase your odds of falling victim to attacks. 

And Hacking Humans is up. This week's edition is Nothing up my Sleeve. We hear a story of deception right out of Hollywood (literally), we get some freakanomic speculation about changing the financial incentives for scammers, and we share an adult-content shaming catch-of-the-day courtesy of SANS Dean of Research and friend-of-the-show Dr. Johannes Ullrich. Finally, we return to Southern California for a chat with UCLA atomic physicist and close-up magician Dr. Adam West.

Billington Automotive Cybersecurity Summit (Detroit, Michigan, United States, August 3, 2018) Top automotive executives and government representatives will detail the latest cybersecurity threats and best safety practices at the second Billington Automotive Cybersecurity Summit on Aug. 3 at Cobo Center in Detroit. In the age of connected and autonomous cars, cybersecurity is a top priority for automakers and their suppliers.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 4 - 9, 2018) Visit XM Cyber at the Innovation City, booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

Schedule a meeting with Terbium Labs at Black Hat. (Las Vegas, Nevada, United States, August 8 - 9, 2018) Matchlight by Terbium Labs is the world's most comprehensive and only fully private dark web monitoring solution, capable of quickly detecting compromised account data and minimizing the damage caused by a data breach. Book a 1:1 session with Terbium Labs' leadership team to learn how Matchlight can help your organization assess its sensitive data exposure on the dark web.

CyberTexas Job Fair, August 14, San Antonio visit ClearedJobs.Net for details. (San Antonio, Texas, United States, August 14, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberTexas Job Fair, August 14 in San Antonio. Meet leading cyber employers including Bank of America, USCYBERCOM, USAA and more.

Cyber Security Summits: August 29 in Chicago & in NYC on September 25 (Chicago, Illinois, United States, August 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The NSA, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Wombat Wisdom Conference, September 18 to 20, 2018, Pittsburgh, PA. (Pittsburgh, Pennsylvania, United States, September 18 - 20, 2018) Gain expert insights for strengthening your security awareness program at the Wombat Wisdom Conference, Sept. 18-20, 2018. Ideal for CISOs and infosec professionals looking to share ideas and actionable concepts for improving security awareness and training.

Cyber Attacks, Threats, and Vulnerabilities

Iranian cyber activity on the rise with Leafminer, OilRig leading the way (SC Media US) Iran has once again found itself in the crosshairs of cybersecurity researchers with Palo Alto Networks' Unit 42, Symantec and the German intelligence all pointing accusatory fingers at Tehran over several recently revealed cyber campaigns.

Russian hackers used phishing tools in 2017 attack on grid (AP News) Russian hackers who penetrated hundreds of U.S. utilities, manufacturing plants and other facilities last year gained access by using the most conventional of ph

LifeLock Bug Exposed Millions of Customer Email Addresses (KrebsOnSecurity) Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.

Parasite HTTP RAT cooks up a stew of stealthy tricks (Proofpoint) Proofpoint researchers analyze a stealthy new remote access Trojan.

Hackers are targeting SAP, Oracle ERP applications, US wans (CRN Australia) Based on dark web activity.

ERP applications under attack: How criminals target the crown jewels (Help Net Security) Research from Digital Shadows and Onapsis found clear signs of ERP applications under attack, putting organizations directly at risk of espionage and fraud.

New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel (TrendLabs Security Intelligence Blog) We discovered an exploit kit we named Underminer that uses capabilities to deter researchers from tracking its activity or reverse engineering the payloads

How one hacker could have changed automotive history (Naked Security) That’s not supposed to happen: 150GB of customer data that the world could download… and hack.. and then upload again.

Popular Android/iOS Apps & Extensions Collecting “Highly Personal” User data (HackRead) In May this year, HackRead reported how an Israeli company Unimania was caught collecting personal, Facebook and browsing data of users through Android

More browser extensions and apps caught spying on users (Naked Security) The pop-up blocking function of many apps and browser extensions appears to obscure an ulterior motive – spying on a user’s web traffic.

Swann security cameras vulnerable to spying hack (Help Net Security) Researchers have unearthed a security flaw in a Swann security camera that allows attackers to spy on the video and audio feed of anyone’s camera.

Car Sharing Apps Vulnerable to Hacker Attacks: Kaspersky (SecurityWeek) The lack of proper security mechanisms make many car sharing apps highly vulnerable to hacker attacks. Security holes found by Kaspersky can be exploited to obtain personal info and even steal cars

Researchers Resurrect Decade-Old Oracle Solaris Vulnerability (SecurityWeek) One of the Solaris vulnerabilities patched by Oracle with the July 2018 CPU is closely related to a flaw first discovered in 2007

Attackers playing into users' commitment to security continue to sail through defenses (Help Net Security) KnowBe4 shared its Top 10 Global Phishing Email Subject Lines for Q2 2018. The messages are based on simulated phishing tests or real-world emails.

The Foundation of Cyber-Attacks: Credential Harvesting (SecurityWeek) Stealing a valid credential and using it to access a network is easier, less risky, and ultimately more efficient than using an existing vulnerability, even a zero-day.

Riverside police lost access to crime-fighting tool in cyber attack (mydaytondailynews) Riverside Police Department’s access to Ohio’s statewide system of law enforcement databases is suspended.

Security Patches, Mitigations, and Software Updates

Windows 10: These two new builds deliver lots of bug fixes (ZDNet) Updates for Windows 10 have arrived just a fortnight after Patch Tuesday.

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs (Threatpost) Intel patches three flaws that could allow a local attacker to execute arbitrary code on impacted systems.

Intel Xeon workhorses boot evil maids out of the hotel: USB-based spying thwarted by fix (Register) The story behind the quietly patched CVE-2018-3652

Twitter Curbs Access for 143,000 Apps in New Crackdown (SecurityWeek) Twitter has removed more than 143,000 apps from the messaging service since April in a crackdown on "malicious" activity from automated accounts.

Big bad Bluetooth blunder bug battered – check for security fixes (Register) Crypto cockup lets middle-people spy on connections after snooping on device pairing

Cyber Trends

Securing healthcare organizations: The challenges CISOs face (Help Net Security) Healthcare breaches involving ransomware are increasing, but this is just one of the problems infosec pros securing healthcare organizations need to face.

Decentralising the web: MaidSafe CEO on competition and collaboration (Computing) David Irvine 'There are some egos out there who are quite vocal about the merits of their approach'

Akamai expects big shift in security posture in the Philippines (Back End News) Recent data breaches, not only in the private sector but in the government as well, raised cybersecurity awareness in the Philippines. While the conversation is s…

Marketplace

It's IPO day for Tenable. It has boosted its introductory price again. (Washington Business Journal) Columbia, Maryland-based Tenable Holdings Inc. will open trading on the Nasdaq Thursday offering 10.9 million shares of common stock at a price of $23 per share, which could raise the company more than $250 million.

Tenable Announces Pricing of Initial Public Offering (Tenable Network Security) Tenable Holdings, Inc. (" Tenable ") today announced the pricing of its initial public offering of 10,900,000   shares of common stock at a price to the public of $23.00 per share. The shares are expected to begin trading on the Nasdaq Global Select

Sagi's Kape acquires US cybersecurity co Intego (Globes Newswire) Israeli cybersecurity company Kape Technologies will pay $16 million for Seattle-based Intego.

Automotive companies are warming up to vulnerability disclosure programs (Cyberscoop) The automotive industry is looking to step up its collaboration with cybersecurity researchers to identify software and hardware bugs in order to better protect vehicles, which are becoming more connected and automated.

Facebook shares tank on slowing growth, wiping out billions in value (Washington Post) The lower-than-expected revenue growth raised worries that the political and social backlash the company’s seen is affecting its bottom line.

Qualcomm Plans to Abandon NXP Deal Amid U.S.-China Tensions (Wall Street Journal) Qualcomm said it plans to scrap its $44 billion purchase of Dutch chip maker NXP after failing to secure approval in China, making the deal one of the most prominent victims of spiraling U.S.-China trade tensions.

Booz Allen to Help Navy Secure Maritime Cyber Systems Under $92M Task Order (GovCon Wire) Booz Allen Hamilton (NYSE: BAH) has received a five-year, $92 million task order to support the U.S.

Salient CRGT Wins $34M Task Order to Deliver IT Support to the Defense Technology Security Administration (PRNewswire) Extending its long term relationship with the Defense Technology Security Administration (DTSA), the company will provide IT services and information security for the international transfer of defense-related goods, services, and technology

GhangorCloud Achieves Major Milestones and Year-over-Year Revenue Growth in Cybersecurity Market Predicted to Reach $1 Trillion by 2021 (GlobeNewswire News Room) Information Security and Compliance Provider Sees Significant Customer Success, Channel Growth and Industry Validation During the First Six Months of 2018

Trend Micro Launches Targeted Server-Side Bug Bounty Program (Dark Reading) Targeted Incentive Program will pay anywhere from $25,000 to $200,000 to researchers who are first to demonstrate exploitable vulnerabilities.

Products, Services, and Solutions

Microsoft publishes details of Windows 10 connections in GDPR compliance document (Computing) Microsoft's Windows 10 GDPR document also indicates how users can disable data collection

Google wants to replace your password routine with a tiny device that plugs into your computer (CNBC) Google's new security key might be more secure than other password methods.

Comodo Cybersecurity Launches New Plugins for cWatch Web Security Platform (PRNewswire) Plugins for cPANEL and WHMCS streamline onboarding of web ecosystem partners and customers

Rubrik Launches Radar, an Intelligent Application to Defend Against Ransomware (PRNewswire) Built on the Polaris SaaS platform, Radar accelerates recovery from ransomware and other security threats with minimal business disruption and data loss,- Radar leverages machine learning models to help enterprises deepen their data defense posture

CloudMigrator and Virtru partnership offers the way to move data to the cloud (Help Net Security) CloudMigrator + Virtru solution allows enterprises to migrate regulated and proprietary data to Google G Suite and Microsoft Office 365.

IOGEAR’s NIAP-certified KVM Switches provide protection against cyber security threats (Help Net Security) IOGEAR’s Secure KVM Switches allow users to share a single keyboard, mouse, speaker set, CAC reader, and single or dual DVI or HDMI monitors.

Macro 4’s session manager improves mainframe security through roll-out of MFA (Help Net Security) Tubes for z/OS 7.8 has a new MFA capability which provides a way for organizations to introduce additional security tests or ‘factors’.

Dashlane 6: The App That's Solving the Digital Identity Crisis (PRNewswire) An All-In-One Solution for Online Risk Prevention, Identity Monitoring, and Identity Restoration

ProtonMail adds full PGP support and address verification (Computing) Improves compatibility with other services,Security Technology

Twistlock Announces Support for Binary Authorization for Google Kubernetes Engine (PRNewswire) Integration enforces full lifecycle software quality and compliance for GKE workloads

Airbus wants 'orderly' transition to broadband for security network (BNamericas) BNamericas is the business intelligence tool for Latin America with data, news, analysis and events to identify job opportunities, projects, companies and contacts

Technologies, Techniques, and Standards

2020 Census Comes With New Technology, but Greater Risks (Wall Street Journal) The Government Accountability Office warns that the 2020 Census, which will employ new technologies such as cloud and mobile computing, faces a greater risk of cyberattack than earlier, lower-tech efforts.

Congress wants DoD to hold a national cyber response exercise (Fifth Domain) A proposal wants the Department of Defense to play out its support to both private- and public-sector agencies in the event of a cyber incident.

Should We be Looking Down Under to Improve Our Security? (Infosecurity Magazine) How the Australian government's Essential Eight rules can provide a basis for cybersecurity basics.

Equifax's Security Overhaul, a Year After Its Epic Breach (WIRED) Nearly a year after hackers stole the personal data of 147 million people from Equifax, the company details the changes it's making to its security practices.

Don't Ignore Identity Governance for Privileged Users (SecurityWeek) Privileged Access Management (PAM) can monitor and record user activity to offer misuse deterrence by collecting evidence for prosecution, and can provide more detailed compliance reporting than system logs.

Anonymity tools: Why the cloud might be the best option (SearchCloudSecurity) Anonymity tools don't have to be complicated or expensive. Learn what options are available and why the cloud may be the best bet for anonymity for security.

Breach Accountability: Blaming the CISO vs An End to Shaming (Infosecurity Magazine) Two experts discuss where accountability for data breaches should lie

McAfee CISO: The importance of a strong cybersecurity culture (SearchCIO) In this Q&A, McAfee CISO Grant Bourzikas discusses the huge role a company's cybersecurity culture plays in ensuring the company data -- and that of their customers -- remains secure as threats continue to evolve.

Navy Utilizes Realistic Cyber Simulations to Mature Cyber Mission Forces Beyond Qualifications (DVIDS) The next phase in the maturation of the Navy’s Cyber Mission Force teams is underway as leadership from U.S. Fleet Cyber command/U.S. 10th Fleet (FCC/C10F) develop innovative training methods that allow operators to hone their skills in a realistic and challenging environment.

Design and Innovation

Security AI is more than an Algorithm (Infosecurity Magazine) All analytics will be more effective when provided with rich, high-fidelity sources of data.

Research and Development

Was It Ethical for Dropbox to Share Customer Data with Scientists? (WIRED) The data was anonymized, but academics are still concerned about the ethics of the analysis.

Legislation, Policy, and Regulation

Cyber deal with US signals more assertive counter-hacking operations (The Sydney Morning Herald) Australia's electronic spooks will work more closely with the United States on offensive cyber capabilities.

UK cracks down on foreign investment to protect national security (KXLY) Foreign takeovers of UK companies will be subject to additional scrutiny under a government proposal that makes it easier to block deals on national security grounds.

Taiwan’s Emerging Push for “Cyber Autonomy” (Jamestown) On May 11, Taiwan’s Legislative Yuan passed the Cybersecurity Management Law, Taiwan’s first national cybersecurity law (iThome, May 22). This law, which mandates cybersecurity requirements for Taiwan’s government agencies and operators of critical infrastructures, represents the latest initiative in the Tsai administration’s push for cyber security under the policy “Cyber Security is National Security.” As part of this push, the …

America’s Hackers Are at Risk (Real Clear Defense) America professes to love its men and women in uniform, but the penalty for its reflexive use of indictments and sanctions – America’s standoff weapons used to avoid politics – against foreign militaries may one day fall on them, far away from the Washington, D.C. grandees and activists who created those policies.

Homeland Security Committee Forwards Bill to Prevent the Next Kaspersky (Nextgov.com) The committee also forwarded legislation to codify Homeland Security’s CDM program.

Huawei: lessons from the United Kingdom (The Strategist) The UK government released the Huawei Cyber Security Evaluation Centre oversight board’s 2018 annual report on 19 July. HCSEC is a Huawei-owned facility that was created seven years ago to deal with the perceived risks ...

Senate eyes hitting Russia in slap to Trump (POLITICO) A bipartisan push to impose new sanctions is gaining ground after Donald Trump’s widely criticized press conference with Vladimir Putin.

Trump to chair National Security Council meeting on election security (POLITICO) National security adviser John Bolton is also hosting two Cabinet-level NSC principals committee meetings this week.

Cantwell, Graham Urge Strong Action in the Face of Mounting Cyber Attacks from Russia | U.S. Senator Maria Cantwell of Washington (Senator Maria Cantwell) Today, in a letter to President Trump, U.S. Senator Maria Cantwell (D-WA), Ranking Member of the Senate Energy and Natural Resources Committee, and Senator Lindsey Graham (R-SC), a member of the Senate Armed Services Subcommittee on Cybersecurity, called for greater action from the federal government to defend the U.S. energy grid from cyber attacks.

Congress puts electronic warfare in its crosshairs (C4ISRNET) Congress hopes to bolster the Defense Department's strategic posture in an area of increasing strategic importance.

Senator calls on US Government to start killing Adobe Flash now (The State of Security) Security-conscious IT administrators around the globe know that they shouldn't really have Adobe Flash in their organisation.

Analysis | The Cybersecurity 202: Agencies struggling with basic cybersecurity despite Trump's pledge to prioritize it (Washington Post) It hasn't been a good week for federal cybersecurity.

Former Trump official: No one 'minding the store' at White House on cyberthreats (Yahoo News - Latest News & Headlines) “On cyber, there is no clear person and or clear driver, and there is no clear muscle memory,” said Tom Bossert, who served as White House homeland security adviser until last April, in an interview with the Yahoo News podcast Skullduggery.

Would a bill banning bots do more harm than good? (Naked Security) According to the bill as it stands now, it would be okay to use a bot as long as it discloses that it is a bot, otherwise it’s “unlawful”.

Trump considering pulling security clearances of critics (PBS NewsHour) President Donald Trump is considering revoking the security clearances of six former top officials who have been critical of his administration, a move that opponents and experts say would be an unprecedented politicization of the clearance process.

The Case for Stripping Former Officials of their Security Clearances (Consortiumnews) Former CIA agent John Kiriakou argues that no former intelligence official should be allowed to keep their security clearances when they leave government, especially if they work in the media. By John Kiriakou Special to Consortium News Libertarian senator Rand Paul, a Kentucky Repub

For Spies Emerging From the Shadows, a War With Trump Carries Risks (New York Times) Intelligence agencies guard their nonpartisan reputation carefully, but President Trump’s proxy war with former officials risks dragging the agencies into the political fray.

Clapperton Assigned to U.S. Cyber Command (SIGNAL) Capt. Craig A. Clapperton, USN, has been selected for promotion to rear admiral amd will be assigned as deputy director, future operations, J-3F, U.S. Cyber Command, Fort Meade, Maryland.

Litigation, Investigation, and Law Enforcement

NSA watchdog finds 'many issues of non-compliance' in agency's data handling (TheHill) The National Security Agency's (NSA) inspector general issued a rare report Wednesday condemning the administration for insufficiently protecting data gathered from U.S. citizens.

NSA criticized for 'increased risk’ of jeopardizing civil liberties (Fifth Domain) The criticism comes after a fight over unauthorized searches of digital and electronic records by the National Security Agency.

How Washington Can Prevent Midterm Election Interference (Foreign Affairs) Social media companies will be best able to play a productive role in preventing midterm election interference when informed by the government’s latest, best understanding of what that interference could look like.

Senate Panel Invites Three Tech Firms to Another Hearing on Russian Influence (Wall Street Journal) Facebook, Google and Twitter are summoned to follow-up discussion in probe of foreign activity during 2016 presidential election

Before her arrest as an alleged Russian agent, Maria Butina’s proud defense of her homeland drew notice at American University (Washington Post) To some who knew her as a graduate student, Butina’s indictment on federal charges validated their own unsettling suspicions.

Bigamists have no right to privacy on Facebook (Naked Security) Out of sight, out of mind? Not on Facebook, where 8,000 miles between Illinois and Thailand is wiped out by a “here’s us with the kids!” pic.

Assassination Markets for Jeff Bezos, Betty White, and Donald Trump Are On the Blockchain (Motherboard) Assassination markets are old as the concept of cypherpunk itself. Now blockchain-based betting platform Augur has become a home for them.

British man unwittingly gave Russian nerve agent to his girlfriend as a gift (Ars Technica) Authorities investigating likelihood of multiple, hidden stashes of the deadly poison.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Global Cyber Security Summit (Kathmandu, Nepal, July 27 - 28, 2018) Information Security Response Team Nepal (NPCERT) is all set to host a Global Cyber Security Summit (GCSS) on July 27 with the theme “Building Global Alliance for Cyber Resilience”. The two-day event aims...

SINET61 2018 (Melbourne, Victoria, Australia, July 31 - August 1, 2018) Promoting cybersecurity on a global scale. SINET – Melbourne provides a venue where international solution providers can engage with leaders of government, business and the investment community to advance...

Community College Cyber Summit (3CS) (Gresham, Oregon, USA, August 2 - 4, 2018) 3CS is the only national academic conference focused on cybersecurity education at community colleges. Who should attend 3CS? College faculty and administrators, IT faculty who are involved or who would...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

2nd Billington Automotive Cybersecurity Summit (Detroit, Michigan, USA, August 3, 2018) The 2nd summit on August 3 in Detroit, MI will be the top leadership summit on auto cybersecurity convening a who’s who of speakers in the automotive cybersecurity ecosystem. The inaugural summit included,...

Black Hat USA 2018 (Las Vegas, Nevada, USA, August 4 - 9, 2018) Now in its 21st year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2018 opens with four days...

Audit Your Digital Risk (Washington, DC, USA, August 7 - 8, 2018) Recent reports indicate that manufacturing is the most heavily targeted industry for cyber attacks in the past year. According to a study released by NTT Security, 34% of all documented cyber attacks in...

DefCon 26 (Las Vegas, Nevada, USA, August 9 - 12, 2018) DEF CON has been a part of the hacker community for over two decades. $280.00 USD, cash for all four days. Everyone pays the same: The government, the media, the ‘well known hackers’, the unknown script...

CyberTexas 2018 (San Antonio, Texas, USA, August 14 - 15, 2018) The 2018 CyberTexas Conference will bring members of the CyberUSA community together with industry and government members of Texas to create long-term values for the cybersecurity ecosystem in San Antonio...

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

The Air Force Information Technology & Cyberpower Conference (Montgomery, Alabama, USA, August 27 - 29, 2018) As the premiere Air Force cyber security annual event, the Air Force Information Technology & Cyberpower Conference (AFITC) returns to Montgomery, Alabama in August of 2018. As a critical intersection...

The Cyber Security Summit: Chicago (Chicago, Illinois, USA, August 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...

Cyber Resilience & Infosec Conference (Abu Dhabi, UAE, September 5 - 6, 2018) Interact with the top-notch cyber security specialists, learn new strategies and protect your company's future efficiently

Incident Response 18 (Arlington, Virginia, USA, September 5 - 6, 2018) If you work for a vendor or product company, please understand this is not a sales event. IR18 is a community-driven event that aims to disrupt the traditional approach and is more focused on community,...

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) An opportunity to hear, meet, and interact with cybersecurity leaders from Government and industry.

9th Annual Billington CyberSecurity Summit (Washington, DC, USA, September 6, 2018) The mission of Billington CyberSecurity is to bring together thought leaders from all sectors to examine the state of cybersecurity and highlight ways to enhance best practices and strengthen cyber defenses...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

CornCon IV: Quad Cities Cybersecurity Conference & Kids' Hacker Camp (Davenport, Iowa, USA, September 7 - 8, 2018) CornCon is a 2-day conference held in Davenport, Iowa including a professional development workshop on Friday and a full-day cybersecurity conference on Saturday. The workshop covers enterprise risk, privacy...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.