skip navigation

More signal. Less noise.

Do security ratings protect you from a data breach? You need LookingGlass 24x7 monitoring.

There’s a lot of talk about “continuous monitoring” in the marketplace. At LookingGlass, we are clear that it is NOT a database or look-up service. Our Third Party Risk Monitoring solution is the only managed service in the marketplace that offers 7x24x365 monitoring for real-time notifications of compromises and data breaches, all human-vetted to reduce false positives. Want to know more? Contact LookingGlass now for an exclusive offer.

Daily briefing.

Avanan reports finding "baseStriker," a phishing technique that crafts HTML in emails so that malicious links, even those on a blacklist, pass through the Safe Links feature of Microsoft Office 365's Advanced Threat Protection.

The AP says it has evidence showing that 2015 threats communicated via Facebook to spouses of US military personnel were not in fact from ISIS, and that those particular operations, like the TV5 Monde hack that same year, were the work of Fancy Bear (Russia's GRU). The GRU was flying the false flag of the Cyber Caliphate.

Bitdefender describes the "Hide-and-Seek" botnet, an IoT botnet that survives device reboots.

Palo Alto Networks finds a significant increase in the rate of cyberattacks by the Nigerian gang Palo Alto tracks as "SilverTerrier." They made on average 17,600 attempts each month during 2017, up from 2016's average of 12,200.

Microsoft patched some sixty-seven issues with its products yesterday. One of the vulnerabilities addressed merits particular attention: CVE-2018-8174, which affects the way the Windows' scripting engine handles certain classes of objects, is already being exploited in the wild. Adobe also patched, addressing issues in Flash Player and the Adobe Creative Suite. vpnMentor is offering an "unofficial" fix for vulnerable Dasan GPON routers.

Georgia Governor Nathan Deal has vetoed that state's ill-received State Bill 315 ("catastrophically stupid," in BoingBoing's headline assessment), which would have criminalized many common and legitimate security research practices. It also would have authorized certain forms of hacking back under the rubric of "active defense" (also poorly received).

Notes.

Today's issue includes events affecting Bahamas, Barbados, Bermuda, British Virgin Islands, Cayman Islands, European Union, France, Iran, Nigeria, Russia, Trinidad and Tobago, United Kingdom, United States.

$8.76 Million: The Average Yearly Cost of Insider Threats. Join ObserveIT 5/15 to learn more.

Insider Threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by joining an exclusive LIVE online discussion with The Ponemon Institute founder, Larry Ponemon, on May 15th at 11:00am EDT. Claim your seat, now.

In today's podcast, we talk with our parters at the Johns Hopkins University, as Joe Carrigan talks about the security implications of a pilot program the state of Delaware has for mobile drivers licenses. Our guest is Phillip Dunkelberger from Nok Nok Labs, who reviews a range of the usability and security issues authentication raises.

There's also a special edition podcast up: we discuss sector trends with cybersecurity industry leaders.

And be sure to check out the current Recorded Future podcast, produced in partnership with the CyberWire. It's a big-picture discussion between Recorded Future CEO Christopher Ahlberg and former GCHQ leader Andy France. They talk about the big cybersecurity problems and how to think about them.

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Cyber Attacks, Threats, and Vulnerabilities

Russian hackers posed as IS to threaten military wives (AP News) Army wife Angela Ricketts was soaking in a bubble bath in her Colorado home, leafing through a memoir, when a message appeared on her iPhone: “Dear Angela!” it said. “Bloody Valentine’s Day!”

Researchers detect rise in attacks from Nigerian cyber criminals (TheHill) Security researchers have detected a rise in attacks from Nigerian cyber criminals who they say pose a “formidable” threat to businesses across the globe.

Critical Windows bug fixed today is actively being exploited to hack users (Ars Technica) Latest Patch Tuesday included 68 fixes, 21 of them rated "critical."

The King is dead. Long live the King! (Securelist) In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons.

Cryptojacking malware was secretly mining Monero on many government and university websites (TechCrunch) A new report published by security researched Troy Mursch details how the cryptocurrency mining code known as Coinhive is creeping onto unsuspecting sites around the web. Mursch recently detected the Coinhive code running on nearly 400 websites, including ones belonging to the San Diego Zoo, Lenovo…

Cryptomining with JavaScript in an Excel spreadsheet (Graham Cluley) It didn’t take long at all for a security researcher to demonstrate how easy it was to turn an Excel spreadsheet into a cryptomining machine.

Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax (Fortune) It's like driving with a defective airbag.

Telegram Rivaling Tor as Home to Criminal 'Forums' (SecurityWeek) Telegram allows any threat actor to enjoy private and end-to-end encrypted chats instead of the exposed threads that are seen in online forums.

Phishers Use New Method to Bypass Office 365 Safe Links (SecurityWeek) Researchers discover that cybercriminals have been using a new method to bypass the Safe Links security feature in Office 365. Microsoft is investigating

baseStriker: Office 365 Security Fails To Secure 100 Million Email Users (Avanan) The baseStriker vulnerability makes it possible to bypass Microsoft's Office 365 URL filters.

"Hide and Seek" Becomes First IoT Botnet Capable of Surviving Device Reboots (BleepingComputer) Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise.

Nice Phishing Sample Delivering Trickbot (SANS Internet Storm Center) Users have to deal with phishing for a very long time. Today, most of them remain dumb messages quickly redacted with a simple attached file and a message like “Click on me, it’s urgent!”

Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users (TrendLabs Security Intelligence Blog) We discovered a malware family called Maikspy — a multi-platform spyware that can steal users’ private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.

New Exploit Hacks LinkedIn 2-factor Auth. See This Kevin Mitnick VIDEO (KnowBe4) A white hat hacker developed an exploit how to break LinkedIn 2-factor authentication. Here's a video that shows how this social engineering trick works.

Uber car software detected woman before fatal crash but failed to stop (Naked Security) Uber has reportedly discovered that the fatal crash was likely caused by a software bug in its self-driving car technology.

Copenhagen city's bicycle sharing system hacked; 1,800 bikes affected (HackRead) Bycyklen bike sharing company has been hacked after falling for a damaging cyber attack. over the weekend by unknown hackers with in-depth knowledge of how the system worked.

DDoS Attacks Ebb and Flow After Webstresser Takedown (Infosecurity Magazine) Conflicting reports find the number of DDoS attacks went both up and down.

Why DDoS Just Won't Die (Dark Reading) Distributed denial-of-service attacks are getting bigger, badder, and 'blended.' What you can (and can't) do about that.

Security Patches, Mitigations, and Software Updates

Microsoft Patch Tuesday, May 2018 Edition (KrebsOnSecurity) Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited.

Adobe Patches Critical Bugs In Flash Player, Creative Cloud (Threatpost) Adobe fixed critical vulnerabilities in Adobe Flash Player and Creative Cloud as part of its regularly scheduled May Security Bulletin, on Tuesday.

Critical Code Execution Flaw Patched in Flash Player (SecurityWeek) Adobe patches critical code execution vulnerability in Flash Player, but the company does not expect to see exploits

Unofficial Patch Released for Zero-Days Affecting Dasan Routers (SecurityWeek) An unofficial patch has been released for the zero-day vulnerabilities affecting one million Dasan routers

Apple: All app updates must support the iPhone X and iOS 11 come July (Ars Technica) Apple already required this of new apps; now it's needed to update old ones.

Critical bug in 7-Zip – make sure you’re up to date! (Naked Security) Uninitialised variables and no Address Space Layout Randomisation led to an exploitable vulnerability…

Harmony Hub had a vulnerability, but it's been patched in version 4.15.96 (Android Police) Over the past few days, we've covered an issue with the Harmony Hub not being able to control Sonos speakers' volume properly, which was followed by a fix...

Cyber Trends

FBI: Cybercrime Losses Drop as Ransomware Reporting Falls Sharply (Infosecurity Magazine) FBI: Cybercrime Losses Drop as Ransomware Reporting Falls Sharply. Latest annual report puts total losses at $1.4bn

The ABCs Driving the Growth of Industrial Cybersecurity (SecurityWeek) With broader awareness driving reprioritization of Budgets, and Budgets driving greater Collaboration to attack the problem of OT cyber risk, there is more action occurring in OT cybersecurity than ever before.

8.7 Billion Raw Identity Records on Surface, Deep and Dark Web in 2017 According to 4iQ 2018 Identity Breach Report (PR Newswire) 4iQ, a leader in Identity Threat Intelligence, today released the 4iQ...

Introducing:4iQ Identity Breach Report 2018 - 4iQ (4iQ) This identity breach report is based on an analysis of breached and leaked data found in the surface, social, and Deep and Dark Web in 2017. The 4iQ team found over 2,940 verified breach corpuses and over 3 Billion curated records containing personal identity information (PII), an increase of 64% over 2016.

Breach activity declines, number of compromised records remains high (Help Net Security) Risk Based Security has released the results of their Q1 2018 Data Breach QuickView Report, showing the number of breaches disclosed in the first three months of the year fell to 686 compared to 1,444 breaches reported in Q1 2017.

iOS users are 18x more likely to be phished than to download malware (Help Net Security) Phishing is the number one mobile threat affecting organizations. The Wandera's Phishing Report 2018 shows that iOS users are 18x more likely to be phished than to download malware, and that 4000 new mobile phishing websites are launched every day.

Mobile phishing attacks are moving to messaging and social media apps (Wandera) Our latest Mobile Phishing Report delves deeper into the current mobile threat landscape, examining the sophisticated mobile phishing attacks targeting businesses across the globe, to determine how they are being distributed.

APT Attacks on Mobile Rapidly Emerging (Dark Reading) Mobile devices are becoming a 'primary' enterprise target for attackers.

Appsec Investments Driven by Losses, not Prevention, According to New Arxan Global Application Security Survey (Arxan) Half of all companies do not have adequate visibility into application security even as threat severity expected to rise

Half of all companies do not have adequate application security visibility (Help Net Security) The Ponemon Institute surveyed nearly 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific to understand the risk unprotected applications pose to businesses when running in unsecured environments and how they are addressing this risk.

Microsoft's CEO: 'Ask not what computers can do, but what they should do' (CRN) Satya Nadella outlines the ethical issues facing the industry as technology like AI is used more

Companies Begin To Protect Their Key Assets (Kilpatrick Townsend & Ponemon Institute) Responding to the ever-increasing targeted attacks on organizations’ most vital confidential information – their “knowledge assets” – we partnered with the Ponemon Institute to publish The Second Annual Study on the Cybersecurity Risk to Knowledge Assets. The new study finds dramatic increases in threats and awareness of threats to knowledge assets and remarkable strides by high-performing firms.

Consumer Attitudes About Biometric Authentication (University of Texas at Austin Center for Identity) Less than a decade ago, consumers largely viewed biometric applications as clandestine extensions of government and law enforcement.

Current Biometric Adoption and Trends (University of Texas at Austin Center for Identity) In today’s technology-driven marketplace, staying aware of the latest trends in identity authentication is essential. Customers can be courted with convenient and trusted identity verification procedures or driven away by burdensome and unreliable systems.

Verizon report raises big data security concerns for credit unions (Credit Union Journal) Among the findings, credit unions may not be doing enough to protect against malware, which involved in nearly 40 percent of hacking incidents, as well as Trojan botnets and denial of service attacks.

Small Firms Up to 20 Times More Likely to be Breached (Infosecurity Magazine) Small Firms Up to 20 Times More Likely to be Breached. Terbium Labs findings come from analysis of breached dark web data

Marketplace

For contractors late on Kaspersky cleanup, DHS considers consequences (FCW) Homeland Security Secretary Kirstjen Nielsen floated the possibility of punishment for noncompliant contractors in the wake of the federal ban on Kaspersky software.

Protego Secures $2 Million in Seed Funding for Serverless Security Platform (PRWeb) Financing led by Gula Tech Adventures and Glilot Capital Partners

SafeBreach Announces $15 Million Series B Led By Draper Nexus; Expands Leadership in Breach and Attack Simulation (GlobeNewswire News Room) Increased Year-over-Year Bookings of 470%, Expanded Traction in Fortune 100 Validates Pioneering Innovation; Major New Capabilities, Millions of New Attack Simulations Enhance Industry’s Most Comprehensive Platform

Cyber-attack risk could create local jobs (BBC News) More NI specialists could be needed to tackle increasing risks on the internet, experts say.

Coalfire Named a 'Top Workplace' in Colorado by The Denver Post (PR Newswire) Coalfire, a trusted provider of cybersecurity advisory services,...

Claroty Adds Public Sector Cybersecurity Veteran as Head of Threat Research (Claroty) Former CTO of New Jersey and Senior Operations Planner at U.S. Cyber Command to Drive Intelligence Analysis on ICS Threats and Attacks

Facebook undergoes a huge executive reshuffle (TechCrunch) Facebook is undergoing one of the biggest executive reshuffles in its history, the company announced internally today, Recode reports. Mark Zuckerberg is still the king of the castle, but everything below him is taking a different shape as WhatsApp, Messenger and Facebook’s core app get new…

Facebook united (TechCrunch) Facebook was a mess. The independence it dangled to close acquisition deals with Instagram and WhatsApp turned the company into a tangle of overlapping products. Every app had its own messaging and Stories options. Economies of scale were squandered. Top innovators led mature products already burst…

Roger Grimes Joins KnowBe4 as Data-Driven Defense Evangelist (PRWeb) KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has appointed well-known cyberse

MeasuredRisk Appoints Former Symantec Executive, WholeSecurity Founder and CTO Tony Alagna as Chief Technology Officer to Join the World's Leading AI Powered Risk Inference Pioneer (PR Newswire) MeasuredRisk, Inc., the pioneer of AI powered Risk Inference, has...

Products, Services, and Solutions

Are you buying solid protection or snake oil? (SE Labs) Security testing lab specialising in anti-malware and targeted attack testing of endpoints, appliances and cloud services.

Blue Cedar Rolls out Dynamic Security Policy Capability (BusinessWire) With new dynamic policy capabilities, IT teams can now easily push fine-grained security controls to mobile apps protected by Blue Cedar.

Millions of Routers are about to Get a Lot More Secure (Global Security Mag Online) There are now more Internet of Things (IoT) devices than there are people on earth. But many, if not most, lack basic security and privacy protection capabilities. F-Secure is leading the charge to secure billions of internet-connected devices by offering its breakthrough F-Secure SENSE product directly to router makers and operators as software in its Connected Home Security solution.

Dataguise Now Certified on MapR Converged Data Platform 6.0 (GlobeNewswire News Room) MapR and Dataguise Integration Delivers End to-End Sensitive Data Security, Compliance, and Governance to Help Address Data Privacy Requirements

Deloitte obtains information security management certification (Cayman Compass) After an external audit by BSI Group (The British Standards Institution) the Deloitte offices in the Cayman Islands, Bahamas, Barbados, Bermuda, British [...]

Bugcrowd Expands its Vulnerability Disclosure Program with Email Intake (GlobeNewswire News Room) With three disclosure channels, Bugcrowd’s VDP Solution empowers organizations to choose their VDP approach

Technologies, Techniques, and Standards

The GDPR Opportunity (SecurityWeek) GDPR is an opportunity to put in place measures that strengthen the overall security and compliance posture of organizations, using GDPR's requirements as the pivot point.

Properly Framing the Cost of a Data Breach (Dark Reading) The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.

Most RSAC Attendees Favor Shorter Vulnerability Disclosure Policies (The State of Security) Tripwire surveyed 147 attendees at the RSA Conference in San Francisco in light of continued debate around responsible disclosure and increased attention around security research techniques.

A Cybersecurity Action List for Law Firms (High Performance Counsel) Expert Contributor on Cybersecurity, Chuck Brooks, addresses the risk to law firms. Here he provides a list of basic questions that can set the foundation of how firms can access vulnerabilities in data protection and take steps to protect themselves.

Design and Innovation

The Price of Google's New Conveniences? Your Data (WIRED) Google introduces new features to make life easier, and to help the company collect more data on users.

Google Is Proposing Pretty Solutions for the Monsters It Helped Create (Motherboard) Google's 'Digital Wellbeing' app and Google News updates are peak Silicon Valley: Too addicted to your apps? Here’s an app to help you.

Google details new Android P features, including iPhone X-like gesture controls (Ars Technica) Public beta for Android P is out today, and it's open to non-Pixel phones.

How Google's Eerie Robot Phone Calls Hint at AI's Future (WIRED) Google's new "Duplex" technology presents a significant tipping point for machine intelligence–powered virtual assistants.

Google goes all-in on artificial intelligence, renames research division Google AI (TechCrunch) With Google’s I/O developer conference kicking off later today, Google is setting the scene for what it expects to be one of the big themes of the event: artificial intelligence. Today, the company rebranded the whole of its Google Research division as Google AI, with the old Google Research …

What's the Deal With Facebook and the Blockchain? (WIRED) Facebook is working on a management reorganization that would create a new unit around blockchain technology, led by three high-profile executives.

Microsoft's Commandment: Thou Shalt Not Worship (Password) Idols (Infosecurity Magazine) Active Directory centralizes authentication and authorization for domain resources, but also creates a critical single point of failure.

Research and Development

Could this be the end of password re-use? (Naked Security) It’s password security’s Achilles heel: too many people make life easy for cybercriminals by re-using the same ones over and over. But what if there were a way for websites to compare notes on whet…

Legislation, Policy, and Regulation

Trump's Iran sanctions are a bitter blow for Europe (Quartz) The US exit from the Iran nuclear deal could cost Europe's biggest companies billions.

US can't be 'economic policeman of the planet', France says (The Local) French government ministers reacted with anger and defiance on Wednesday to US president's Donald Trump's decision to pull his country out of the nuclear deal with Iran.

CIA Nominee Gina Haspel Will Face Tough Questions on Torture (Time) And her role in the destruction of tapes which documented it.

Georgia's governor has vetoed SB 315, the state's catastrophically stupid cybersecurity law (Boing Boing) When Georgia's legislature passed SB 315, a horribly misguided cybersecurity bill that criminalized routine security research, thus allowing bad guys to get much worse, everyone pinned their hopes on Governor Nathan Deal vetoing it.

Georgia governor vetoes controversial hacking legislation (TheHill) Georgia Gov. Nathan Deal (R) on Tuesday vetoed controversial cybersecurity legislation that critics argued would clear the way for private businesses in the state to hack into other networks in the name of protecting their own.

Georgia governor vetoes bill that would criminalize good-faith security research, permit vigilante action (CSO Online) Veto comes in response to overwhelming criticism from industry. Georgia cybersecurity folks had been outraged about SB 315, and warned that it could cost the state jobs.

Google Bans Bail Bond Ads, Invites Regulation (Marginal REVOLUTION) Google: Today, we’re announcing a new policy to prohibit ads that promote bail bond services from our platforms. Studies show that for-profit bail bond providers make most of their revenue from communities of color and low income neighborhoods when they are at their most vulnerable, including through opaque financing offers that can keep people in …

Your Favorite Websites Are Rallying in a Last-Ditch Effort to Save Net Neutrality (WIRED) On Wednesday, sites including Etsy and Reddit will urge users to support a vote to preserve net neutrality rules.

Net Neutrality: Here's Everything You Need To Know (WIRED) Everything you need to know about the struggle to treat information on the internet the same—ISPs shouldn't be able to block some sorts of data and prioritize others.

Litigation, Investigation, and Law Enforcement

Extent of Election Hacking Still Unclear, Says Senate Panel (Bloomberg.com) The key Senate committee investigating Russian interference in the 2016 election said it still doesn’t have a firm grasp on the extent of the hacking, even with the November congressional midterms less than six months away.

Romanian Who Attacked Warcraft Gets Year in Prison (SecurityWeek) A Romanian man who launched a cyber attack on the servers of World of Warcraft over a squabble with other players was sentenced to one year in prison.

Lawsuit: Wells Fargo put family in victim protection at risk (Maryland Daily Record) A southern Minnesota family in a victim protection program is suing Wells Fargo and one of its mortgage bankers, alleging the bank sent mail to what was supposed to be a secret location.

Cokeinoes! Cocaine delivered faster than pizza (Global Drug Survey) Global Drug Survey runs the biggest drug survey in the world

Ex-Autonomy CFO Sushovan Hussain ordered to wear GPS ankle tag and hand over passport (Computing) Hussain's bail conditions ban him from leaving the US, while he awaits sentencing

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for...

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will...

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018...

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations...

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign...

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience...

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services,...

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning...

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual...

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply...

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.