skip navigation

More signal. Less noise.

Do security ratings protect you from a data breach? You need LookingGlass 24x7 monitoring.

There’s a lot of talk about “continuous monitoring” in the marketplace. At LookingGlass, we are clear that it is NOT a database or look-up service. Our Third Party Risk Monitoring solution is the only managed service in the marketplace that offers 7x24x365 monitoring for real-time notifications of compromises and data breaches, all human-vetted to reduce false positives. Want to know more? Contact LookingGlass now for an exclusive offer.

Daily briefing.

Dragos this morning released a report on ALLANITE, a threat actor the company says has been actively prospecting US and UK electrical utilities. They've observed "watering-hole and phishing leading to ICS recon and screenshot collection." ALLANITE resembles the Russian Palmetto Fusion group the US Department of Homeland Security described last year. Its target set is similar to Dragonfly's, but Dragos assesses ALLANITE's technical capabilities as being significantly different from those exhibited by Dragonfly.

As the US announced its intention to withdraw from the Iranian nuclear deal, concerns have risen over the prospects of renewed Iranian cyber offensives. Observers think it likely that a cyberattack attributable to Iran would draw a strong US reprisal. Recorded Future offers a lengthy assessment of Iran's cyber establishment. One interesting note: Tehran depends upon competing contractors for most of its offensive capabilities. Studies of wiper malware issued this week by Cisco's Talos group are worth reviewing as US-Iranian tensions rise.

Aqua describes an image-pull vulnerability in Windows. They're calling it "Jack-in-the-Box."

Cyber criminals continue to make good (bad) use of EternalBlue.

Signal's disappearing messages apparently don't disappear, at least not by default. Self-deleted messages persist for some indefinite period in macOS's Notification history.

Chinese device maker ZTE may be down for the count. US sanctions that prevent it from buying from US suppliers have induced it to cease major operations. Deprivation of Android software and Qualcomm chips appears to have been the final blow.

Gina Haspel's confirmation as US Director of Central Intelligence remains contentious.

Notes.

Today's issue includes events affecting Brazil, China, Iran, Republic of Korea, Russia, United Kingdom, United States.

$8.76 Million: The Average Yearly Cost of Insider Threats. Join ObserveIT 5/15 to learn more.

Insider Threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by joining an exclusive LIVE online discussion with The Ponemon Institute founder, Larry Ponemon, on May 15th at 11:00am EDT. Claim your seat, now.

In today's podcast we speak with our partners at Dragos, as CEO Robert M. Lee talks about cybersecurity's sliding scale. Our guest is Jonathan Matkowsky from RiskIQ, who discusses concerns over ICANN's pending interim policy changes on the WHOIS database in response to GDPR.

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Cyber Attacks, Threats, and Vulnerabilities

Dragos Critical Infrastructure Adversary Group Profile Series – ALLANITE (Dragos) ALLANITE accesses business and industrial control (ICS) networks, conducts reconnaissance, and gathers intelligence in United States and United Kingdom electric utility sectors. Dragos assesses with moderate confidence that ALLANITE operators continue to maintain ICS network access to: (1) understand the operational environment necessary to develop disruptive capabilities, (2) have ready access from which to disrupt electric utilities.

The Iran Nuclear Deal's Unraveling Raises Fears of Cyberattacks (WIRED) For the last three years, Iran has restrained its state-sponsored hackers from disruptive attacks on the West. That ceasefire may now be over.

Iran: Keep Your Finger Off the Cyber Button (Council on Foreign Relations) Tehran could respond to the U.S. withdrawal from the Iran nuclear deal with cyber operations against U.S. companies. If it does, that might give the hawks in the White House the excuse they need to trigger a military confrontation with Iran. 

Iran’s Hacker Hierarchy Exposed (Recorded Future) We assess, based on Iran’s previous reactions to economic pressure, that with President Trump’s exit from the JCPOA, Iran is likely to launch cyberattacks on Western businesses within months, if not faster.

Secrets of the Wiper: Inside the World's Most Destructive Malware (Threatpost) The actors behind this kind of code, whether they’re bent on sending a political message or simply wanting to cover their tracks after data exfiltration, have adopted various techniques to carry out those activities.

Wipers - Destruction as a means to an end (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115) (Aqua) The essence of this Windows vulnerability is that in the “image pull” process, files from a malicious image can be extracted into any directory on the host file system.

'EternalBlue' still popular exploit among cybercriminals: Seqrite (The Quint) 'EternalBlue' still popular exploit among cybercriminals: Seqrite

Signal’s “disappearing messages” live on in macOS notifications (Ars Technica) Default notification setting lets messages persist in a database long after they "self-delete."

Backdoored Python Library Caught Stealing SSH Credentials (BleepingComputer) Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package.

Misinterpretation of Intel Docs Leads to Flaw in Hypervisors, OSs (SecurityWeek) The developers of several major operating systems and hypervisors misinterpreted Intel documentation and introduced a potentially serious vulnerability in their products

Think You’ve Got Your Credit Freezes Covered? Think Again. (KrebsOnSecurity) I spent a few days last week speaking at and attending a conference on responding to identity theft.

Malware posed as Mia Khalifa porn game to spy on smartphones (Newsweek) The malware, dubbed “Maikspy” by researchers from Trend Micro, is known to target both Android and Windows devices.

School paid ransom after cyber-attack (BBC News) Students' coursework was affected by the attack which the school reported to police, the BBC learns.

Security Patches, Mitigations, and Software Updates

Google Releases Additional Meltdown Mitigations for Android (SecurityWeek) Google released additional mitigations for the Meltdown attack that impacts microprocessors from Intel, AMD, and other vendors.

Intel won't patch fresh Spectre-like chip vulnerabilities for another fortnight (CRN Australia) Patches for all operating systems may not be ready until later this year.

Lenovo Patches Secure Boot Vulnerability in Servers (SecurityWeek) Lenovo has released patches for a High severity vulnerability (CVE-2017-3775) impacting the Secure Boot function on some System x servers.

SAP Patches Internet Graphics Server Flaws (SecurityWeek) SAP's May 2018 security patches address more than a dozen vulnerabilities across its product portfolio, including four bugs in Internet Graphics Server.

Siemens Patches DoS Flaws in Medium Voltage Converters (SecurityWeek) Siemens patches remotely exploitable DoS vulnerabilities affecting several of its SINAMICS medium voltage converters

Apple's iOS 11.4 update with 'USB Restricted Mode' may defeat tools like GrayKey (AppleInsider) The iOS 11.4 beta contains a new feature called USB Restricted Mode, designed to defeat physical data access by third parties -- possibly with forensic firms like Grayshift and Cellebrite in mind.

Cyber Trends

The Call for Surge in AI Can Not Ignore Security, Risk (Infosecurity Magazine) As with all technology, AI can't have security exceptions.

The state of cyber security in 2018: Why legacy defences won’t keep pace with new ransomware and cryptojacking threats (CSO) The threat posed by cybercrime to businesses, governments and consumers alike has never been more apparent. The WannaCry ransomware attack which happened about a year ago was just the first of an avalanche of wide scale and complex cyber-attacks, including NotPetya, Locky and CrySis.

Losses, Not Breaches, Drive AppSec Investment (Infosecurity Magazine) A new report looks at the impact that apps running in unsecured environments pose to businesses.

RSA Survey: Why Is Encryption Usage on the Rise? (Venafi) Venafi conducted a survey at RSAC 2018, which that personal use of encryption is rising.

Marketplace

China's ZTE says main operations have ceased after US ban (CNNMoney) ZTE corporation as halted 'major operating activities' after the US banned the company from purchasing technology from American companies.

Telstra halts sales of ZTE phones after US ban hits manufacturer (CRN Australia) After US ban shuts down phone and broadband device manufacturer.

Kaspersky Lab software fully removed from federal systems while contractors pursue purge (The Washington Times) The federal government has purged its computers of Kaspersky Lab products, a Democratic senator revealed Tuesday, but contractors and other third-party providers are still ridding their systems of the Russian company’s software and services, the head of the Department of Homeland Security added.

New cyber security institute to serve Canadian application innovators (Computer Dealer News) One of the problems small and medium-sized Canadian software companies face is that the federal government doesn’t buy enough of their solutions.

Cyber Insurance Startup At-Bay Secures $13 Million in Funding (Insurance Journal) California-based At-Bay, a digital cyber risk monitoring and insurance firm, reports it raised $13 million in Series A funding, bringing the start-up's total funding to $19 million. At-Bay is developing what it calls a "proactive cyber security monitoring service" and related insurance products. Its insurance

Deloitte to boost cyber security by £428m (Economica) Deloitte will spend $580m (£428m) on improving its cyber security capability and aims to hire 500 new staff to help its defence against cybercrime

Illumio Named One Of The Bay Area's Best Places To Work (PR Newswire) Illumio today announced it has been named by The Silicon Valley...

Prevoty Expands Executive Team to Meet Growing Demand for Its Autonomous Application Protection Solutions (GlobeNewswire News Room) Prevoty, the leader in autonomous application protection, announced today that Jack Marshall and Barbara De Lury have joined the company’s leadership team as vice president of customer success and vice president of engineering, respectively.

MeasuredRisk Appoints Former Symantec Executive, WholeSecurity Founder and CTO Tony Alagna as Chief Technology Officer to Join the World's Leading AI Powered Risk Inference Pioneer (PR Newswire) MeasuredRisk, Inc., the pioneer of AI powered Risk Inference, has...

LookingGlass Cyber Solutions CEO Chris Coleman Selected as EY Entrepreneur of the Year 2018 Award Finalist in Mid-Atlantic Region (BusinessWire) LookingGlass Cyber Solutions' CEO, Chris Coleman, was selected as a finalist for the EY Entrepreneur of the Year awards in the Mid-Atlantic region.

Products, Services, and Solutions

Millions of Routers are about to Get a Lot More Secure (Hexus) F-Secure SENSE, a Wi-Fi router-based connected home security solution, is now available as a software version.

Darktrace Antigena Autonomously Blocks Seven Threats Per Minute One Year On From WannaCry (Darktrace) AI Takes Two Seconds to Fight Off Fast-Moving Threats Including Ransomware

NorthState Technology Solutions Launches Next-Generation Unified Communications as a Service (PR Newswire) NorthState Technology Solutions, a secure cloud and IT solutions...

Rambus Makes Real-time Payments Safer with Payment Account Tokenization (Rambus) Secures account-to-account transactions by removing sensitive information from the transaction process.

Google Brings Android to Internet of Things (SecurityWeek) Google's Android Things platform provides IoT device manufacturers with certified hardware, developer APIs, and secure managed software updates via Google’s infrastructure.

QuintessenceLabs qCrypt Achieves VMware Ready™ Status (GlobeNewswire News Room) QuintessenceLabs, a leader in quantum-based cybersecurity technology, today announced that its qCrypt key and policy management platform has achieved VMware Ready™ status.

Emsisoft Receives VB100 Certification (Security Boulevard) Fresh from our AV-C Malware Test Advanced+ Award, this April Emsisoft has just been named a recipient of the VB100 Certification...

Black Box Debuts New Secure KVM Switches (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Technologies, Techniques, and Standards

NSA Ciphers Simon and Speck Are Dead – But Not Entirely Buried (Computer Business Review) "There still needs to be an official ballot at the committee level, so the cancellation hasn’t yet been officially approved at this stage" says ISO

Ways to solve DNS security issues in your organization (SearchSecurity) DNS security issues are serious and need far more urgent attention than they've received. Read this guide to DNS security and learn the tools available for protecting this vital part of the internet.

IBM bans all removable storage, for all staff, everywhere (Register) Risk of ‘financial and reputational damage’ is too high, says CISO

Are You Securing Your Contract Workforce? (SecurityWeek) Implementation of visibility and data protection strategies can help you mitigate many of the risks brought by a contract, distributed, partner-oriented workforce and supply chain.

Bugcrowd's Mike Chung on D.C.'s growing love affair with bug bounty programs (Cyberscoop) Mike Chung, Bugcrowd's government solutions lead, talks with Greg Otto about the U.S. government's growing affection for public bug bounty programs.

CyberArk’s Kevin Corbett: Limit on Privileged Accounts Key to Shrinking Cyber Attack Surface (GovCon Wire) Kevin Corbett, director of federal sales at CyberArk (Nasdaq: CYBR), has said government agencies se

Key Steps for Optimizing POS Security (eSecurity Planet) It's not just about PCI DSS compliance – here are three important factors in a POS security solution, plus other ways to avoid credit card breaches.

Fighting File-Based Exploits Across the Expanding Attack Surface (IDG Executive Briefs) Organizations are struggling to deal with cyberthreats that continue to grow in number and sophistication

The evolution of security operations, automation and orchestration (CSO Online) Basic functionality of SOAR products is being supplemented with strong integration, canned runbooks, and case management.

Professionals 'Lack Time' or Ignore Critical Patch Application (Infosecurity Magazine) Around 40% of organizations ignore critical security issues when they don’t know how to fix them

Cyber Battle Fatigue Is Real – So What Should Organizations Do? (CyberDB) Cyber Battle Fatigue - never-ending process of defending networks and sensitive information from an onslaught of cyber attacks conducted by cyber criminals.

The impact of GDPR on threat intelligence analysts (IT Pro Portal) The upcoming regulation will place restrictions on the amount of data available to threat intelligence analysts.

Addressing the security skills shortage with technology (IT Pro Portal) When access to time and skills is limited, the ability to be able to focus team members on the high return areas of their role rather than on the basic or manual elements can make the difference between success and failure.

Inside the U.S.' new state-of-the-art cyberwarfare bunker (Cyberscoop) The Integrated Cyber Center is the latest step to equip U.S. "cyberwarriors" with the infrastructure needed to combat online threats.

Hacking for fun and profit: How one researcher is making IoT device makers take security seriously (Help Net Security) IoT hacking can be fun. Particularly interested in probing the security of technologies that have yet to be comprehensively investigated by security researchers, for the past few years Munro has been poking and probing consumer Internet of Things devices.

Why Special Operations Command wants new algorithms (C4ISRNET) Deb Woods — the U.S. Special Operations Command program executive officer for command, control, communications and computers — offers a lay of the land of the Special Forces information environment.

Bank of Canada says strengthening defences against cyber attack (Reuters) Some cyber attacks will inevitably succeed, but the Bank of Canada has recovery mechanisms in place to limit the damage and get the financial system up and running, the central bank said on Wednesday.

Design and Innovation

Inside a developer’s crusade for a clean internet (Korea JoongAng Daily) In Korea, a polarized political climate and highly wired society has given rise to a combative internet culture dominated by clickbait, heated arguments and nasty personal attacks. A recent scandal involving the ruling party and an alleged campaign t

Research and Development

Play a Video Game to Help Solve an 80-Year-Old Physics Debate About the Nature of Reality (Motherboard) The largest participatory experiment in quantum physics is helping physicists better understand the nature of reality by eliminating free will from the equation.

To stay ahead of Chinese AI, senators want new commission (Defense News) Two senators think it's time the U.S. has more guidance on growing its artificial intelligence industry.

White House to hold artificial intelligence meeting with companies (Reuters) The White House will convene a meeting on Thursday on the future of artificial intelligence in U.S. industry with major companies including Facebook Inc, Amazon.com Inc, Google parent Alphabet Inc and Oracle Corp as well as senior government officials.

Academia

AFA to Hold Over 260 CyberCamps Across the United States (GlobeNewswire News Room) The Air Force Association (AFA) announced today that its CyberPatriot program will be hosting AFA CyberCamps at over 260 locations across the United States this year. This marks an increase of more than 60 percent from the 160 camp locations in the 2017 summer session.

Legislation, Policy, and Regulation

EU NIS Directive to boost cyber security of essential infrastructure comes into force (Computing) Online marketplaces and search engines as well as energy, water and transport will be required to toughen up

House Panel Approves More Military Cyber Support for Critical infrastructure (Nextgov.com) The pilot program would allow the Pentagon to lend cyber troops to the Homeland Security Department.

Senate Intel offers election security guidelines (FCW) A new report on election security by the Senate Intel committee calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems.

Democratic Senators Are Officially Forcing a Net Neutrality Vote (Motherboard) On Wednesday, Senators officially filed their petition to force a vote on restoring net neutrality.

Bolton pushing to eliminate White House cyber job (POLITICO) The move could send the message "that the U.S. is taking the gas pedal off of cybersecurity," one former NSC official says.

Gina Haspel is exactly the type of leader the CIA needs today (TheHill) Gina Haspel’s nomination to become director of the CIA comes at an opportune time, given her understanding of the threat posed by Russia and its president, Vladimir Putin, and her years of work to defeat Islamic terrorism, swiftly leading operations that led to the capture and imprisonment of terrorists.

John McCain calls on Senate to reject CIA nominee Gina Haspel (Washington Examiner) Sen. John McCain, R-Ariz., called on the Senate to reject Gina Haspel's nomination to become CIA director Wednesday, charging that she was unable to address concerns with her role in the use of enhanced interrogation techniques during the Bush administration.

The Haspel Nomination and the Torture Question (Foreign Affairs) To confirm Gina Haspel as the CIA director of a president who has stated his support for the use of torture would end the Obama administration's delicate bargain on the issue.

Gina Haspel Continues To Earn Widespread Support (The White House) Gina Haspel continues to gather widespread support for her impeccable qualifications and dedication, making it clear that she is right choice to lead the C

Can An Insider Save CIA From Itself? (Just Security) Having moved up through the system, Haspel knows what needs to be changed to get the Agency running real operations again.

OPM’s Pon wants broad direct-hire authority for STEM, cybersecurity jobs (FedScoop) Office of Personnel Management Director Jeff Pon said Wednesday that part of his efforts to overhaul the civil service system will include broadening hiring authorities, starting with defense and intelligence-related agencies looking to procure more STEM talent.

Litigation, Investigation, and Law Enforcement

No Evidence Russian Hackers Changed Votes in 2016 Election: Senators (SecurityWeek) A report from the Senate Intelligence Committee says Russian hackers attempted to undermine confidence in the voting process in the 2016 election, but there is no evidence that they manipulated votes or modified voter registration data

House Democrats Release 3,500 Russia-Linked Facebook Ads (WIRED) In the most extensive look yet at the IRA troll factory's Facebook efforts, familiar themes emerge.

DOJ Targets ‘Duplicative Penalties’ Through Increased Coordination (Wall Street Journal) The U.S. Justice Department rolled out on Wednesday a policy to improve coordination among regulators so companies aren't excessively penalized in white-collar cases.

Deputy Attorney General Rod Rosenstein Delivers Remarks to the New York City Bar White Collar Crime Institute (US Department of Justice) Thank you, Marshall, for that gracious introduction, and for your service in the Department of Justice. I am also grateful to Michael Schachter for chairing this event, and to the staff of the New York City Bar for your courtesy. I think I last visited this office to speak at a tax seminar about 15 years ago.

Brazil prosecutors open investigation into Banco Inter data hack (Reuters) Brazilian prosecutors opened an investigation on Tuesday into a reported data leak at digital lender Banco Inter SA, according to documents seen by Reuters.

Paris Hilton's hacker sentenced to 57 months in prison (Graham Cluley) Celebrity heiress Paris Hilton says she no longer trusts the iCloud.

Grade hacking may cost high school its valedictorian (Naked Security) The grade tampering came to light while drawing up a list of top students. Now it’s unclear which students legitimately belong on that list.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

GovSummit (Washington, DC, USA, June 27 - 28, 2018) GovSummit -- the government security conference hosted annually by the Security Industry Association -- brings together government security leaders with private industry technologists for top-quality information...

2018 Community College Cyber Summit (3CS) (Gresham and Portland, Oregon, USA, August 2 - 4, 2018) 3CS is organized and produced by the National CyberWatch Center, National Resource Center for Systems Security and Information Assurance (CSSIA), CyberWatch West (CWW), and Broadening Advanced Technological...

Intelligence & National Security Summit (National Harbor, Maryland, USA, September 4 - 5, 2018) The Intelligence & National Security Summit is the premier forum for unclassified, public dialogue between the U.S. Government and its partners in the private and academic sectors. The 2018 Summit will...

Upcoming Events

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for...

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will...

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018...

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations...

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign...

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience...

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services,...

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning...

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual...

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply...

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.