skip navigation

More signal. Less noise.

Do security ratings protect you from a data breach? You need LookingGlass 24x7 monitoring.

There’s a lot of talk about “continuous monitoring” in the marketplace. At LookingGlass, we are clear that it is NOT a database or look-up service. Our Third Party Risk Monitoring solution is the only managed service in the marketplace that offers 7x24x365 monitoring for real-time notifications of compromises and data breaches, all human-vetted to reduce false positives. Want to know more? Contact LookingGlass now for an exclusive offer.

Daily briefing.

A cyber vigilante has hacked into the ZooPark surveillance group Kaspersky discovered operating in the Middle East. The vigilante has released a good tranche of what he (she?) discovered, along with disparaging remarks about the folly of reusing code.

Malicious Chrome extensions continue their cryptojacking success.

Flashpoint reports the source code for Treasure Hunter point-of-sale malware has leaked online. To bet on form, expect when malware source code leaks, a surge in criminal activity soon follows.

Malicious photo editor apps have been found in Google Play.

Researchers at Cisco's' Talos unit have found GrandCrab ransomware lurking in a variety of legitimate but compromised websites.

Kaspersky has found seventeen critical vulnerabilities in the widely used Open Platform Communications Unified Automation (OPC UA) protocol. OPC UA is widely used by developers working in the industrial Internet-of-things.

Release of Russian Facebook ads shows how the troll farms refined their messaging and used it opportunistically to damage the credibility of US institutions during the last Presidential election.

A former CIA officer has been charged with spying for China. 

In Los Angeles, an alleged hacker has been indicted for illegally accessing and defacing military, government, and business websites. The alleged hacker, who used the handles "Anderson Albuquerque" and "AlfabetoVirtual," is thought to have hacked as a hobby.

Researchers show there's a dog whistle for Siri, Alexa, and Google's Assistant.

Industry experts are, almost as a group, pointing to Iran, talking about Iranian cyber reprisal for US withdrawal from the nuclear agreement as a done deal.

Notes.

Today's issue includes events affecting Brazil, China, European Union, France, Germany, Iran, Iraq, Nigeria, Russia, United Kingdom, United States.

$8.76 Million: The Average Yearly Cost of Insider Threats. Join ObserveIT 5/15 to learn more.

Insider Threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by joining an exclusive LIVE online discussion with The Ponemon Institute founder, Larry Ponemon, on May 15th at 11:00am EDT. Claim your seat, now.

In today's podcast, we hear from our partners at the University of Maryland, as Jonathan Katz explains why cryptography is more challenging than many software engineers think it is. Our guest is Cyrus Farivar, author of the book Habeas Data, Privacy vs. the Rise of Surveillance Tech.

Cyber Security Summits: May 15 in Dallas & Boston on June 5 (Dallas, Texas, United States, May 15, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, CenturyLink, IBM Security and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Third Annual Cyber Investing Summit 5/15/18 (Dallas, Texas, United States, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial opportunities available in the rapidly growing cyber security industry. Panels will explore sector investment strategies, market growth forecasts, equity valuations, merger and acquisition activity, cryptocurrency protection, funding for startups, and more. Speakers include leading Chief Information Security Officers, VC founders, financial analysts, cyber security innovators from publicly traded and privately held companies, and government experts.

8th Annual (ISC)2 Security Congress (New Orleans, Louisiana, United States, October 8 - 10, 2018) The (ISC)2 Security Congress brings together the sharpest minds in cyber and information security for over 100 educational sessions covering 17 tracks. Join us to learn from the experts, share best practices, and make invaluable connections. Your all-access conference pass includes educational sessions, workshops, keynotes, networking events, career coaching, expo hall and pre-conference training. Save your seat at congress.isc2.org.

Cyber Attacks, Threats, and Vulnerabilities

Iran ready to launch cyber attacks against the west, warn threat intelligence specialists (Computing) Iran to respond to sanctions with a new wave of cyber attacks on banks, governments and critical infrastructure,Security ,hacker,Government,Iran,Levi Gundert,nuclear,Recorded Future

Industry Reactions to Iran Cyber Retaliation Over U.S. Nuclear Deal Exit (SecurityWeek) Industry professionals comment on the possibility that Iran will launch cyberattacks in response to the US’s withdrawal from the nuclear deal

Release of Thousands of Russia-Linked Facebook Ads Shows How Propaganda Sharpened (Wall Street Journal) Newly released documents show how Russian propagandists on Facebook grew increasingly sophisticated and inflammatory in their tactics over two years as they worked to sow discord in the U.S. before and after the 2016 presidential election.

Five Types of Facebook Memes Russia Used to Influence the 2016 US Election (Motherboard) A giant data dump from Congress revealed a ton of Russian memes, aimed at Americans around the presidential election.

Vigilante Hacks Government-Linked Cyberespionage Group (Motherboard) Earlier this month, Kaspersky published research on the so-called ZooPark group, which ran a hacking campaign towards Android devices across the Middle East. Now, a hacker has allegedly stolen ZooPark's own data and provided it to Motherboard.

Georgia’s Anti-Hacking Bill Dies By Veto, Taking an Outspoken Hacking Group with It (Government Technology) The group of hackers who claim to have penetrated several Augusta networks said it will disband now that the legislation will not become law.

Alexa and Siri Can Hear This Hidden Command. You Can’t. (New York Times) Researchers can now send secret audio instructions undetectable to the human ear to Apple’s Siri, Amazon’s Alexa and Google’s Assistant.

Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability (Dark Reading) New campaign shows that there are still systems exposed to the year-old CVE-2017-7269 vuln on an operating system that was declared end-of-life three years ago.

New Vega Stealer shines brightly in targeted campaign (Proofpoint) Proofpoint researchers describe a new information stealer distributed in a campaign with unusual targeting.

Malicious Chrome extensions infect 100,000-plus users, again (Ars Technica) Over two months, seven extensions stole credentials and installed currency miners.

Many Vulnerabilities Found in OPC UA Industrial Protocol (SecurityWeek) Kaspersky researchers find a significant number of vulnerabilities in OPC UA, a widely used industrial communications protocol

Kaspersky Lab Finds 17 Critical Vulnerabilities in OPC UA (Computer Business Review) Kaspersky identified 17 zero-day vulnerabilities during the protocol’s implementation that could result crippling cyberattacks

TreasureHunter PoS Malware Source Code Leaked Online (SecurityWeek) Source code of the TreasureHunter point-of-sale (PoS) malware was leaked online in March, according to Flashpoint, raising concerns that new variants will soon emerge.

Oh, Joy! Source Code of TreasureHunter PoS Malware Leaks Online (BleepingComputer) On the malware scene, there is no clearer sign of trends to come than the leaking of a malware family's source code. Based on this assumption, we can now expect an influx of Point-of-Sale malware in the coming months after the release of the source code of the TreasureHunter PoS malware on a Russian-speaking cybercrime forum.

TreasureHunter Source Code Leak Makes Payload, Builder Available to All (Flashpoint) The source code for the notorious TreasureHunter point-of-sale malware and its GUI builder and admin panel have been leaked. The TreasureHunter source code leak was discovered by Flashpoint researchers and advanced mitigations have been updated by Cisco in its Snort and ClamAV rules.

GPON Exploit in the Wild (I) - Muhstik Botnet Among Others (360 Netlab Blog) On May 1st, VPN Mentor disclosed two vulnerabilities against GPON home router. Since then, at least 5 botnet families have been actively exploiting the vulnerability to build their zombie corps, including mettle, muhstik, mirai, hajime and satori. It is the first time we have seen so many botnets competing for

Watch out: photo editor apps hiding malware on Google Play (Naked Security) Innocent-looking apps with ad clicker malware have bypassed Google’s safeguards

Hacker Kevin Mitnick shows how to bypass 2FA (TechCrunch) A new exploit allows hackers to spoof two-factor authentication requests by sending a user to a fake login page and then stealing the username, password, and session cookie. KnowBe4 Chief Hacking Officer Kevin Mitnick showed the hack in a public video. By convincing a victim to visit a typo-squatting…

Packets over a LAN are all it takes to trigger serious Rowhammer bit flips (Ars Technica) The bar for exploiting potentially serious DDR weakness keeps getting lower.

GandCrab Ransomware Found Hiding on Legitimate Websites (Threatpost) The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns.

Chinese Robocalls Bombarding The U.S. Are Part Of An International Phone Scam (NPR.org) The Mandarin-language messages are part of a "parcel scam" that falsely accuses Chinese immigrants of money laundering and then extorts them.

ATM attacks: How hackers are going for gold (Help Net Security) Imagine winning the lottery and having an ATM spit huge amounts of cash at you. That’s exactly what some cyber criminals are after. They’re targeting ATMs and launching “jackpotting” attacks, forcing them to dispense bills like a winning slot machine.

Nigerian BEC Scammers Growing Smarter, More Dangerous (Threatpost) Nigerian-based cybercriminals are growing more dangerous as they add sophisticated tools to their arsenal,  including complex remote access trojans, a new report reveals.

Nest warns user of password breach - but not from its own systems (Computing) Smarthome vendor did the right thing says the Internet Society,

EE Fix Portal Which Was Secured with 'Admin' Password (Infosecurity Magazine) EE fix portal flaw accused of exposing over two million lines of private source code

5,000 Routers With No Telnet Password. Nothing to See Here! Move Along! (BleepingComputer) A Brazilian ISP appears to have deployed routers without a Telnet password for nearly 5,000 customers, leaving the devices wide open to abuse.

Cyber attack affects Goodyear’s payment processing system (The Seattle Times) Officials in Goodyear say a cyber attack has affected the software in the city's payment processing system. The city became aware of the situation early Monday. Goodyear officials say customers who paid the city using a...

Can Google Be Selling the Future Using our Personal Data? (TechnoStalls) Google CEO Sundar Pichai stood on platform in the organization’s annual programmer conference on Tuesday and gathered a number of its innovative technology: a helper that may schedule appointments for you on the telephone, customized suggestions from Google Maps, and also a new feature which may help complete your paragraphs as you form an email. It …

Google sells the future, powered by your personal data (NBC News) Personal data collection practices are in the hot seat. So why isn't Google, which collects more data than Facebook, feeling the heat?

Security Patches, Mitigations, and Software Updates

LG resolves keyboard vulnerabilities which allow remote code execution attacks (ZDNet) The severe security flaws impact mainstream LG smartphones.

How to use Confidential Mode in Gmail (TechRepublic) Gmail's new Confidential Mode has been rolled out. This how-to walks you through the process of making use of this dealing-making feature.

Patch Tuesday problems, fixes — but no cause for immediate alarm (Computerworld) Important takeaways from this month’s Patch Tuesday: Get Win10 1803 updated if you can, but watch out for bogus lingering partitions; Remote Desktop flakiness has a solution; and the VBScript zero-day reiterates how badly broken patching has become.

Windows-crashing bug not patch-worthy, says Microsoft (Naked Security) When is a bug not a bug? That’s the question raised by researcher Marius Tivadar’s latest Windows-crashing proof of concept.

Cyber Trends

75% of cybersecurity professionals see the benefits of AI (Gigabit Magazine) According to new report from Exambeam, three quarters of cybersecurity professionals believe that artificial intelligence (AI) and machine learning (ML) are beneficial to their roles.

Netwrix Survey: Government’s rapid cloud adoption lacks security (Netwrix) The 2018 Netwrix Cloud Security: In-Depth Report found that 74% of government agencies plan to move more data to the cloud, but only 13% feel that it has improved their security

One Year After WannaCry: What's Changed & What Hasn't? (May 12 Marks One Year) (Information Security Buzz) With the one-year anniversary of WannaCry (May 12th) approaching, two cybersecurity experts with Juniper Networks commented below on what’s changed and what hasn’t, and advice on what works to minimize the impacts of ransomware attacks. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks: “Immediately after the WannaCry epidemic last year, most security researchers advised people to disable SMBv1 …

Organisations across the UK are still struggling with ransomware (Help Net Security) A year after the WannaCry ransomware attack impacted an estimated 200,000 victims, new research has revealed that organisations across the UK are still struggling to deal with ransomware.

Marketplace

What are you worth? The Exabeam Security Professionals’ Salary, Job Satisfaction, and Technology Outlook Report (Exabeam) The Exabeam 2018 Cyber Security Professionals Salary and Job Report is based on a global survey of 481[...]

Chinese phonemaker ZTE near collapse after parts run out because of U.S. sanctions (Los Angeles Times) The No. 2 Chinese telecom equipment manufacturer said Thursday its three main divisions — network gear, devices and enterprise solutions — have all but halted sales and aren’t bringing in sizable income, a person familiar with the matter told Bloomberg.

Symantec shares slump after revealing internal investigation (Register) It's not a security problem, but full-year results will likely be late

Cyber security firm Avast falls in LSE's biggest debut of the year (Reuters) Cyber security firm Avast shares were down 2.6 percent in early trade on Thursday in the London Stock Exchange's biggest debut in almost a year.

Valve debuts public bug bounty board in an effort to improve security (Gamasutra) Valve is joining Nintendo, Oculus, and a litany of other tech companies in establishing a public bug bounty program to encourage folks to report security vulnerabilities in its services.

DB Networks Announces Company Name Change to DB CyberTech (PR Newswire) DB CyberTech, a pioneer in machine learning based predictive database data...

Products, Services, and Solutions

New infosec products of the week​: May 11, 2018 (Help Net Security) Infosec products of the week include releases from Blue Cedar, NOS Microsystems and Onapsis.

Oracle CEO Mark Hurd: How To Instantly Prevent 95% Of Database Cyberattacks (Forbes) As Oracle expands its Autonomous Cloud services and looks to claim a leadership position in cloud cybersecurity, CEO Mark Hurd said this week that 95 percent of cyberattacks are on databases that administrators have failed to patch for more than 9 months—and that Oracle's Autonomous Database can instantly drive that deeply alarming figure to zero.

GRIDSMART Creates First of Its Kind Cybersecurity Division to Tackle Road Infrastructure Transportation Security Threat (BusinessWire) GRIDSMART Technologies, Inc., announced the formation of a first-of-its-kind cybersecurity group to help the transportation industry.

With Android P, Google Stops Playing Catch-Up on Security (PCMAG) Google I/O makes it clear that Google is ready to do more with Android and do it securely. That includes controlling an insulin pump with your phone.

Microsoft Offers a Peek at Its IoT DevelopmentsMicrosoft Offers a Peek at Its IoT Developments (Automation World) With a focus on manufacturing at the recent Hannover Fair, Microsoft unveiled extensions of its Azure IoT Suite related to security, on-premise...

Technologies, Techniques, and Standards

Ready or Not: Transport Layer Security 1.3 Is Coming (Dark Reading) Better encryption could mean weaker security if you're not careful.

Three IoT encryption alternatives for enterprises to consider (SearchSecurity) There are several key IoT encryption alternatives for connected devices that pose certain risks and benefits. Discover each alternative with expert Judith Myerson.

26% of Companies Ignore Security Bugs Because They Don’t Have the Time to Fix Them (BleepingComputer) A survey compiled last month at the RSA security conference reveals that most companies are still behind with proper security practices, and some of them even intentionally ignore security flaws for various reasons ranging from lack of time to lack of know-how.

The Multiplier Effect of Collaboration for Security Operations (SecurityWeek) Enabling collaboration and coordination across all security teams to accelerate security operations should be the norm.

Detecting Bad Actors Early in the Kill Chain (Security Boulevard) Cybersecurity borrows a lot of terms and tactics from the military, and kill chain is one such term used to describe the steps an attacker takes to perform a breach. Malware attacks are among the most prevalent threats that enterprises face, and there are

Cyber training needs pain and consequences (C4ISRNET) Fully experiencing the disruptions caused by cyberattacks during training exercises can provide important lessons for commanders on how to deal with network attacks in the field, according to experts who spoke at the 2018 C4ISRNET conference.

IBM bans USB drives – but will it work? (Naked Security) Can you blindly ban all USB drives, or will it lead to “shadow IT” where staff use them anyway? Sophos CISO Ross McKerchar has his say…

Design and Innovation

Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor (Dark Reading) With the addition of secure enclaves, secure boot, and related features of Clear, the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.

Opinion | Could Google’s creepy new AI push us to a tipping point? (Washington Post) Our machines so far have been at once humanlike and machinelike enough to set us at ease.

How to Tell If You’re Talking to a Robot (Motherboard) Mundane small talk could unravel an artificially intelligent phone assistant's otherwise-realistic speech patterns.

Facial Recognition Tech Is Creepy When It Works—And Creepier When It Doesn’t (WIRED) It's a powerful tool, but recent incidents have shown that there's no winning with facial recognition.

Verizon’s Open Innovation Lab Shows Off 5G Use Cases (Wireless Week) Verizon on Monday opened the doors of its 5G-enabled Open Innovation Lab at Alley in New York City to give reporters a peek at some of the applications that a handful of startups and universities are cooking up.

Research and Development

DARPA multidomain program to focus on ‘kill webs’ (C4ISRNET) If the U.S. is serious about bringing a greater capability to bear on the adversary, how can the military plan and manage across domains?

‘It’s Either a Panda or a Gibbon’: AI Winters and the Limits of Deep Learning (War on the Rocks) From a Nobel Laureate on the MIT faculty: “Intuition, insight, and learning are no longer exclusive possessions of human beings: any large high-speed computer can be programed to exhibit them also.” Herbert Simon wrote this in 1958. Could it have been last week? Today, the defense community is considering artificial

CIA to Use Amazon Cloud to Run Big Data Intelligence Experiments (Bloomberg Government) The Central Intelligence Agency is looking to team up with industry experts to run a series of open-source intelligence projects using its Amazon cloud.

How the big data revolution is a game changer for intel (C4ISRNET) The deputy director of the National Geospatial-Intelligence Agency spoke candidly about how big data is transforming his agency and what they're doing to keep up.

Legislation, Policy, and Regulation

Cyber deterrence is about more than punching back (FCW) Politicians and experts routinely call for a strategy that imposes costs on nation states for cyberattacks, but going on offense isn't always the answer.

US introduces legislation for Chinese tech sales (ZDNet) Citing national security and intellectual property theft, the proposed Fair Trade with China Enforcement Act would also prevent Huawei and ZTE equipment and services from being sold to government in the US.

ZTE is now center stage in the US-China trade fight (CNNMoney) If Chinese tech company ZTE falls, the shock waves will be felt around the globe.

Trump Administration Vows to Maintain U.S. Edge in AI Technology (Wall Street Journal) White House officials promised to keep the U.S. in the lead on emerging artificial-intelligence technologies, despite competition from China and worries about potential impacts on American workers.

The Trump Administration Plays Catch-Up on Artificial Intelligence (WIRED) At the Trump White House's first major engagement with leaders in AI, the administration mostly watched and learned.

Intel Editorial: The U.S. Needs a National Strategy on Artificial Intelligence (BusinessWire) In an opinion editorial, Intel CEO Brian Krzanich says the U.S. needs a national strategy on artificial intelligence.

Committee urges broader election security protections (GCN) The Senate Select Committee on Intelligence is calling for states to protect voter registration databases, assess voting machines for risk and deploy better detection technology across their election infrastructure.

Four Cybersecurity Policies Transforming Government (SIGNAL) These directives begin impacting agencies this year.

A bureaucratic mess (Federal Times) How the formation of a cyber center turned into a personnel scandal at the Department of Health and Human Services.

Bolton, team mull eliminating White House cybersecurity coordinator position (SC Media US) President Obama fulfilled a campaign pledge to prioritize cybersecurity by creating the position and tapping the late Howard Schmidt in 2009 as the first White House cybersecurity coordinator.

Bolton’s Magnificent Idea: Nix the White House Cyber Czar (Lawfare) John Bolton wants to get rid of the White House cybersecurity coordinator position. What could go wrong?

Gina Haspel and the Enduring Questions About Torture (The New Yorker) At her confirmation hearing, the nominee to head the Central Intelligence Agency faced intense questioning over the morality of enhanced interrogation.

Litigation, Investigation, and Law Enforcement

6 States Hit Harder By Cyberattacks Than Previously Known, New Report Reveals (NPR.org) Two years later, the report underscores that it's hard to know with complete certainty the extent of the Russian cyberattacks.

Ex-CIA agent charged with spying for China (Axios) A suspected mole, and how the CIA's network in China collapsed

Man Charged With Hacking Into and Defacing Military and Government Websites (New York Times) A California man is believed to have accessed sites for West Point’s Combating Terrorism Center and the New York City Comptroller’s Office, along with thousands of others.

California Man Arrested For Hacking Websites For The Combating Terrorism Center At West Point And The New York City Comptroller (US Department of Justice) The Defendant Committed More Than 11,000 Defacements of Various Military, Government, and Business Websites Around the World Using the Online Pseudonym “Alfabetovirtual”

Report: Bitcoin money laundering suspect spared from prison poison plot (Ars Technica) "There are people who are extremely interested in him not coming to Russia."

D.C. Police Sought a Contract With Palantir, But It Never Materialized (Washington City Paper) Residents who want to weigh in on big data policing in D.C. should study up on contracting and procurement.

FCC slaps robocaller with record $120M fine, but it’s like ’emptying the ocean with a teaspoon’ (TechCrunch) Whoever thought we would leave telemarketing behind in this brave new smartphone world of ours lacked imagination. Robocalls are a menace growing in volume and even a massive $120 million fine leveled against a prominent source of them by the FCC likely won't stem the flood.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Ready 2018 Cybersecurity/Intel Conference (MacDill Air Force Base, Florida, USA, May 14, 2018) Major General Mike Ennis (USMC, ret), CIA National Clandestine Service's first Deputy Director for Community Human Intelligence (HUMINT), will deliver the keynote. The conference will also feature an all-audience...

Cyber Investing Summit (New York, New York, USA, May 15, 2018) Now in its third year, the Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry, which is predicted to exceed $1 trillion in cumulative spending on products...

Third Annual Cyber Investing Summit (New York, New York, USA, May 15, 2018) Renowned cyber security executive David DeWalt will deliver the keynote address at the Third Annual Cyber Investing Summit. The Cyber Investing Summit is a unique all-day conference focused on the financial...

The Cyber Security Summit: Dallas (Dallas, Texas, USA, May 15, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Digital Utilitites Europe (Amserdam, the Netherlands, May 16 - 17, 2018) The conference will bring together key industry stakeholders to address the current challenges of the digitisation in the utilities sector. Join us in Amsterdam to hear latest business case studies and...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Ignite18 (Anaheim, California, USA, May 21 - 24, 2018) Palo Alto Networks' sixth annual conference features highly technical insights based on firsthand experiences with next-generation security technologies, groundbreaking new threat research, or innovative...

AFCEA/GMU Critical Issues in C4I Symposium (Fairfax, Virginia, USA, May 22 - 23, 2018) The AFCEA/GMU Critical Issues in C4I Symposium brings academia, industry and government together annually to address important issues in technology and systems research and development. The agenda for...

3rd Annual Nuclear Industrial Control Cybersecurity and Resilience Overview (Warrington, England, UK, May 22 - 23, 2018) Now in its 3rd year, the Cyber Senate Nuclear Industrial Control Cyber Security and Resilience Conference will take place on May 22/23rd in Warrington United Kingdom. This two day executive forum will...

PCI Security Standards Council’s Asia-Pacific Community Meeting (Tokyo, Japan, May 23 - 24, 2018) Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes and industry expert speakers. The PCI Security Standards Council’s 2018...

North American Financial Information Summit (New York, New York, USA, May 23, 2018) Data is the most vital asset of any financial services firm. With volumes increasing exponentially, and the complexity and structure continuously changing, it is more vital than ever to keep on top of...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

RISKSEC (New York, New York, USA, May 31, 2018) Welcome to the 2018 New York City RiskSec Conference. As SC Media approaches our 30th anniversary, we fully understand the avalanche of cybersecurity-related problems, responsibilities and aspirations...

Cyber:Secured Forum (Denver, Colorado, USA, June 4 - 6, 2018) Cyber:Secured Forum will feature in-depth content on cybersecurity trends and best practices as related to the delivery of physical security systems and other integrated systems. Content is being collaboratively...

Campaign Cyber Defense Workshop (Boston, Massachussetts, USA, June 4, 2018) The Campaign Cyber Defense Workshop brings together experts from the region’s industry, university, and government organizations to address campaign security and effective practices for maintaining campaign...

Gartner Security and Risk Management Summit 2018 (National Harbor, Maryland, USA, June 4 - 7, 2018) Prepare to meet the pace and scale of today’s digital business at Gartner Security & Risk Management Summit 2018. Transform your cybersecurity, risk management and compliance strategies and build resilience...

New York State Cybersecurity Conference (Albany, New York, USA, June 5 - 7, 2018) June 2018 marks the 21st annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA). Hosted by the New York State Office of Information Technology Services,...

The Cyber Security Summit: Boston (Boston, Massachusetts, USA, June 5, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

NSA 2018 Enterprise Discovery Conference (Ft. Meade, Maryland, USA, June 5 - 6, 2018) Hosted by the National Security Agency and the Federal Business Council (FBC). The EDC is the largest event held at NSA with over 1500 attendees from around the world. EDC provides a collaborative learning...

Cyber//2018 (Columbia, Maryland, USA, June 6, 2018) Cyber touches all aspects of our life from the myriad of devices we have brought into our homes to those we employ on the job to increase and improve our productivity. Please join us for our 9th annual...

TU-Automotive Cybersecurity (Novi, MIchigan, USA, June 6 - 7, 2018) Co-located with the world's largest automotive technology conference & exhibition. The conference unites players from research labs, automakers, tier 1’s, security researchers, and the complete supply...

SINET Innovation Summit 2018 (New York, New York, USA, June 7, 2018) Connecting Wall Street, Silicon Valley and the Beltway. SINET New York connects the United States’ three most powerful institutions and evangelizes the importance of industry, government and academic collaboration...

Transport Security and Safety Expo (Washington, DC, USA, June 11 - 12, 2018) Security incidents are expected to cost the world $6 trillion annually by 2021, making now the time to find out more at the 2018 Transport Security and Safety Expo. The transportation industry is rapidly...

Transport Security & Safety Expo (Washington, DC, USA, June 11 - 12, 2018) The conference is devoted to the challenges and opportunities surrounding ensuring the safety and security of passengers and cargo in the digital age.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.