skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

Proofpoint describes a new, modular remote access Trojan, “tRAT,” distributed by the criminal group familiar from its involvement in the notorious Dridex campaigns. tRAT is distributed by social engineering: phishing emails with malicious Microsoft Word documents attached. 

A cyberespionage campaign against engineering and maritime targets in the UK has been traced by Recorded Future to a Chinese threat actor, known variously as “TEMP.Periscope” and “Leviathan.” The group makes interesting use of techniques apparently repurposed from the Russian threat actors DragonFly and APT28 (that is, Fancy Bear, the GRU) (SecurityWeek).

Heimdal has been tracking new strains of the familiar Dharma ransomware. The latest successfully evades detection by most antivirus software (Security Intelligence).

The HookAds malvertising campaign is actively redirecting victims to the Fallout exploit kit (BleepingComputer).

The implausible but depressingly effective Bitcoin-based advance-fee scam (as in, “send us a Bitcoin and we’ll send you ten in return”) has assumed new forms, with major brands’ Twitter accounts being hijacked or spoofed to convince the unwary. Target and Google are among those major brands (Naked Security, Graham Cluley).

Bitcoin itself has seen its price crash below $6000 on trading markets this week, as speculators apparently fear a coming fork (TechCrunch).

Nigeria’s new Cyber Command, staffed by technically proficient military officers, is expected to help with counter-terrorism. The government also hopes the young organization will take a toll on the country’s organized cybercriminals. That won't be easy—the gangs are a deeply rooted subculture (TechNative).

Fancy Bear says the DNC can’t sue them (ABC).

Notes.

Today's edition of the CyberWire reports events affecting China, European Union, France, Iran, Israel, Japan, Netherlands, Nigeria, Russia, Sweden, Syria, United Kingdom, United States, and Zimbabwe.

Securing the Vote: How Easily Could Our Elections Be Hacked?

U.S. voting systems are broken. They are peppered with risks from people, process, and technology – and something must be done to regain voter confidence. In the latest Securealities report, Coalfire identifies these vulnerabilities and provides recommendations for remediation based on analyses from their work on voting networks and systems, plus 3,000 cybersecurity engagements in the past year.

In today's podcast, out later this afternoon, we hear from our partners at the University of Maryland as Jonathan Katz describes a side channel attack on mobile device encryption. Our guest is Mike McKee from ObserveIT with some thoughts on nation-state attacks.

And Hacking Humans is up. In this episode, among other things, we consider how the CEO can be the weakest link. We have some listener feedback on the "Can you hear me?" fraud. Dave shares an ongoing Elon Musk Bitcoin giveaway scam. Joe describes malicious use of a compromised DHL email address. This week's catch of the day comes from Australia. Carole Theriault returns with an interview of MimeCast's Matthew Gardiner.

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

tRat: New modular RAT appears in multiple email campaigns (Proofpoint) Proofpoint researchers detail a new RAT being distributed by TA505.

Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis (New York Times) Russian meddling, data sharing, hate speech — the social network faced one scandal after another. This is how Mark Zuckerberg and Sheryl Sandberg responded.

Facebook’s weapon amid chaos and controversy: misdirection (TechCrunch) The New York Times’ bombshell report into the past three years at Facebook paint a grotesque picture of the company’s attempts to navigate a string of high-profile controversies by using unsavory, unethical and dark PR tactics. The Times’ report, citing more than 50 sources, accus…

Chinese Hackers Target UK Engineering Company: Report (SecurityWeek) Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors.

Cranes Exposed to Possible Cyber-Sabotage—What We Can Learn (Infosecurity Magazine) Why the scenario of a hacked crane is a concern for wider cybersecurity.

Rosie the CNC Machinist: American Manufacturing as a Warfare Domain (War on the Rocks) For want of a nail the shoe was lost; For want of a shoe the horse was lost; For want of a horse the rider was lost; For want of a rider the battle was

Container Malware: Miners Go Docker Hunting In The Cloud (Juniper Threat Labs) The advent of microservices has led to us witnessing containers take the cloud by storm. But, this boom in the container-cloud relationship is exposing security issues that are inviting malware into the party as well.

HookAds Malvertising Installing Malware via the Fallout Exploit Kit (BleepingComputer) The HookAds malvertising campaign has been active lately and redirecting visitors to the Fallout Exploit Kit. Once the kit is activated, it will attempt to exploit known vulnerabilities in Windows to install different malware such as the DanaBot banking Trojan, the Nocturnal information stealer, and GlobeImposter ransomware.

New Ransomware Strain Evades Detection by All but One Antivirus Engine (Security Intelligence) A new strain of Dharma ransomware is able to evade detection by nearly all of the antivirus solutions on the market.

Apple says nothing as Apple ID accounts mysteriously locked down (HOTforSecurity) Has someone been trying to hack into a large number of Apple ID accounts? That's one of the theories circulating after a significant number of iPhone owners woke up on Tuesday to discover that their handsets were displaying a message saying that...

Unpatched Android OS Flaw Allows Adversaries to Track User Location (Threatpost) The vulnerability is one of many with the same root cause: Cross-process information leakage.

Official Google Twitter account hacked in Bitcoin scam (Naked Security) The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts.

Inside the Messy, Dark Side of Nintendo Switch Piracy (Motherboard) Doxing rivals, stealing each other’s files, and poking around Nintendo’s servers are all a normal part of the ballooning Nintendo Switch hacking and piracy scenes.

Target and other high profile Twitter accounts exploited for cryptocurrency scams. Umm... is Twitter doing anything about this? (Graham Cluley) The latest high profile account to be abused by scammers to promote a cryptocurrency giveaway? US retail giant Target.

20% of MageCart-compromised merchants get reinfected within days (The State of Security) MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again.

Cyber criminals eye huge windfalls via small government agency hacks (SecurityInfoWatch.com) Ransomware, other attacks wreak havoc on local and state networks, put critical infrastructure and services at risk

Small-Time Cybercriminals Landing Steady Low Blows (Dark Reading) High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.

Targeted ransomware attacks – SophosLabs 2019 Threat Report (Naked Security) This year’s SophosLabs Threat Report is out. We talk targeted ransomware attacks, and in particular, SamSam.

The Hack Millions of People Are Installing Themselves (Motherboard) Security conscious users keep their operating system and other software up to date, but a huge risk is often overlooked: the underground trade of malicious browser extensions that people install themselves.

Security Patches, Mitigations, and Software Updates

Firefox will alert you if a website you visit has been pwned (Inquirer) Mozilla's Monitor 2.0 is adding notifications for website breaches

Siemens Releases 7 Advisories for SIMATIC, SCALANCE Vulnerabilities (SecurityWeek) Siemens has released 7 advisories to warn users of potentially serious vulnerabilities affecting various SIMATIC and SCALANCE products

Microsoft update breaks Calendar and Mail on Windows 10 phones (Naked Security) Still reeling from last week’s Windows 10 Pro debacle, Microsoft dropped a fresh pile of “Oops!” onto Windows 10 Mobile users.

Cyber Trends

Cyberwarfare: The danger and potential answers, is AI a threat or solution? (Information Age) Following comments by, Nick Carter, Information Age quizzed experts on the threat of cyberwarfare and what we can do about it:

StackRox Report: Misconfigurations and Runtime Security Top Enterprise Concerns in Containers and Kubernetes Deployments (BusinessWire) Industry’s First “State of Container Security” Report Finds that Organizations Consider Their Container Security Strategies Lacking and Expect Operations Teams to Lead Security Efforts

The State of Container Security 2018 Report (StackRox) StackRox has compiled the industry’s first State of Container Security report, highlighting the perspective of more than 200 enterprises deploying containers today.

Security Predictions 2019 (FIreEye) Facing forward...

IoT related security missteps cost enterprises millions (Help Net Security) Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the IoT

Why Is Antivirus Software Still a Thing? (Motherboard) Antivirus has been around for more than 20 years. Do you still need it to protect yourself today?

60% of firms believe a major security event will hit in the next few years (Help Net Security) Only 30% of 1,250 senior executives, management and security practitioners are confident their business will avoid a major security event.

Employees aren't taking the proper steps to keep information safe while traveling (Help Net Security) Employees aren’t taking the proper steps to keep their organizations’ information safe while traveling, according to ObserveIT.

What's keeping Europe's top infosec pros awake at night? (Help Net Security) As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts

Do Wearable Devices Connect People to the Internet of Things? (Clutch) People who own wearable devices mostly connect them to their smartphones, rather than other IoT devices, which limits their devices' functionality, according to our new survey. Read More

Critical Data Protection Report (IntelliSecure) Findings based on groundbreaking benchmark survey of 318 executives and cybersecurity professionals in the United States, Canada, and the United Kingdom.

Marketplace

It's happening: Consolidation is coming for the cybersecurity industry (Cyberscoop) It’s starting to happen. Amid a flurry of mergers and acquisitions, the cybersecurity industry is embarking on a path of consolidation that analysts predict will result in the existence of far fewer companies within just a few years.

Cisco CEO on layoffs: 'an unfortunate step we needed to take' (CRN Australia) Chuck Robbins said layoffs were needed for restructure.

Fair-weather friends? Facebook workers lose faith in internet giant (Times) Employees of Facebook have become increasingly pessimistic about the company’s future and are less certain that it is making the world a better place, according to a leaked poll. The social network...

Forcepoint to trim partner base and focus on enterprise (CRN Australia) Reducing the number of transactional partners as it moves upmarket.

Russian cyber security firm moves away from Moscow after allegations of Kremlin spying (Sky News) Kaspersky Lab is moving crucial aspects of its infrastructure to Switzerland, away from the Kremlin's jurisdiction.

Walmart, Microsoft, AT&T-Backed Foundry Invests Millions in Encryption Pioneer (Fortune) Duality Technologies helps companies share data even while preserving people's privacy.

Exclusive: Dragos Raises $37 Million to Secure Industrial Systems (Fortune) An NSA veteran takes on nation state attackers.

Automox Secures $9.3M Series A Funding Round (GlobeNewswire News Room) Boulder-based company’s automated patching and configuration management solution attracts investment from TechOperators, CRV, and Tom Noonan, who also joins the board of directors

Imminent Bitcoin Cash schism triggers cryptocurrency selloff (Ars Technica) Bitcoin's value falls below $5,500 for the first time since 2017.

Check Point Software Finally Goes on the Offensive (The Motley Fool) The cybersecurity specialist is doing the right things to accelerate growth.

Alion Science books $769M ISR, cyber integration order (Washington Technology) Alion Science and Technology books a $769 million task order to integrate systems and subsystems for the U.S. military’s ISR and cyber platforms.

MACH37 Cyber Accelerator Opens Applications for Spring 2019 Session (GlobeNewswire News Room) Cohort Begins April 1, 2019

Israeli firms, ministry set up consortium to tackle aviation cyberthreats (Times of Israel) Group includes startups and veteran cybersecurity and aviation companies; the aim is to create a virtual bulletproof cockpit door for the cybersphere, Israel's cyberchief says

The Nation's First "Global Cyber Innovation Summit" Premieres In Maryland In May 2019 (PR Newswire) A premier, Invitation-only, cybersecurity forum– The Global Cyber Innovation Summit – will stage its first annual...

Vice Admiral (Ret.) Jan Tighe Joins Paladin Capital Group’s Strategic (PRWeb) Paladin Capital Group is pleased to announce that Vice Admiral (Ret.) Jan Tighe, has joined Paladin’s Strategic Advisory Group. “Jan is one of the world’s for

Ping Identity Announces Additions to Leadership Team (BusinessWire) Ping Identity, the leader in Identity Defined Security, today announced the addition of two new executives to its leadership team. Bernard Harguindegu

Exostar Names Stuart Itkin Vice President of Product Management (AP NEWS) Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D) , life sciences , and healthcare , today announced that Stuart Itkin has joined the company as Vice President of Product Management. He will oversee all of Exostar’s strategic and tactical product management and product marketing activities.

Products, Services, and Solutions

Digital Defense Announces Frontline Active Threat Sweep™ (Digital Defense) Fast, Easy to Deploy, Cost-Effective Alternative to Threat Hunting Platforms

Microsoft and Glasswall Collaborate on Azure and O365 (BusinessWIre) Microsoft and Glasswall Solutions today announced that Glasswall has earned Co-Sell Ready status through the Microsoft One Commercial Partner Program.

Kingston Enhances Award-Winning IronKey D300 Encrypted USB (BusinessWIre) Kingston Digital, Inc., the Flash memory affiliate of Kingston Technology Company, Inc., a world leader in memory products and technology solutions, h

ThreatConnect Expands TIP Capabilities with New Automation Not Available in Similar Products (Press of Atlantic City) In an effort to address the growing threat intelligence market need for automation, ThreatConnect, Inc. ®, provider of the industry's only extensible, intelligence-driven security platform, has

King & Union and Farsight Security Announce Strategic Partnership (PR Newswire) King & Union, the provider of Avalon, a threat analytics platform built with collaboration at its core, today...

Kenna Security delivers industry-first peer benchmarking for vulnerability management (GlobeNewswire News Room) New features and enhancements improve upon Kenna’s data-driven approach to cybersecurity, giving companies an industry-specific view of their risk

Cequence Security Announces Game-Changing Application Security Platform (ASP) to Stop Bot Attacks (BusinessWire) Cequence Security provides effective, scalable defense against the growing number of bot attacks including account takeover, content scraping & DDoS.

Acunetix Vulnerability Scanner Now Also on Linux (Acunetix) Linux platform improves reliability, security and performance November 2018, London, UK – Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix for Linux. Known to be reliable, cost effective and secure, Linux is the server operating system of choice for many large organisations including Facebook, Twitter and Google. Acunetix …

Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs (Help Net Security) Vade Secure's IsItPhishing Threat Detection enables SOCs to automate the detection and blocking of targeted phishing attacks across the entire network.

Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets (Help Net Security) Cryptowerk Seal creates a digital seal of each asset based on SHA hashes, which is then stored on any public, private or hybrid blockchain.

Intel, AMD set to release next-gen server CPUs (CRN Australia) Targeting high-performance computing and AI.

EdgeWave Debuts Post-Delivery Email Security Service (Media Post) EdgeWave says its new ThreatTest can remove suspicious emails from all inboxes in a company.

EZShield Launches Mobile Defense Suite (BusinessWire) EZShield, a portfolio company of The Wicks Group (

Technologies, Techniques, and Standards

Building A More Secure Connected Healthcare Environment (Chertoff Group and Abbott) The healthcare sector is in the midst of a major transformation, including changing demographics, an evolving public policy environment and rapidly advancing technology. A core element of this technology change is the advent of connected healthcare, which is empowering physicians to deliver superior results and extend patient lives.

New readiness metrics for DoD cyber force (Fifth Domain) As cyber forces and threats mature, DoD is looking at how to ensure forces can meet mission objectives.

The GDPR Disclosure Conundrum (Infosecurity Magazine) New rules imposed by the EU can be particularly challenging for organizations to disclose a breach within such a tight a timeframe.

How to Securely Wipe Your Devices So You Can Recycle or Resell Them (Motherboard) How to clean out that drawer of old phones, laptops, and hard drives without having to worry about someone getting their hands on your data.

7 Things UEBA Detects (Bay Dynamics) User and Entity Behavior Analytics (UEBA) is picking up steam among organizations across industries of all sizes. A survey by analyst firm Enterprise Strategy Group reveals only 6% of 400+ cyber security pros have no plans to deploy machine learning/AI technologies for cybersecurity analytics and operations, which would include UEBA. That means the vast majority have UEBA on their radar.

Venafi Research: Do Government Officials Need Cyber Security Training? (Venafi) According to Venafi research, the vast majority of security professionals believe their government officials should complete cyber security training

Design and Innovation

HTTP/3: Come for the speed, stay for the security (Naked Security) Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.

Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants (TrendLabs Security Intelligence Blog) Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security.

Research and Development

The Hail Mary Plan to Restart a Hacked US Electric Grid (WIRED) On tiny Plum Island, DARPA stages a real-life blackout to put its grid recovery tools to the test.

What Constant Surveillance Does to Your Brain (Motherboard) Technology is getting more adept at tracking our moves and anticipating our choices, and being watched all the time can make us feel anxious.

Legislation, Policy, and Regulation

Nigeria: Will a Cyber Command Solve its Cyber Crime Problems? (TechNative) In late August 2018, the government of Nigeria announced that the establishment of its cyber command to be headquartered in Abuja.

Microsoft, Google Back Paris Cyber Pledge on Chips, Hacks (Data Center Knowledge) Microsoft, Google, and Samsung backed a Paris cybersecurity pledge to unite tech giants and governments in battling election tampering, compromised electronic components, and software hacks

Paris Call for trust and security online has been backed by Kaspersky Lab (htxt.africa) The Paris Call calls on firms and countries to work together to fight the scourge of cybercrime.

US Panel Warns Against Government Purchase of Chinese Tech (SecurityWeek) A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical U.S. infrastructure at risk.

Department of Defense’s Cybersecurity Acquisition and Practices from the Private Sector (US Senate Committee on Armed Services) To receive testimony on the Department of Defense’s cybersecurity acquisition and practices from the private sector.

Testimony on the Department of Defense’s Cybersecurity Acquisition and Practices from the Private Sector [Dmitri Alperovitch] (US Senate Committee on Armed Services) Chairman Rounds, Ranking Member Nelson, Senators of the Subcommittee: thank you for inviting me to testify at today’s hearing. I co-founded CrowdStrike more than 7 years ago with a mission to stop cyber breaches, including those caused by some of the most sophisticated adversaries.

Is the Defense Department’s entire vision of cybersecurity wrong? (Fifth Domain) One top official believes the physical world is not analogous to the cyber world.

26 Democrats Demand Besieged Homeland Security Sec. Kirstjen Nielsen Resign (The Daily Beast) Trump reportedly wants to fire Kirstjen Nielsen over immigration. And now, in a new letter, 26 House Democrats want Nielsen out for doing Trump’s bidding too well.

Zimbabwe: Japan Extends $3.6 Million Grant to Zimbabwe for Cyber Security (allAfrica.com) The Japanese government has extended a $3.6 million grant to Zimbabwe which will be used for the acquisition of cyber security equipment.

Litigation, Investigation, and Law Enforcement

Cathay Apologizes Over Data Breach but Denies Cover-up (SecurityWeek) Cathay Pacific apologized for the firm's handling of the world's biggest airline hack that saw millions of customers' data breached but denied trying to cover it up.

Microsoft facing GDPR fine over Office 365 telemetry (Computing) 25,000 'events' Office 365 recorded and shared among 30 engineering teams at Microsoft

Less than half of federal agencies have met identity management rules (Fifth Domain) Only 41 percent of government agencies have met the federal guidelines for identity and access management, according to a new report.

U.S. says defendant in Elliott Broidy hacking case has diplomatic immunity (NBC News) The ex-diplomat accused of helping steal and distribute GOP fundraiser Elliot Broidy's emails is entitled to immunity, the U.S. government tells NBC News.

ICO Prosecution Leads to First Jail Term (Infosecurity Magazine) Privacy watchdog sees data thief go to prison for six months

Support wouldn’t change his password, so he mailed them a bomb (Naked Security) The Cryptopay customer asked customer services for a new password. They refused, given that it was against the company privacy policy.

Text messages show Roger Stone and friend discussing WikiLeaks plans (NBC News) "Big news Wednesday ... Hillary's campaign will die this week," Randy Credico appears to have texted Stone six days before WikiLeaks email dump.

U.S. Ramps Up Sanctions on Hezbollah as Part of Iran Pressure (Wall Street Journal) The Trump administration on Tuesday targeted Iran-backed Hezbollah with fresh terrorism-related sanctions, as the U.S. moves to keep up pressure on Tehran and its tools of foreign-policy abroad despite resistance from European allies.

Saudi prosecutor seeks death penalty in Khashoggi murder (Al Jazeera) Kingdom is seeking death penalty for five people accused of carrying out journalist's killing, Shaalan al-Shaalan says.

Pope’s foundation backs international effort to fight cyberbullying (Crux) “Words hurt more than beatings. Do they not hurt you? Are you so insensitive? What happened to me should never happen to anyone … I hope that now you are all more sensitive with your words.”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Global Cyber Innovation Summit (Baltimore, Maryland, USA, May 1 - 2, 2019) The inaugural 2019 Global Cyber Innovation Summit brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber...

Upcoming Events

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore...

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.