skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Cozy Bear is back. The other Russian cyber operational agency, quieter sister to GRU’s Fancy Bear and generally associated with either the FSB or SVR (both KGB descendants) has been engaged in spearphishing US targets. CrowdStrike and FireEye, among others, have  discussed the discovery. CrowdStrike says Cozy Bear has been impersonating a US State Department official in the spearphishing emails. The payload is a link to a legitimate but compromised website. Targets form a familiar set of Cozy Bear interests: government agencies (including law enforcement), think tanks, and business intelligence services. Cozy Bear, by the way, is also known as “APT29,” “The Dukes,” or “PowerDuke” (ZDNet, Reuters).

Ukraine’s CERT, working with the country’s Foreign Intelligence Service, says it stopped battlespace preparation for a campaign that would have installed a new version of Pterodo espionage and attack-staging malware. There’s no attribution, but they note that the campaign appeared interested in former Soviet Republics (Ukrinform).

Researchers report a Gmail flaw that enables a user to add an arbitrary email address to the “From” field. Social engineering possibilities are obvious (HackRead).

Trend Micro is tracking the Outlaw criminal group, which is engaged in a renewed botnet campaign for cryptojacking, scanning, and brute-forcing of credentials.

The new US civilian cybersecurity agency, CISA, is now ready for its “groundbreaking.” President Trump signed legislation creating it into law at the end of last week (ZDNet).

Fears of infrastructure attacks continue to surface, notably in the UK’s Parliament (Guardian). CNBC offers a rundown of “cyber 9/11” possibilities.

Notes.

Today's edition of the CyberWire reports events affecting Canada, Ethiopia, European Union, NATO/OTAN, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United Nations, United States.

What are the brightest minds are saying about network security?

We're asking knowledgeable security insiders like you to take a short survey. In return, we're offering all qualified respondents a chance to enter a drawing to win one of three gift cards valued at $50 each. Join other cybersecurity leaders and share your viewpoints. Click here to take the survey.

In today's podcast, up later this afternoon, we speak with our partners at Palo Alto Networks, as Rick Howard offers a book recommendation from the Cybersecurity Canon project.

International Spy Museum's 2nd Annual William H. Webster Distinguished Service Award Dinner (Washington, DC, United States, November 28, 2018) Join the Spy Museum for the second annual William H. Webster Distinguished Service Award Dinner honoring Admiral William H. McRaven on Wednesday, November 28 at The Ritz-Carlton. For tickets, visit spymuseum.org.

Cyber Security Summit: November 29 in Los Angeles (Los Angeles, California, United States, November 29, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The CIA, The City of Los Angeles, Verizon, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

Russians impersonating U.S. State Department aide in hacking... (Reuters) Hackers linked to the Russian government are impersonating U.S. State Department...

Russian APT comes back to life with new US spear-phishing campaign (ZDNet) Cozy Bear (APT29) makes a comeback after last year's Dutch and Norwegian hacking campaigns.

Ukraine's Foreign Intelligence Service helps thwart another massive cyber attack (Ukrinform) A joint effort of the Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine revealed new modifications of Pterodo malware in computers used in Ukraine's state agencies, which indicates that preparations are likely underway for a massive cyber attack.

Power outages and bank runs: Here are the 'cyber 9/11' scenarios that really worry the experts (CNBC) There are many scenarios that could make up a future "cyber 9/11," but history and private-sector initiatives have given us some clues of what that may look like. 

UK 'wholly' unprepared to stop devastating cyber-attack, MPs warn (the Guardian) Ministers not taking growing threat to national infrastructure seriously, says committee

Expert says Quebec government servers are highly vulnerable to cyber attack (The Globe and Mail) Jose Fernandez says it is ironic because Quebec is home to a thriving cybersecurity industry and is an emerging hub for artificial-intelligence research.

America’s Election Grid Remains a Patchwork of Vulnerabilities (NYTimes) The midterms showed that there aren’t enough qualified poll workers and that accusations of political manipulation persist. Still, the situation has improved since Bush v. Gore.

How Hackers Are Stealing High-Profile Instagram Accounts (The Atlantic) In the Wild West of “influencer” marketing, there are few protections and plenty of easy marks.

Do You Know What a Bot Actually Is? (WIRED) The term “bot” has lost much of its actual meaning, becoming a vague tech-adjacent buzzword.

TrickBot Banking Trojan Starts Stealing Windows Problem History (BleepingComputer) A version of TrickBot spotted recently shows interest in data that is peculiar for the normal scope of banking trojans: the Windows system reliability and performance information.

Beware: New wave of malware spreads via ISO file email attachments (Security Boulevard) We’ve seen a spike in malware concealed in ISO file email attachments. Learn more about this new threat and how you can protect yourself against ISO malware. The post Beware: New wave of malware spreads via ISO file email attachments appeared first on Emsisoft | Security Blog.

Emotet has some customized phish for you (Avira Blog) A new wave of Emotet Trojan malware is hitting Europe and the DACH region with the Avira Protection Lab recording over 3.6 million detections so far in 2018. Usually disguised as a phishing email, the latest variants of this Trojan have been fine-tuned to slip past the user defenses and worm their way into Local …

Gmail "From field" bug makes phishing attacks easier for hackers (HackRead) Gmail, as we know, is a popular and commonly preferred email platform around the world.

Gmail Bugs Allow Changing From: Field and Spoofing Recipient's Address (BleepingComputer) A bug in the way Gmail handles the structure of the 'from:' header allows placing of an arbitrary email address in the sender field.

Instagram’s download your data tool exposed users’ passwords to public view (HackRead) Facebook somehow manages to make headlines one way or the other.

Hacker Say They Compromised ProtonMail. ProtonMail Says It's BS. (BleepingComputer) A person or group claiming to have hacked ProtonMail and stolen "significant" amounts of data has posted a lengthy ransom demand with some wild claims to an anonymous Pastebin. ProtonMail states it's complete BS.

How to rob an ATM? Let me count the ways… (Naked Security) A comprehensive new report lifts the lid on the sketchy state of ATM security.

In a post-EMV world, fraud is shifting from in-person to ecommerce channels (Help Net Security) The implementation of EMV chip cards and chip card readers was supposed to reduce fraud. So why is fraud still the top concern for merchants?

Outlaw Group Distributes Botnet for Cryptocurrency-Mining, Scanning, and Brute-Force (TrendLabs Security Intelligence Blog) We spotted two variants of activities from hacking group Outlaw. The script used in the first version of its bot has two functionalities: the miner and Haiduc-based dropper. The second variant of the code, distributed by the bot, was mainly designed to brute force and further exploit the Microsoft Remote Desktop Protocol and cloud administration cPanel in order to escalate the privileges.

McAfee Labs Discovers New Cryptojacking Malware ‘WebCobra’ (Ibinex News) McAfee Labs researchers have discovered a new cryptojacking malware which stealthily extracts victims’ computing power to mine the cryptocurrencies Monero (XMR) or Zcash secretly. Originating in Russia and dubbed ‘WebCobra,’ this cryptocurrency mining malware drops and installs the Cryptonight miner or Claymore’s Zcash miner, depending on the configuration the malware finds. It is comparatively uncommon...

GandCrab Ransomware: Cat-and-Mouse Game Continues (BankInfo Security) A new, free decryptor has been released for "aggressive" crypto-locking ransomware called GandCrab. Researchers say GandCrab has come to dominate the ransomware-as-a-service market, earning its development team an estimated $120,000 per month.

SamSam and GandCrab Illustrate Evolution of Ransomware (SecurityWeek) Targeted ransomware attacks such as those by SamSam take more effort, require skilled adversaries, but generate much larger payouts.

Be Prepared: The Threat of Ransomware Will Never Go Away (Modern Tire Dealer) Tire retailers and wholesalers, big and small, have been targets of ransomware and cyberattacks. We've got eight preventive measures you can take to help guard your business.

Emoji Attack Can Kill Skype for Business Chat (Threatpost) The "Kitten of Doom" denial-of-service attack is easy to carry out.

Popular Dark Web hosting provider got hacked, 6,500 sites down (ZDNet) Hosting provider is still looking for the hacker's point of entry.

‘Nothing on this page is real’: How lies become truth in online America (Washington Post) On Facebook, he writes America’s Last Line of Defense. She likes and shares.

Hacking MiSafes’ smartwatches for kids is child’s play (Naked Security) Researchers describe breaking into the watches as “probably the simplest hack we have ever seen.”

Vision Direct Notifies Customers of Data Compromise (Infosecurity Magazine) Vision Direct notifies customers of November data compromise

Why a seemingly insignificant financial merger triggered huge wave of Canadian phishing attacks (IT World Canada) In February two Canadian bank-owned co-operatives, Interac Association – which runs the inter-bank debit card network – and Acxsys Corp. – which

Black Friday brings out hackers looking to rip you off (CNET) Researchers found hundreds of malicious apps pretending to offer discounts.

Security Patches, Mitigations, and Software Updates

New security feature to prevent Amazon S3 bucket misconfiguration and data leaks (Help Net Security) AWS is rolling out Amazon S3 Block Public Access, a new security feature aimed at preventing accidental S3 bucket misconfiguration and data leaks.

Google Scours the Internet for Dirty Android Apps (SecurityWeek) Google is analyzing all the apps that it can find across the Internet in an effort to keep Android users protected from Potentially Harmful Applications (PHAs).

Cyber Trends

FireEye Expects New Cyber Security Challenges For 2019 (CXOtoday.) Every year brings with it new trends and challenges in the technology industry, especially in a domain like cyber security.

Personal cyberattacks becoming more common (IT Pro Portal) Hackers are pushing bots aside as they roll up their sleeves.

Remote working may boost productivity, but also leave you vulnerable to attack (Help Net Security) SMBs face the challenge of keeping their business secure, all the while adhering to the needs and expectations of the modern workforce.

Workers unaware of travel-related cybersecurity threats, survey finds (ZDNet) This holiday season, over half of adults plan to travel with work devices. Most don't appreciate the risks.

You Know What? Go Ahead and Use the Hotel Wi-Fi (WIRED) You were right not to trust hotel and airport Wi-Fi a few years ago. But these days, it's (probably) fine.

Study finds medical device security pros may have false sense of security (SC Media) A recent study surveying healthcare IT professionals found while the majority of them are very confident their connected devices are protected from cyberattacks, there may be some disconnects between the perceived level of security and how secure medical devices are.

Surveillance Kills Freedom By Killing Experimentation (WIRED) When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral.

Opinion | A Smarter Way to Think About Intelligent Machines (New York Times) We should be thinking more about how much A.I. has changed our lives already, and the future of human-algorithm collaboration.

We are a long way from achieving 'pure' AI, says AutoTrader's David Hoyle (Computing) AI that can truly replace humans is still in the distant future, and automation has a long way to go

Artificial intelligence: the potential and the reality (Computing) A look at AI and machine learning in the UK today

Marketplace

BBC: Big tech's use of data a barrier to working more closely with Google and Facebook (Computing) BBC strategist Noriko Matsuoka reveals how the national broadcaster is approaching AI and technology architecture

Google News may shut over EU plans to charge tax for links (the Guardian) Search engine is lobbying hard to stop proposed tax, aimed at compensating news publishers

With Facebook at ‘War,’ Zuckerberg Adopts More Aggressive Style (Wall Street Journal) Mark Zuckerberg’s new approach is causing unprecedented turmoil at Facebook, driving out several key executives and creating tensions with Chief Operating Officer Sheryl Sandberg.

Nick Clegg wipes public Facebook profile, deleting Lib Dem and Brexit posts (The Telegraph) Nick Clegg has scrubbed all traces of his anti-Brexit activism from his public Facebook page as he begins a new job as the social network's head of global affairs.

Facebook Fallout Ruptures Democrats’ Longtime Alliance With Silicon Valley (New York Times) Tech giants have found key allies among Democrats for years, a bond strengthened through mutual interests and campaign donations. But a year of scandals has forced a reckoning in Washington.

6 Questions From The New York Times' Facebook Bombshell (WIRED) Facebook has a lot of explaining to do: For starters, there's Sheryl Sandberg’s next steps and the accusations about George Soros.

Opinion | Yes, Facebook made mistakes in 2016. But we weren’t the only ones. (Washington Post) Lawmakers, the intelligence community and the media all bear blame.

Opinion | How Plato Foresaw Facebook’s Folly (New York Times) Technology promises to make easy things that, by their intrinsic nature, have to be hard.

What BlackBerry's Acquisition of Cylance Means for Cybersecurity Business (Fortune) This ain't your father's "crackberry."

Palantir may go public, but can it turn a profit? (Marketplace) The surveillance software giant may be preparing for an IPO amid concerns about its business.

Palantir Deal May Make IRS ‘Big Brother-ish’ While Chasing Cheats (Bloomberg) A contract with billionaire Peter Thiel’s Palantir Technologies will give the IRS new firepower to pursue tax cheats by connecting the dots in millions of tax filings, bank transactions, phone records, and even social media posts.

SolarWinds Acquires 8MAN, Launches Access Rights Management (ChannelE2E) SolarWinds acquires 8MAN and launches Access Rights Management (ARM) security platform for MSPs and IT professionals.

A10 Networks Unveils Its 5G Strategy (Light Reading) Security systems specialist A10 Networks has outlined its strategy to help mobile operators 'future-proof' their networks for 5G.

Google’s Cloud-Computing Boss, Diane Greene, to Step Down (Wall Street Journal) Google said its top cloud-computing executive is departing the company and will be replaced by a former executive of business software rival Oracle Corp.

Google looks to former Oracle exec Thomas Kurian to move cloud business along (TechCrunch) Diane Greene announced on Friday that she was stepping down after three years running Google’s cloud business. She will stay on until the first of the year to help her successor, Thomas Kurian in the transition. He left Oracle at the end of September after more than 20 years with the company,…

Long-standing boss of tech firm Spirent announces retirement (The Telegraph) The veteran chief executive of technology testing and security company Spirent Communications is to step down after 36 years working for the business.

Products, Services, and Solutions

Nok Nok Labs Introduces Strong Account Recovery (Nok Nok Labs) Today, more than 80 percent of mobile users typically require password reset (or account recovery) when using traditional username and passwords. Enterprise customers using the Nok Nok S3 Suite will be able to substantially reduce the need to address account recovery issues with their end users.   Global organizations need to scale to meet the …

Mastercard accredits FIME for biometric evaluation services (FIME) Device manufacturers and solution providers can now demonstrate the quality of fingerprint sensors for strong customer authentication.

Microsoft Introduces edX-Based Cybersecurity Training Program (Campus Technology) Microsoft has introduced a new series of open access courses on cybersecurity that can be taken for free or, for more formal recognition, as a certificate program for a fee. The Microsoft Professional Program Cybersecurity track includes 12 courses — 10 of which must be completed successfully to earn the certificate. The program is hosted on edX and includes labs, community interaction and quizzes. Content is delivered online through videos.

Fugue releases Risk Manager to ID cloud compliance violations (Help Net Security) Fugue Risk Manager provides visibility into cloud infrastructure and the assurance it always complies with security policy.

Alert Logic Adds Managed Threat Intelligence Service (Security Boulevard) Alert Logic this week announced it is adding a managed threat management service based on compute resources running on the Amazon Web Services (AWS) Alert Logic is adding a managed threat management service based on compute resources running on the Amazon Web Services public cloud.

Wellington College chooses LogRhythm's NextGen SIEM Platform to improve threat detection (FE News) Wellington College chooses LogRhythm's NextGen SIEM Platform to improve threat detection

Technologies, Techniques, and Standards

Inside the British Army's secret information warfare machine (WIRED UK) They are soldiers, but the 77th Brigade edit videos, record podcasts and write viral posts. Welcome to the age of information warfare

Navy recognizes electromagnetic battlespace, and its convergence with cyber and electronic warfare (EW) (Military & Aerospace Electronics) A new U.S. Navy policy recognizes the electromagnetic spectrum as a warfighting domain on par with sea, land, air, space and cyber

Modernization, people needed to drive Army's cyber capabilities (US Army) With an increase in digital connectivity and a rapid development of technologies, such as advanced computing, big data analytics, and artificial intelligence, the character of war has changed, making cyberspace a critical battlefield of the 21st cent...

Cyber criminals meet their match as industry players work together (Fin24) Major industry players are taking down cyber threats through collaboration and intelligence sharing.

The unsettling persistence of cybersecurity vulnerabilities in the cloud (SiliconANGLE) Clouds are full of cybersecurity vulnerabilities.

Blockchain Like Using Sledgehammer on a Thumb Tack (Radio) (Bloomberg) Dr Zulfikar Ramzan - Chief Technology Officer, RSA Security, joined Rishaad Salamat and Bryan Curtis on Daybreak Asia to discuss trends he sees in cybersecurity for 2019, including cloud solutions and IoT. He goes on to explain why he thinks blockchain has been overhyped.

Design and Innovation

Cyber Security Derailed? Recommendations for Smarter Investments in Infrastructure (War on the Rocks) A state-owned Chinese company receives a contract to build and maintain the next generation of railcars that service Metro stations at the Pentagon, near

Helping researchers with IoT firmware vulnerability discovery (Help Net Security) Researchers have analyzed over 200,000 firmware images from 76 unique manufacturers across many different products, and their system can help others.

Research and Development

4 technologies a cyber moonshot should include (Fifth Domain) An industry group is urging an investment in four technologies that it says can create a “safe and secure internet.”

Legislation, Policy, and Regulation

NATO To ‘Integrate’ Offensive Cyber By Members (Breaking Defense) "NATO is clear that we will not perform offensive cyberspace operations," said Maj. Gen. Wolfgang Renner. "However, we will integrate sovereign cyberspace effects from the allies who are willing to volunteer."

Apple CEO Tim Cook calls new regulations "inevitable" (Axios) "This is not a matter of privacy versus profits, or privacy versus technical innovation. That's a false choice."

Tim Cook defends using Google as primary search engine on Apple devices (Ars Technica) Apple CEO also thinks forthcoming federal regulation of tech companies is "inevitable."

We have promising cybersecurity strategies, now the hard part: implementation (TheHill) John Wood and Robert DuPree say defining problems and stating objectives is one thing; getting the government to pull together and take action is another.

Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency (ZDNet) The US now has an official federal cybersecurity agency.

Analysis | The Cybersecurity 202: A Nielsen exit could leave void as DHS gains new cybersecurity authority (Washington Post) Observers praised the secretary's work on the midterms.

Launch of DHS cyber agency 'more of a groundbreaking than a ribbon-cutting' (Federal News Network) The Department of Homeland Security finally secured a name change for its cybersecurity-focused branch, but more importantly, its chief has laid out a two-year roadmap to bring it up to "full operating capability."

DOD reorgs to fuel cyber, AI and space opportunities (Washington Technology) At the immixGroup's annual Government IT Sales Summit, analysts describe how several DOD reorganization efforts will fuel new opportunities in cyber, space and artificial intelligence.

Litigation, Investigation, and Law Enforcement

CIA concludes Saudi crown prince ordered Jamal Khashoggi’s assassination (Washington Post) Audio recordings, intercepted phone calls and other intelligence link Mohammed bin Salman to killing that Saudis say was conducted by rogue elements.

Trump speaks with CIA about Khashoggi killing, says there will be a report by Tuesday (Washington Post) The agency found that Saudi Crown Prince Mohammed bin Salman ordered the journalist’s slaying.

U.S. Is Optimistic It Will Prosecute Assange (Wall Street Journal) The Justice Department is preparing to prosecute WikiLeaks founder Julian Assange and is increasingly optimistic it will be able to get him into a U.S. courtroom.

Free-press advocates worry Assange charges could set dangerous precedent — though details remain unclear (Washington Post) The Justice Department under Trump has waged an aggressive battle against leaks.

Snowden criticizes indictment of Assange over unspecified documents (New Kerala) Former US National Security Agency (NSA contractor and whistleblower Edward Snowden on Saturday voiced his concern over the indictment of WikiLeaks founder Julian Assange on the basis of unspecified documents. He has bee

Dubai Interpol summit told dark web drug deals and 'new dimension' of cyber crime pose great threat (The National) At this week's General Assembly in the emirate, a new Interpol president will also be chosen — after Chinese incumbent Meng Hongwei was arrested on corruption charges

Wave of Ethiopia arrests nets ex-top spy (BBC News) Dozens of security officials have been held as Prime Minister Abiy tackles corruption and rights abuses.

Facebook pays $69m to investors who sued over Zuckerberg control (The Telegraph) Facebook has agreed to pay $69m (£54m) to a group of investors who sued the social network for legal fees they incurred while fighting a plan to tighten Mark Zuckerberg's control of the company.

Judge asks if Alexa is witness to a double murder (Naked Security) A judge has ordered Amazon to turn over any recordings an Echo device may have made around the time a horrific crime occurred.

Europol, Diebold Nixdorf to Share Information on Cyber Threats (SecurityWeek) Europol and ATM maker Diebold Nixdorf sign a memorandum of understanding for exchanging information and expertise on cyber threats

Qatar beefs up incidence response capabilities against cybercrimes (Gulf-Times) Qatar’s Cybersecurity Centre (CSC) has strengthened its incidence response capabilities to protect and assist its client organisations in the public and private sectors ...

Convicted tax fraudster sues CNBC for defamation, says he’s not a “hacker” (Ars Technica) Daniel Rigmaiden, now a privacy advocate, heads to court representing himself.

John McAfee is 'liable' for 2012 death of Belize neighbour, rules court (Register) Default judgement for one-time antivirus bad boy

SEC Whistleblower Program Has Record-Breaking Year (Wall Street Journal) The agency’s annual report to Congress, published this week, indicates the maturity of the federal whistleblower program.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Kingdom Cyber Security (Riyadh, Saudi Arabia, November 20 - 21, 2018) Setting a game plan to boost cyber resilience at the national level.

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore...

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.