skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

SecurityWeek's ICS Cyber Security Conference

Wednesday's sessions of SecurityWeek's 2018 ICS Security Conference continued examination of risk management and the importance of security operators engaging the realities on the plant floor. 

In a presentation on consequence-driven risk management, LEO Cyber Security's Clint Bondungen stated a first principle: we do cybersecurity because cyber threats pose a risk to the business. He argued that cyber risks should be viewed as process hazards. Identifying consequences helps determine safety controls and define the possible impact of events. (He also offered a skeptical take on the familiar risk equation, which depends upon speculative numbers and lends a specious appearance of rigor to what in fact is a questionable and subjective process.)

Two security leaders from Sony, Kristin Demoranville and Stuart King, described the realities of assessing security in factories. A security assessment is neither a tour nor a policy enforcement drill. Their argument was that security comes down to people and process, which is neither surprising nor controversial, but the lessons they drew were instructive. It is essential to recognize, they said that "anything will break production." That is, surprising events that you, the security officer, would not expect to be a problem, in fact can disrupt industrial processes. It's important to discover the factory and understand how it works, and it's important to establish trust with the people who work there. "Hanging out on the line and in the break rooms," will give you a realistic appreciation of a facility's risk. You will find, Demoranville and King said, that not everything that looks like a risk is in fact a risk, and that many things that look benign actually do present hazards.

We'd heard earlier from Dragos on the Triton/Trisis malware deployed against a Saudi petrochemical facility. Yesterday Nozomi's co-founder Dr. Andrea Carcano spoke about their own investigation of the malware, including their reverse engineering of the probable attack methods. His conclusion was that "exploitation [of industrial control systems] is no longer for the elite." Increased connectivity, readily available exploitation tools and malware samples, and easily accessible ICS documentation and equipment have combined to lower barriers to entry.

SecurityWeek's 2018 ICS Cyber Security Conference concludes today. We'll have more coverage tomorrow.

The US Department of Homeland Security is not seeing expected rates of Russian election system probing, but its National Protection and Programs Directorate (NPPD) doesn't necessarily find this reassuring, wondering what it might be missing. Information operations have continued, resulting so far in one indictment. The effect of US Cyber Command's campaign of warning Russian information operators (and whatever else Fort Meade may be doing) remains to be seen. Some observers see a model for retaliation and deterrence in the quiet late-1990s information campaign the US and NATO allies ran against Serbian leader Slobodan Milosovec.

Google says that it's blocked a significant ad-fraud campaign.

SophosLabs reports the discovery of a large botnet that exploits poorly secured SSH servers and various equally poorly secured IoT devices. Called "Chalubo" after its use of the  ChaCha stream cipher, the botnet is adapted to run distributed denial-of-service attacks. It's Linux-based, but researchers say Chalubo is using obfuscation techniques usually associated with Windows-based malicious code.  It's also borrowed code from both Xor.DDoS and Mirai. Observers offer the usual sensible recommendations about securing devices.

Mexico's Central Bank has raised the alert level for the country's financial system after insurer AXA reported sustaining a cyberattack that attempted to compromise cash payment systems.

Hong Kong-based Cathay Pacific has sustained a major data breach. The airline disclosed yesterday that almost nine-and-a-half-million passengers may have been affected.

The UK's Information Commissioner's Office has assessed the maximum allowable penalty, £500,000, against Facebook for its role in the Cambridge Analytica data scandal.

Notes.

Today's issue includes events affecting Bangladesh, Brazil, Canada, China, India, Indonesia, Israel, Kenya, Democratic People's Republic of Korea, Mexico, Mozambique, Nepal, Netherlands, Russia, Saudi Arabia, Thailand, United Kingdom, United States.

A year in, companies unsure of risk under China's Cyber Security Law, says Control Risks.

Over a year into China’s Cyber Security Law, Control Risks experts say its vague definition and application leaves multinational companies struggling to understand their risk. Further, how strictly the government will crack down and the extent of penalties for non-compliance remain open questions. Nonetheless, companies operating in China must understand their unique exposure and specific cyber, physical and procedural requirements. Let Control Risks help you make the critical decisions to seize your opportunities in China.

In today's podcast, up later this afternoon, we speak with our partners at Accenture, as Justin Harvey discusses insourcing versus outsourcing threat intelligence. Our guest, Tony Pepper from Egress Software Technologies, talks about approaches to protecting unstructured data.

And this week's Hacking Humans is also up. In a discussion of fear, flattery, greed, and timing. We get followup feedback on gift cards. Joe describes a banking payment scam on a Canadian university. Dave reveals some sneaky apps. A reader shares a story worth its weight in gold. Jenny Radcliffe from the Human Factor Podcast shares her insights on social engineering.

New York Times Event: Cyberwarfare with Google, Department of Justice & more (Washington, DC, United States, October 30, 2018) David Sanger, national security correspondent for The New York Times will moderate a discussion on cyberwarfare, one of the greatest threats to American democracy and commerce. He will be joined by John Demers, assistant attorney general for the national security division at the Department of Justice; Yasmin Green, the director of research and development for Jigsaw, a Google company; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Dateline SecurityWeek's ICS Security Conference

ForeScout and Belden Form Strategic Alliance to Secure Industrial Environments (ForeScout) Companies execute on joint strategy to address IT/OT convergence by providing visibility and automated access controls to secure mission critical networks

ICS Networks Continue to be Soft Targets For Cyberattacks (Dark Reading) CyberX study shows that many industrial control system environments are riddled with vulnerabilities.

Cyber Attacks, Threats, and Vulnerabilities

Too Quiet? Security Official Wary of Russia’s Cyber-Silence Ahead of Midterms (RealClearLife) As voters across the country ready for the 2018 midterm elections, there has been little hint of a big Russian hacking campaign on election infrastructure.

The U.S. Government Will Use Pop-Up Messages to Dissuade Russian Election Meddling (Slate Magazine) A little well-targeted fearmongering might be sufficient to make employees of the Internet Research Agency think twice about their chosen profession.

U.S. Cyber Command Could Be Way More Aggressive in Deterring Russian Election Meddling (Slate Magazine) It’s time to crank up the volume.

Survey: Fears over election security will stop Americans from voting in midterms (TheHill) Nearly 1 in 5 Americans is unlikely to vote in the upcoming midterm elections, largely over worries of foreign interference, accordi

Google Blocks New Ad Fraud Scheme (SecurityWeek) Google says it recently blocked a new ad fraud scheme spread across a large number of applications and websites and monetizing with numerous ad platforms

Investigating Implausible Bloomberg Supermicro Stories (ServeTheHome) We thoroughly evaluate the claims made by Bloomberg in their Supermicro China tampering stories and found them likely impossible or implausible at best. We take stock of sources and discuss the next steps calling for formal SEC and shareholder investigations of Bloomberg.

DDoS-Capable IoT Botnet 'Chalubo' Rises (SecurityWeek) New malware named Chalubo is targeting IoT devices to ensnare them into a DDoS botnet

Exploit for New Windows Zero-Day Published on Twitter (SecurityWeek) A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August

Malware Targeting Brazil Uses Legitimate Windows Components WMI and CertUtil as Part of its Routine (TrendLabs Security Intelligence Blog) We recently found a malware that abuses two legitimate Windows files — the command line utility wmic.exe  and certutil.exe, a program that manages certificates for Windows — to download its payload onto the victim’s device.

AXA Cyber Attack Prompts Mexico Central Bank to Issue Security Alert (Insurance Journal) Mexico's central bank said on Tuesday it had raised the security alert level in its payment system after a non-banking financial user reported

Cathay Pacific Hit by Data Leak Affecting 9.4M Passengers (SecurityWeek) Hong Kong flag carrier Cathay Pacific said Wednesday it had suffered a major data leak affecting up to 9.4 million passengers

Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See (Motherboard) The Germany-based spyware startup Wolf Intelligence exposed its own data, including surveillance target’s information, passports scans of its founder and family, and recordings of meetings.

Smart cities: 'A cyber-attack could stop the country' (BBC News) As the internet of things takes off, is security being sacrificed in the quest for higher speeds?

'Cyber Pearl Harbor' Unlikely, But Critical Infrastructure Needs Major Upgrade (Forbes) No, vast swaths of the U.S. are not about to go dark and cold because of a "9/11"-style cyberattack. But the nation's critical infrastructure remains much more vulnerable than it should be, and needs to improve its security - a lot.

Twitter thought Elon Musk's bizarre tweets were evidence he'd been hacked (Graham Cluley) It’s an odd state of affairs when the bogus Elon Musk accounts offering bitcoin giveaways appear more legitimate than the real Elon’s tweets.

Security Patches, Mitigations, and Software Updates

WordPress takes aim at ancient versions of its software (Naked Security) If you’re running a very old version of WordPress on your website, the project’s staff would like a word with you.

Firefox 63 Blocks Tracking Cookies (SecurityWeek) Firefox 63 patches 14 vulnerabilities and brings a new cookie policy meant to prevent cross-site tracking

Monero’s Second Bulletproof Protocol Audit Gets All Vulnerabilities Patched Up (BitcoinExchangeGuide) Monero developers seem to be working hard to make the Bulletproof protocol really live up to its name. After the security research company QuarksLab audited the Bulletproof protocol and announced i…

Cyber Trends

Keynote at EnergyTech –control system cyber incidents continue to occur (Control Global) My list of actual control system cyber incidents continues to grow with almost 1,100 incidents with more than 1,000 deaths, and more than $60Billion in direct damage. Unfortunately, there is still very little control system cyber forensics or training for the control system engineers to identify these types of incidents.

Explosive IoT Growth Slowed By ‘Early Adopter Paradox’ (F-Secure) Adoption of the internet of things (IoT) continues to explode but it could be even more transformative, a new F-Secure survey finds.

Security Alert: Lack of Trust Comes with a High Price Tag for U.S. Bus (PRWeb) Almost half (44%) of US consumers have suffered the negative consequences of a security breach or hack, according to new research conducted on behalf of s

Eighty two percent of security professionals fear artificial intelligence attacks against their organization (Neustar) Neustar's International Cyber Benchmark Index™ reveals the top cybersecurity concerns

2018 Global DNS Threat Survey Report (EfficientIP) Discover the prominence and business impact of DNS attacks this past year, plus results from the Coleman Parkes global survey covering multiple sectors.

Endpoint cyberattacks cost organizations more than $7M on average (Clinical Innovation + Technology) As the frequency of cyberattacks increases, the cost to fix security risks is also on the rise. Successful endpoint cyberattacks cost organizations an average of $7.1 million, according to a report that analyzed the state of endpoint security.

More Jobs of the Future: A Guide to Getting and Staying Employed through 2029 (Cognizant) Last year, we proposed 21 jobs that will emerge in the next 10 years and be central to the future of work. This year, we present 21 more.

Marketplace

Ottawa companies turn to tech, training to fill cybersecurity talent gap (Ottawa Business Journal) Experts from Ottawa’s cybersecurity sector say a mix of both tech and talent is necessary to keep Canadians and businesses safe

Apple’s Tim Cook blasts Silicon Valley over privacy issues (Washington Post) He lamented an emerging “data industrial complex” — and eroding trust.

Analysis | The Cybersecurity 202: Tim Cook's sharp rebuke of 'data industrial complex' draws battle lines in privacy debate (Washington Post) Apple is positioning itself as the tech industry's privacy leader. That could pay off.

Twitter Sheds Users Again in Fake-Account Purge (Wall Street Journal) Twitter reported its first consecutive quarterly drop in users, losing more than it had expected and signaling further declines to come as it continues to purge fake accounts. Even so, Twitter said it boosted revenue and swung to a profit as it extracted more advertising revenue out of its existing users.

Google drops plans for Berlin campus (BBC News) The US firm had faced strong local opposition and will now give the space to charities.

Check Point Software to Acquire Dome9 to Transform Cloud Security (Globe Newswire) Acquisition will strengthen Check Point’s position as a global leader in Cloud Security

MIT Spinoff Blockchain Startup Algorand Raises $62M (BostInno) Hires LogMeIn, Fuze Execs

Synack Awarded US Department of Defense Crowdsourced Security Contract (PRWeb) Crowdsourced security is now considered a “best practice” for the US government to protect the nation’s assets and services, thanks in large part to

Department of Defense Awards HackerOne Third ‘Hack the Pentagon’ Crowdsourced Security Contract (BusinessWire) The U.S. Department of Defense (DoD) today announced that HackerOne, the leading hacker-powered security platform, has been awarded a third crowdsourc

Solers Awarded Army Responsive Strategic Sourcing for Service (RS3) IDIQ contract (Virginian-Pilot) Solers, Inc. announced that is has been awarded a prime contract on the Aberdeen Proving Ground (APG) Responsive Strategic Sourcing for Service (RS3)

Perspecta Wins $36 Million Contract with Naval Surface Warfare Center (PR Newswire) Perspecta Inc. (NYSE: PRSP), a leading U.S. government services provider, announced today that it received a...

CrowdStrike Added to the Department of Homeland Security’s Continuous Diagnostics and Mitigation Approved Products List (AP NEWS) CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that its portfolio of cutting-edge solutions, part of the CrowdStrike Falcon® platform, has been approved to deliver critical cyber capabilities in support of the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation Program (CDM).

Raytheon Picks Cybraics & Authentic8 Tech in Push for Critical Infrastructure Cybersecurity (GovCon Wire) Raytheon (NYSE: RTN) has established partnerships with Cybraic

SIEM Leader Exabeam Celebrates Record EMEA Momentum (BusinessWire) Exabeam has announced strong EMEA growth led by significant customer wins, geographic expansion across the region and a rapidly increasing headcount.

Products, Services, and Solutions

Cylance keeps Property Brokers cyber-safe (Computerworld New Zealand) After fighting a losing battle against malware that culminated in a ransomware attack, New Zealand real estate organisation Property Brokers deployed Cylance's antivirus software and says it has successfully blocked all attacks.

Ntrepid Transitions Anonymizer VPN Accounts to InvinciBull (BusinessWire) Ntrepid Corporation announced today that it will be transitioning all Anonymizer.com consumer anonymity accounts to InvinciBull.

Department of Energy (DOE) Announces Funding Award for Dragos’ “Neighborhood Keeper” Program for Threat Detection and Shared Threat Intelligence Across Small Infrastructure Providers (Odessa American) Dragos, Inc, developers of the Dragos threat detection and response platform, announced today the DOE’s partnership on a cooperative agreement to research and develop a collaborative threat detection and shared intelligence program, Neighborhood Keeper.

Quantum Xchange Selects Zayo Group for Dark Fiber to Deploy First Quantum Network in the United States (BusinessWire) Quantum Xchange announces their agreement with Zayo Group for dark fiber to deploy the first Quantum Key Distribution (QKD) network in the U.S.

StackRox Delivers Kubernetes Security and Compliance for Mux (StackRox) Container Security Platform Enables Video Infrastructure Provider to Protect Microservices and Containers in Amazon Web Services and Google Cloud Platform

Combining Threat Detection with Artificial Intelligence, Logz.io Launches Security Analytics App for ELK Stack on its Continuous Operations Platform (GlobeNewswire News Room) Logz.io Security Analytics Combines Operations and Security into one Simple, Open Source Based Platform for Easier and Faster Mitigation

BAE Systems’ Epiphany automatically completes, stores sensitive forms (Jane's 360) Key Points Epiphany could cut down on labour intensive compliance documentation work BAE Systems repository will store all relevant project information BAE Systems has developed a new information security and risk management framework (RMF) tool that searches an organisation’s historical

Palo Alto Networks Secures FedRAMP Milestone (PR Newswire) Palo Alto Networks® (NYSE: PANW), the global cybersecurity leader, today announced its WildFire® malware...

Know your enemy: Lockheed Martin touts ‘intelligence-driven’ cyber security (Military & Aerospace Electronics) In a bland office building 30 minutes from the Pentagon, a wall-mounted screen shows, in real time, every suspicious email and LinkedIn request sent to employees of Lockheed Martin, the world’s largest defense contractor

EclecticIQ strengthens threat intelligence for critical infrastructures with new integrations (PR Newswire) EclecticIQ, which empowers cyber defenses with threat intelligence, today announced the availability of new...

Netscout Launches Arbor Edge Defense for Enterprise DDoS Security (eWEEK) Netscout is aiming to help organizations block both inbound and outbound threats with its Arbor Edge Defense security system.

High-Tech Bridge to Leverage AI and Big Data to Map Application Security Risks and Threats (Global Banking and Finance) Web security company High-Tech Bridge, Winner of the SC Awards Europe 2018 Best Usage of Machine Learning / AI category, launches today ImmuniWeb Discovery AI to conduct the threat-aware risk…

American Express and Rambus Join Forces on Secure Global E-commerce Tokenization (Rambus) Rambus Inc. (NASDAQ: RMBS) and American Express Australia today announced a new collaboration to help merchants enrich and secure e-commerce and m-commerce transactions with tokenization.

Technologies, Techniques, and Standards

Global Study Reveals Increased SD-WAN Deployments, But Networking and Security Challenges Persist (Barracuda Networks) Research Indicates Improved Network Security, Connectivity, Flexibility, and Cost Savings with SD-WAN

Is AI Resilient Enough for Security? (SIGNAL) Machines need to be hard to fool and reliable under pressure.

3 Public Cloud Security Myths Debunked (SecurityWeek) Enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud

3 Strategies for Successful Cybersecurity Programs (Government Technology) The 2018 Deloitte-NASCIO Cybersecurity Study found that while CISOs are gaining a real foothold in state government, there remain key areas where progress can still be made.

CA Veracode’s Latest State of Software Security Report Finds Organizations Implementing DevSecOps Address Flaws 11x Faster Than Others (GlobeNewswire News Room) First Veracode analysis of flaw persistence finds 1 in 4 flaws remain open more than a year after discovery

The Enduring Password Conundrum (SecurityWeek) Instead of relying solely on passwords, security professionals should consider implementing a Zero Trust approach to identity and access management based on the these best practices.

Examining Cybersecurity from a Risk-Management Viewpoint (InCyberDefense) When it comes to risk management for an organization, it can be used to leverage multiple solutions to bolster an organization’s security.

Are you Cyber Aware? How about your friends and family? (Naked Security) A Cyber Aware survey found 30% of Britons still have just one password for all their accounts – so let’s help that 30% change their lives!

Design and Innovation

Facebook says it removed 8.7M child exploitation posts with new machine learning tech (TechCrunch) Facebook announced today that it has removed 8.7 million pieces of content last quarter that violated its rules against child exploitation, thanks to new technology. The new AI and machine learning tech, which was developed and implemented over the past year by the company, removed 99 percent of th…

Why Duo Security’s dev team includes game designers and self-taught coders (Built In Austin) Duo Security has a unique approach to recruiting engineers. Instead of looking strictly for candidates with experience in cybersecurity, the company also seeks out those with complementary skill sets. This has opened the door for former video game designers, systems administrators and self-taught engineers to join Duo’s team.

Academia

Georgetown University Partners with Cybersecurity Company to Augment Graduate Programs (Telos) Telos Corporation Offers Real-world Cyber Experience through Workforce Events and Internships

Legislation, Policy, and Regulation

Shifting Patterns in Internet Reveal Adaptable and Innovative North Korean Ruling Elite (Recorded Future) Over the course of the past year and a half, Recorded Future has published a series of research pieces revealing unique insight into the behavior of North Korea's most senior leadership.

Calls grow for foreign powers law to limit Russian influence (Times) Parliamentarians, lobbyists and advisers with financial links to overseas powers should be forced to declare such arrangements in a public register, say proposals backed by MPs. Cross-party calls...

UK cyber intelligence chief urges west to engage with China (Financial Times) Ian Levy softens GCHQ tone after warnings about big telecoms and tech companies

The UK and the Netherlands to keep cyber security partnership alight (IT PRO) Further cooperation is expected between the UK and Holland within cyber security and digital industries

Eisenkot: Someday the IDF will be under one cyber command (The Jerusalem Post) Israel cyber chief: Until disaster happens, world will not have united cyber defense.

NSA official: new U.S. cyberwar policy isn't the 'Wild West' (FCW) Rob Joyce, former White House cyber coordinator, said the Trump administration's new cyber warfare policy is more 'thoughtful' than some might think.

Agency tech leaders want more force behind Nat'l Cybersecurity Strategy (Federal News Network) The White House recently released the first National Cybersecurity Strategy in 15 years. Now top tech leaders in the administration seek to put some force behind it.

DHS Preps Extra Cyber Support for States with Close Midterm Races (Nextgov.com) The tightness of an election is just one factor in where the Homeland Security Department will field its Election Day cybersecurity teams.

Litigation, Investigation, and Law Enforcement

This Week's Bomb Scares Are a Perfect Misinformation Storm (WIRED) News of apparent mail bombs targeting prominent Democrats and CNN give way to a deluge of false reports, partisan finger-pointing, and bad-faith conspiracy theories online.

Saudi crown prince calls Khashoggi murder ‘heinous crime,’ vows perpetrators will be brought to justice (Washington Post) In an appearance at an investment conference in Riyadh, Crown Prince Mohammed bin Salman acknowledged no responsibility for the journalist’s murder.

UK watchdog hands Facebook maximum £500K fine over Cambridge Analytica data breach (TechCrunch) The U.K. Information Commissioner’s Office (ICO) has confirmed that it has hit Facebook with a maximum £500,000 ($645,000) fine around the way it mishandled user data following the Cambridge Analytica scandal earlier this year. The ICO announced its intention to hand Facebook the fine back in July …

Google and Facebook accused of secretly tracking users’ locations (Naked Security) Google and Facebook have been hit separately by class action lawsuits accusing them of secretly tracking user locations.

How One Stubborn Banker Exposed a $200 Billion Russian Money-Laundering Scandal (Wall Street Journal) Billions in illicit funds flowed through accounts held at Danske Bank’s branch in tiny Estonia. One employee dug into the details and tried to alert his superiors at headquarters. The resulting scandal cut the bank’s value in half, cost the CEO his job and prompted a new round of soul-searching.

A convenient omission? Trump campaign adviser denied collusion to FBI source early on (TheHill) Just weeks after the FBI opened a dramatic counterintelligence probe into President Trump and Russia, one of his presidential campaign advisers emphatically told an undercover bureau source there was no election collusion occurring because such activity would be treasonous.

Trump has two ‘secure’ iPhones, but the Chinese are still listening (TechCrunch) President Trump has three iPhones — two of them are “secure” and his third is a regular personal device. But whenever the commander-in-chief takes a call, his adversaries are said to be listening. That’s according to a new report by The New York Times, which put a spotlight on the…

When Trump Phones Friends, the Chinese and the Russians Listen and Learn (New York Times) President Trump has been repeatedly told by aides that his cellphone calls are not secure from foreign spies. But he has refused to heed the warnings to stop talking.

Why does one California county sheriff have the highest rate of stingray use? (Ars Technica) San Bernardino County denies EFF's request to see 6 stingray warrant applications.

Former High School Teacher Pleads Guilty to “Celebgate” Hacking (US Department of Justice) A Richmond man pleaded guilty today to unauthorized access to a protected computer and aggravated identity theft.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...

Upcoming Events

2018 ICS Cyber Security Conference USA (Atlanta, Georgia, USA, October 22 - 25, 2018) SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity. Since 2002, the conference has gathered ICS...

Energy Tech 2018 (Cleveland, Ohio, USA, October 22 - 26, 2018) The annual EnergyTech Conference & Expo is an organized event, supported by NASA and INCOSE, highlighting advancements in Energy, Smart-Grids and Microgrids, Aerospace, Critical Infrastructure, Security...

Global Resilience Federation Summit on Third-Party Risk (Leesburg, Virginia, USA, October 24 - 26, 2018) The purpose of the GRF Summit on Third-Party Risk is to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. Space is limited for this complimentary event, and registration will be capped and by-approval only. Attendees will include ISAC/ISAO member organizations plus third-party vendors and suppliers.

Wild West Hackin’ Fest (Deadwood, South Dakota, USA, October 25 - 26, 2018) We’re back for another year of amazing talks, great company and exciting hands-on hacking labs. It will be hard to top our amazing inaugural year, but we’ve taken your feedback and plan to make this event...

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...

Times Talks: Arming for Cyberwarfare (Washington, DC, USA, October 30, 2018) David Sanger, a national security correspondent and author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,” will moderate a discussion in Washington, D.C., on cyberwarfare, one of the...

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.