skip navigation

More signal. Less noise.

Get the top 10 vulnerabilities used by cybercriminals.

Recorded Future researchers have scoured open web, dark web, and technical sources to discover which vulnerabilities are being actively exploited by cybercriminals. Download the report now.

Daily briefing.

A number of observers were struck by apparent similarities between the British Airways breach and the earlier incident at Ticketmaster. This morning RiskIQ offered an explanation for the similarity: the company says that the two hacks were conducted by the same criminal group, "Magecart." The company has been tracking Magecart since 2015. The researchers also say the gang remains active on an unusually large scale, conducting "digital skimming" attacks against a range of enterprises: they scan for websites that don't secure payment card data entry forms, and then take whatever's available. This time their attack seems to have been more tailored than usual. British Airways hasn't commented on the attribution.

Trend Micro has responded to accusations that surfaced over the weekend and resulted in the ejection of some of its security apps from the Apple Store. They don't, the company says, report anything to Chinese servers. And the data collection on user systems they do perform is a one-time thing at the time of installation, not an ongoing scraping of information. Furthermore, it was fully disclosed in the end-user license agreement. Trend Micro says it's now discontinued that particular feature in its apps.

An important case goes before the European Court of Justice this week. Google will be challenging aspects of the EU's "right to be forgotten." In this case Google seems to be on the side of the free-speech angels: many observers see broad application of the right to be forgotten as the entering wedge of more intrusive censorship.

Notes.

Today's issue includes events affecting China, Estonia, European Union, France, Georgia, Israel, Italy, Russia, United Kingdom, United States.

A quick note to our readers: Hurricane Florence is expected make a landfall on the Carolina Banks Thursday afternoon. Here in Baltimore we're north of its track, but we're already seeing heavy rains and some minor local flooding. We don't expect to receive a crippling hit, although of course that could change. If we should miss a day or two (which we don't expect) it's because we're weathered in, not because we've quit on you. Should we go dark for a bit, we'll be working to restore service as soon as possible. If you're in the Carolinas or anywhere else in the storm's path, stay safe and keep out of harm's way. Best of luck to all.

$8.76 million: The average yearly cost of insider threats. Get the report.

Insider threat incidents come with a hefty price tag, according to the “2018 Cost of Insider Threats: Global Organizations” report released by independent research group, The Ponemon Institute. Make sure that you understand the full context (and cost) of these threats by downloading the full report. Get your copy today.

In today's podcast, we hear from our partners at Accenture, as Justin Harvey shares tips on building an effective incident response plan. Our guest is Colin McKinty from BAE systems, discussing the launch of The Intelligence Network, a collaborative task force developed in partnership with Vodafone and Surrey University, to engage, unite and activate the global security community in the fight against cybercrime.

Also, in case you missed it, Recorded Future's podcast, produced in cooperation with the CyberWire, has its latest edition up. This one features an interview with Chris Wolski, head of information security and data protection at Perdue Farms. He shares insights into protecting Purdue's brand, product, and people at the intersection of the cyber and physical worlds.

Rapid Prototyping Event: The Chameleon and the Snake (Columbia, Maryland, United States, September 17 - 20, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event that specifically targets malware signature diversity and signature measurement for Microsoft Windows in a simulated operational environment at a realistic pace. Join us September 17-20, 2018 at UMBC Training Center in Columbia, MD.

The force is stronger when MSPs and MSSPs come together. (Webinar, September 19, 2018) The managed service market has grown tremendously, with the demand for managed security being unprecedented. For managed service providers (MSPs) looking to answer those demands, partnering with a managed security services provider (MSSP) expands access to highly-skilled cyber security analysts and a full suite of security solutions. Join Delta Risk’s webinar, September 19 at 1 PM ET, to learn how the two sides can join forces.

Cyber Security Summits: September 25 in NYC on October 16 in Phoenix (New York, New York, United States, September 25, 2018) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, The NSA, Google, IBM, Darktrace, CenturyLink and more. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Dateline 9th Annual Billington Cybersecurity Summit

Two of the Five Eyes share their cyber priorities. (The CyberWire) Among the Summit's highest profile presentations were keynotes by Jeremy Fleming, Director of Britain's Government Communication Headquarters (GCHQ) and General Paul Nakasone, Director of US Cyber Command and Director, National Security Agency (NSA). They were clear that the special relationship between the agencies they lead is strong, and they were equally in agreement that cyberspace is now a principal arena of great power competition.

Why DHS needs better mobile security than other agencies (Fifth Domain) The top IT officer at the Department of Homeland Security explained the different types of threats DHS faces.

US Federal priorities: military and civilian. (The CyberWire) A number of senior US civilian officials and military officers represented their organizations at the Summit. There was a general consensus that cybersecurity increasingly pervades everything their enterprises do (but that everyone needs to do more security-by-design), that legacy systems remain a field of vulnerabilities (and that their modernization and replacement represents an opportunity to improve security), and that the Government competes for cyber talent at a disadvantage (and must look for creative ways of attracting people into Federal service).

Two special cases: space systems and cyber deterrence. (The CyberWire) Two panels addressed special challenges: securing space systems against cyberattack, and building an effective regime of cyber deterrence.

Cyber Attacks, Threats, and Vulnerabilities

Hackers that compromised Ticketmaster blamed for British Airways security breach (Computing) Magecart's malicious JavaScript so pervasive that commerce websites are being compromised every hour

The British Airways Breach: How Magecart Claimed 380,000 Victims (RiskIQ) RiskIQ data shows Magecart was behind the British Airways breach by compromising javascript on the airline's website with an extremely targeted attack.

How Hackers Slipped by British Airways' Defenses (WIRED) Security researchers have detailed how a criminal hacking gang used just 22 lines of code to steal credit card data from hundreds of thousands of British Airways customers.

British Airways hacking: how not to respond to a cyber attack (The Conversation) BA's handling of the latest corporate cyber attack shows a catalogue of missed opportunities.

Answers to Your Questions on Our Apps in the Mac App Store (Trend Micro) Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false. Trend Micro has completed an initial investigation of a privacy concern related to some of its MacOS consumer products. The results confirm that Dr Cleaner, Dr Cleaner Pro, Dr. Antivirus, Dr. Unarchiver, Dr. Battery, and...

Three Trend Micro Apps Caught Collecting MacOS User Data (Dark Reading) After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.

Mac App Store: Tools von Trend Micro schicken ebenfalls Daten nach China – ist es wirklich Trend Micro? (MacTechNews.de) Der "Adware Doctor" war kein Einzelfall, auch andere populäre Systemtools aus dem Mac App Store greifen unbemerkt Nutzerdaten ab und schicken diese nach China. Apple verbannte fragliche Programme von Trend Micro – muss sich jetzt jedoch die Frage stellen, wie man derlei Vorfälle in Zukunft verhindern kann.

North Korean hackers' evolution on display in US case (Nikkei Asian Review) Extensive legwork employed to gain trust before attacks unleashed

China-linked Hackers Use Signed Network Filtering Driver in Recent Attacks (SecurityWeek) China-linked hackers have been using a digitally signed network filtering driver as part of recent attacks to inject a Trojan into the lsass.exe system process memory.

Exploit vendor drops Tor Browser zero-day on Twitter (ZDNet) A company that sells exploits to government agencies drops Tor Browser zero-day on Twitter after recent Tor Browser update renders exploit less valuable.

A Closer Look at the Locky Poser, PyLocky Ransomware (TrendLabs Security Intelligence Blog) We observed waves of spam email delivering the PyLocky ransomware, which posed a challenge to static machine learning-based solutions.

IoT Botnets Target Apache Struts, SonicWall GMS (SecurityWeek) Mirai and Gafgyt Internet of Things (IoT) botnets are targeting vulnerabilities in Apache Struts and the SonicWall Global Management System (GMS)

Fake Beto O'Rourke Texts Expose New Playground for Trolls (WIRED) Someone hijacked a volunteer tool to make it look like Beto O'Rourke encouraged voter fraud—and that could just be the beginning.

Keybase browser extension weakness discovered (Naked Security) Respected researcher Wladimir Palant has recommended users “uninstall the Keybase browser extension ASAP” after discovering a gap in its end-to-end encryption.

APIs: The Trojan horses of security (Help Net Security) Cybercriminals have realised that API calls that originate from inside an app are a blueprint for the infrastructure inside a data centre.

Driverless cars could become a prime target for hackers, top researcher warns (NS Tech) A top security researcher has warned that as objects become more connected through the internet of things, security considerations should be paramount in order to avoid real-world consequences. Speaki

Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob (WIRED) Weak encryption in Tesla Model S key fobs allowed all-too-easy theft, but you can set a PIN code on your Tesla to protect it.

The rise of targeted ransomware (Naked Security) Ransomware hasn’t gone away, but it is getting quieter and more targeted.

Verizon details breaches they were called in to investigate (Help Net Security) Each Verizon Data Breach Digest is a separate cybercrime case study. This year, each of the 18 case studies has been released separately.

Yikes: 1 in 5 employees share their email passwords with coworkers (Naked Security) 19% of employees of small and medium-sized businesses share their passwords with coworkers or assistants, according to a recent survey.

Midland to pay ransom after cyber-attack (Barrie CTV News) The Town of Midland is preparing to pay a ransom after hackers locked down a portion of its computer system more than week ago.

Security Patches, Mitigations, and Software Updates

VPN Firms Release New Patches for Privilege Escalation Flaw (SecurityWeek) VPN companies ProtonVPN and NordVPN have another go at patching a serious privilege escalation vulnerability for which fixes were first released in April

Google Launches Alert Center for G Suite (SecurityWeek) Google is making it easier for G Suite administrators to access notifications, alerts, and actions by bringing them all together in a single place with the launch of a new alert center.

Supermicro servers fixed after insecure firmware updating discovered (Naked Security) Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) – a critical component that datacentres depend on to manage servers.

Silent 5G Radio Bug Discovered by 7SIGNAL Hospital Customer (PRNewswire) One of nation's largest not-for-profit health plans discovers critical Wi-Fi bug, solves issue with 7SIGNAL

Cyber Trends

US Signal’s 2018 IT Resiliency Survey Reveals that 70 Percent of US Bu (PRWeb) US Signal, a leading end-to-end IT solutions provider, today announced the results of its 2018 IT Resiliency Survey. The survey reveals that 70 perc

Sound, Fury, And Nothing One Year After Equifax (Simply Security) One year ago today, Equifax suffered what remains one of the largest and most impactful data breaches in U.S. history. Last September, it was revealed that the personal information of 145 million Americans, almost 700,000 UK citizens, and 19,000 Canadians was stolen by cybercriminals. This information included names, addresses, birthdays, Social Security numbers, and—in some...

Burning down the house: CEO attitudes to cyber security all wrong (CIO) "How many houses burn down every year, compared to how many people buy house insurance?”

Marketplace

As Google turns 20, questions over whether it's too powerful (AP News) Twenty years after Larry Page and Sergey Brin set out to organize all of the internet’s information, the search engine they named Google has morphed into a dominating force in smartphones, online video, email, maps and much more.

Google Is Handing the Future of the Internet to China (Foreign Policy) The company has been quietly collaborating with the Chinese government on a new, censored search engine—and abandoning its own ideals in the process.

Huawei & Honor's Recent Benchmarking Behaviour: A Cheating Headache (AnandTech) Does anyone remember our articles regarding unscrupulous benchmark behavior back in 2013? At the time we called the industry out on the fact that most vendors were increasing thermal and power limits to boost their scores in common benchmark software. Fast forward to 2018, and it is happening again.

As Kaspersky Deadline Approaches, Fears Loom That Contractors Aren’t Prepared (Nextgov.com) Some contractors may not be aware the ban applies to them or that they’re running Kasperksy in the first place. Others don’t understand how complex removing it will be.

OverWatchID Closes $2.5M Financing Round Led By WestWave Capital and Silicon Valley Data Capital (GlobeNewswire News Room) Cybersecurity Firm Extends Seed Round Following Strong VC Interest

Bitdefender on Growth Trajectory with Strategic Investments in Second Half 2018 (Bitdefender) Bitdefender builds on products, partnerships and people with APAC M&A, major licensing deal and new hires

Former Gartner Security and Risk Management Analyst Ian McShane Joins Endgame as Vice President of Product Marketing (Endgame) McShane brings critical knowledge and know-how to the company as it accelerates enterprise momentum and evolves its feature-rich endpoint security platform.

Bitdefender Appoints Monika Goldberg as Vice President of Corporate Marketing (Bitdefender) Following a series of strategic leadership recruits, Bitdefender continues to invest in its go-to-market capabilities with an executive marketing hire

Products, Services, and Solutions

Tor launches official anonymous Android browser (Cyberscoop) Although there has long been a slate of third-party mobile Tor apps, the official app is now slated to be released in early 2019.

RedSeal Launches Remote Administrator Managed Service to Augment Customers’ Security Teams and Make Network Situational Awareness More Widely Available (GlobeNewswire News Room) RedSeal, the leader in network modeling and cyber risk scoring, today introduced RedSeal Remote Administrator, a new managed service to augment customers’ security teams, make network situational awareness more widely available, and help customers increase their digital resilience.

Splunk equips Global Emancipation Network in the fight against human trafficking (iTWire) Non-profit anti-trafficking organisation, the Global Emancipation Network, or GEN, has launched a new Splunk-powered technology platform aimed at figh...

FireMon and KUBRA Partner to Deliver Secure Customer Experience Management Solutions Across North America (FireMon) FireMon and KUBRA Partner to Deliver Secure Customer Experience Management Solutions Across North America

ESET targets ransomware with new security solutions (Punch Newspapers) ESET, a European Union-based endpoint security company, has announced the launch of its new line of enterprise security solutions

Technologies, Techniques, and Standards

‘Only paper ballots by 2020!’ call experts after election tampering (Naked Security) The National Academy of Sciences says the US election system uses insecure technology and is fighting off attempts to destabilize it.

Analysis | The Cybersecurity 202: The U.S. is warning Congo that using electronic voting machines could backfire (Washington Post) The advice underscores the fact that many U.S. states still rely on aging systems.

FDA to bolster cybersecurity of medical devices (Star Tribune) Industry, officials work to boost security of medical devices.

How Automation Helps Security Managers (SecurityWeek) Stan Engelbrecht explains at how automation and orchestration can replace chaos with order, and how security folks in management positions can benefit from this needed change.

Professionalizing Cybersecurity Practitioners (SecurityWeek) Done correctly, a cybersecurity professional body will benefit the nation, its businesses, and the practitioners. Done badly, it could prove an unmitigated disaster.

Certifications A Part Of ‘Vicious Circle’ In Cyber Security Space? (Cyber Security Hub) Amid a talent crisis, the cyber security space is relying on grassroots efforts to build awareness, but also on security certifications. How valuable are they for enterprise teams? We investigate.

Everything You Should Do Before—And After—You Lose Your Phone (WIRED) Misplacing your smartphone—or worse, having it stolen—is awful. But you can at least minimize the damage with a few easy steps.

How internal dysfunction puts your network at risk (Help Net Security) There are consequences for organizations where network and cybersecurity teams have conflicting objectives, and have incomplete network visibility.

Too Many Tools? How Many Tools does the SOC Have? (Bricata) Studies show the security operations center (SOC) may have anywhere from 10 to 100 cybersecurity tools. The real problem, however, isn’t the number of tools, but the lack of integration. #securityanalytics #securityintegration #soc

Design and Innovation

Government has the foundation to make blockchain its secret defense (Fifth Domain) Thwarting data manipulation means a manual audit log process, advanced user behavior analytics and countless man-hours. Blockchain removes these time consuming requirements.

Research and Development

DARPA funds next-generation AI (FCW) The $2 billion 'AI Next' campaign aims to transform computers from specialized tools to partners with contextual reasoning capabilities.

Academia

New Report Details Most Universities Too Slow to Respond to Cyber Threats (PRNewswire) EfficientIP DNS Threat Report reveals 73% of institutions took 3 days+ to apply a patch, leaving them vulnerable to attacks

Secure Channels Blending Academic Theory and Practical Experience by Partnering with Georgetown University's Technology Management Graduate Program (PRNewswire) Program Headed by Dr. Maria F. Trujillo Brings Together Graduate Students and Secure Channels Executives to Work on Dynamic Cybersecurity Problems

Legislation, Policy, and Regulation

Putin Wants God (or at Least the Church) on His Side (Foreign Policy) A contest over the future of Christianity in Ukraine goes to the heart of Moscow's ambitions.

Russia's cyber activities are a concern, but they're still a trade partner: Italian defense minister (CNBC) The leading parties of Italy's new government have long advocated an end to Western sanctions on Russia and supported closer relations with the Kremlin.

Estonia’s First Cyber Ambassador Seeks to Improve Global Cyber Defense (Wall Street Journal) Estonia’s first dedicated cyber ambassador took office on Monday, following several nations that are considering how diplomats can shape cybersecurity policy.

Secretary Kirstjen M. Nielsen Remarks to the National Election Security Summit (Department of Homeland Security) On September 10, Secretary Nielsen gave remarks to the National Election Security Summit.

Former Cyber Diplomat Says U.S. Cutback Sends Wrong Message (Wall Street Journal) While Estonia and other countries expand their diplomatic efforts on cybersecurity, the U.S. Department of State downsized its relevant office last year when Deputy Assistant Secretary Rob Strayer replaced Chris Painter, the outgoing coordinator for such issues who took office in 2011.

The House is Shuttling Through Tech and Cyber Bills but the Senate’s Behind (Nextgov.com) The House passed bills on cyber sanctions, supply chain security and CDM last week.

Rep. Luetkemeyer introduces breach-notice bill focused on finance sector (Inside Cybersecurity) Attempting to move past a long-running inter-sector stalemate over breach-notification legislation, House Financial Services subcommittee Chairman Blaine Luetkemeyer (R-MO) today introduced legislation that would codify notice requirements for financial services entities including insurers.

One Year After Equifax Breach: Criminal Charges, New State Laws and Lost Chances (Wall Street Journal) In the world of cybersecurity, a crisis can be a great motivator. But one year after credit reporting firm Equifax Inc. announced a major data breach, security and policy experts said it has largely been a missed opportunity.

Cybersecurity Background Key for New Information Officer at GPO (Roll Call) Longtime federal cybersecurity and IT expert Sam Musa will be the new CIO for the GPO.

Census CISO to retire; DHS, State name new cyber leaders (FederalNewsRadio.com) Mark Kneidinger becomes the deputy director of DHS’ new National Risk Management Center to further add to the organization’s leadership ranks.

Litigation, Investigation, and Law Enforcement

Google in legal battle with EU over  'right to be forgotten' (The Telegraph) Europe's top judges will today hear a landmark case to determine people's "right to be forgotten" online, in a battle to determine whether personal privacy online is more important than public interest.

Google in France's firing line as right to be forgotten hearing arrives at ECJ (Euractiv.com) It may be your right to be forgotten, but that doesn't mean you can't be found. That is the big issue on the cards on Tuesday (11 September) as France's data regulator locks horns with Google in a hearing on the global application of the EU's right to be forgotten ruling.

Google Case Asks: Can Europe Export Privacy Rules World-Wide? (Wall Street Journal) Google this week will argue in EU’s top court against expanding “right to be forgotten,” the highest-profile case yet to test where jurisdiction begins and ends with data.

Expanding Right To Be Forgotten slippery slope to global censorship, warn free speech fans (Register) Top EU court to rule whether order made in France should be applied everywhere

Russia is main suspect in mystery attacks on U.S. diplomats in Cuba (NBC News) The strong suspicion that Russia was behind the alleged attacks is backed by signals intelligence, meaning intercepted communications, say U.S. officials.

Attackers Made 9,000 Unauthorized Database Queries in Equifax Hack: Report (SecurityWeek) It took Equifax 76 days to detect the massive data breach in 2017, despite the attackers running 9,000 unauthorized queries on its databases, according to a GAO report

A year after Equifax breach, no enforcement actions (AP News) A new report by congressional investigators details how hackers broke into Equifax last year in a breach that exposed the financial information of more than 145 million Americans.

Senate Intel Won’t Have Russia Report By Midterms, Top Democrat Says (Roll Call) Sen. Mark Warner, D-Va., said Sunday the Senate Intelligence Committee would likely not release its report on Russian election interference by the midterms.

Aide shocked by Stirling professor’s claims Russia had Clinton emails (Times) A former aide to Donald Trump has recalled his shock when a Stirling University academic allegedly offered him “categorical” assurances that Russia possessed dirt on Hillary Clinton. George...

Russian extradited to U.S. to face charges over JPMorgan hack (Reuters) A Russian man has been extradited to the United States from Georgia on charges that he took part in a massive computer hack, which targeted JPMorgan Chase & Co and other U.S. companies, U.S. prosecutors announced on Friday.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...

Upcoming Events

2018 International Information Sharing Conference (Tysons Corner, Virginia, USA, September 11 - 12, 2018) Join representatives from fellow information sharing groups with all levels of expertise, security practitioners, major technology innovators, and well-established cybersecurity organizations, as they...

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cybersecurity for Small & Medium Sized Businesses (Gaithersburg, Maryland, USA, September 13, 2018) Learn about technical, legal, cultural and policy cybersecurity issues facing small and medium sized businesses. Panelists include: Markus Rauschecker, J.D. University of MD. Center for Health and Homeland...

International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference (Atlanta, Georgia, USA, September 17 - 19, 2018) The International Consortium of Minority Cybersecurity Professionals (ICMCP) 3rd Annual National Conference continues to elevate the national dialogue on the very necessary strategic, tactical and operational...

Air Space & Cyber Conference (National Harbor, Maryland, USA, September 17 - 19, 2018) Gain new insights and skills to advance your career. Be among the first to see the latest innovations in airpower, space, and cyber capabilities all the while bonding with your fellow Airmen. Inspiring...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SINET Global Cybersecurity Innovation Summit (London, England, UK, September 18 - 19, 2018) SINET, an organization focused on advancing cybersecurity innovation through public-private collaboration, today announced that its annual Global Cybersecurity Innovation Summit (GCIS), will take place...

5th Annual Industrial Control Cyber Security USA (Sacramento, California, USA, September 18 - 19, 2018) Now in its 5th year, this two day executive forum will include presentations, roundtable working groups and panel sessions. Together we will address the escalating cyber risk and resilience challenges...

Security in our Connected World (Beijing, China, September 19, 2018) This year’s seminar will not only examine critical security technologies, such as the Trusted Execution Environment (TEE) and Secure Element (SE), but will also delve into their associated business and...

Detect 18 (National Harbor, Maryland, USA, September 19 - 21, 2018) Detect '18 is the single largest conference dedicated to threat intelligence. This year we're calling on fellow "Threatbusters" to wage a high-tech battle against apparitions (aka bad actors) and learn...

Cyber Beacon (Washington, DC, USA, September 20, 2018) Cyber Beacon is the flagship event of the National Defense University's College of Information and Cyberspace (NDU CIC). The conference brings together cyber experts from across the national security community,...

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.