skip navigation

More signal. Less noise.

Optimize your security teams with threat intelligence.

At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.

Daily briefing.

Saturday's terrorist attack on a military parade in the Iranian city of Ahvaz killed at least twenty-nine: twelve members of the Revolutionary Guard and seventeen civilian spectators, including children and the elderly. Responsibility for the murders has been claimed by several groups, including ISIS and the Ahvaz National Resistance (an Arab opposition group that operates a television station from London). Tehran attributes the attack to the separatist Patriotic Arab Democratic Movement in Ahwaz (which denies involvement), but the Islamic Republic places ultimate blame on the US, the UK and the Arab Gulf states. Renewed cyber conflict among Iran, its allies, and its adversaries may be expected.

The Zero Day Initiative at the end of last week reported a vulnerability in the Microsoft JET Database Engine. It's said to affect all versions of Windows. Trend Micro, which discovered the issue, disclosed it to Microsoft. The Zero Day Initiative has gone public with the disclosure because one-hundred-twenty days have elapsed since Redmond was notified. The Register says that 0Patch has promised to offer its own fix; 0Patch has been tweeting about the vulnerability.

ANSSI, France's national information security agency, is asking outsiders to contribute to the development of CLIP OS, ANSSI's Linux-based, security-optimized operating system.

Tough talk about Russian cyber operations and the prospect of Western retaliation has been emerging from both the US and the UK. 

Russian regional elections appear not to have gone entirely as Moscow would have wished.

Stolen frequent-flier miles are a hot commodity in dark web souks.

Notes.

Today's issue includes events affecting Bahrain, China, European Union, India, Iran, Japan, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States.

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.

In today's podcast, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a US ruling on warrantless GPS tracking at the border.

And, in case you missed it, be sure to check out the most recent episode of Research Saturday. This one looks at what industrial control system honeypots turn up. We speak with Ross Rustici, senior director of intelligence services at Cybereason, and he shares the news that it's no longer just the nation-states fiddling with industrial control systems.

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

New Virobot Ransomware and Botnet Emerges (SecurityWeek) A newly discovered piece of malware combines ransomware and botnet capabilities in a single package, Trend Micro security researchers reveal.

Researcher Discloses New Zero-Day Affecting All Versions of Windows (The Hacker News) Researcher Discloses Unpatched Windows Zero-Day Vulnerability In Microsoft JET Database Engine

ZDI Shares Details of Microsoft JET Database Zero-Day (SecurityWeek) Trend Micro's Zero Day Initiative (ZDI) has shared details on a zero-day vulnerability impacting the Microsoft JET Database Engine. ET Database Engine that could be exploited for remote code execution.

ZDI-CAN-6135: A Remote Code Execution Vulnerability in the Microsoft Windows Jet Database Engine (Zero Day Initiative) Today, we are releasing additional information regarding a bug report that has exceeded the 120-day disclosure timeline. More details on this process can be found here in our disclosure policy . An out-of-bounds (OOB) write in the Microsoft JET Database Engine that could allow remote code execut

Microsoft's Jet crash: Zero-day flaw drops after deadline passes (Register) Don't click on that dodgy link, people

Twitter says bug may have exposed some direct messages to third-party developers (TechCrunch) Twitter said that a “bug” sent user’s private direct messages to third-party developers “who were not authorized to receive them.” The social media giant began warning users Friday of the possible exposure with a message in the app. “The issue has persisted since…

Zaif Cryptocurrency Exchange Hacked Losing $60 Million To Hackers (Latest Hacking News) Japan's Zaif cryptocurrency exchange allegedly lost cryptocurrencies worth $60 millions to hackers. This includes theft of 6000 BTC as well.

Suspicious DNS Requests ... Issued by a Firewall (SANS Internet Storm Center) An anonymous reader contacted us because he noticed DNS requests for malicious domains originating from his Windows machine, even before he opened a browser.

Thousands of Breached Websites Turn Up On MagBo Black Market (Threatpost) The research team said it has shared its findings with law enforcement and victims are being notified.

Lucy Gang Debuts with Unusual Android MaaS Package (Threatpost) The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.

Malware Businesses Blending the Legitimate and the Illegitimate (SecurityWeek) A malware development organization can and does acquire and use our same tools to “improve” their product.

Thousands of stolen frequent flyer miles of top airlines sold on Dark Web (HackRead) Dark Web has become a business hub for malicious hackers and cybercriminals.

Analysis | The Cybersecurity 202: Why lawmakers' personal accounts are a prime target for foreign hackers (Washington Post) Congress doesn't have a plan for protecting them.

Foreign hackers a legitimate concern for ballot machines, says cybersecurity expert (TheHill) Cybersecurity expert Dena Graziano on Thursday said foreign hackers are a legitimate concern for U.S. ballot machines.  

Wireless Infusion Pumps Could Increase Cybersecurity Vulnerability (HealthITSecurity) Wirelessly connecting infusion pumps to point-of-care medication systems and EHRs improves healthcare delivery but also increases cybersecurity vulnerability.

Bankrupt NCIX customer data resold on Craigslist (Naked Security) What happens to sensitive customer data when a large company that has collected it over many years suddenly goes bust?

Cyber attack limits parental access to Oklahoma City schools site (NewsOK.com) Spokeswoman Beth Harrison said the "denial of service" attack on Infinite Campus, which houses the district's parent portal, has made it difficult if not impossible to access the site.

Arran Brewery attacked with ransomware under cover of recruitment-ad CV spam (Computing) Attackers placed Brewery job ads on recruitment sites worldwide to provide cover for their phishing emails,Security ,Arran Brewery,ransomware,CV spam

Security Patches, Mitigations, and Software Updates

Twitter says it patched a bug that could have shared users' private messages (CNBC) Twitter said Friday that private messages sent between users and some brands since May 2017 might have been improperly shared with external software developers.

Gmail users now automatically logged into Chrome without their consent (Computing) Google has apparently changed Chrome's default permissions without informing users

Did Apple Just End The 'Golden Age' Of Government iPhone Hacking? (Forbes) Apple iPhone XS, XR and XS Max have been called the most secure iPhones ever. And it may well have ended the so-called "golden age" of government iPhone hacking ...

iTunes is assigning you a ‘trust score’ based on emails and phone calls (Naked Security) It’s just a number to detect fraud, not a Black Mirror-esque score that’s going to rate us all as social misfits unworthy of wedding invitations.

Cyber Trends

The Coming Crime Wars (Foreign Policy) Future conflicts will mostly be waged by drug cartels, mafia groups, gangs, and terrorists. It is time to rethink our rules of engagement.

A law enforcement view of emerging cybercrime threats (Help Net Security) Europol’s Internet Organised Crime Threat Assessment offers a law enforcement view of the threats and key developments in the field of cybercrime.

How companies view their cyber exposure, and how they deal with it (Help Net Security) 52% of respondents believe that suffering a cyber attack is inevitable, yet a majority reported not taking adequate steps to protect themselves.

Cyber security: Your boss doesn't care and that's not OK anymore (ZDNet) Hacking and data breaches are an ongoing threat, so why are so many execs ignoring the issue?

Better security needed to harness the positive potential of AI (Help Net Security) Digital Transformation Barometer finds better security needed to harness the positive potential of AI and mitigate risks of malicious attacks.

Akamai says UK saw 30% rise in malicious logins in May and June (IBS Intelligence) Malicious login attempts in UK by bots using credential stuffing grew by 30% in May and June this year, a report from Akamai showed.

SMB Pulse Survey (Webroot) Webroot and the small- to medium-sized business (SMB) focused research agency Bredin recently conducted a survey on the cybersecurity habits of small (1-19), medium (20-99), and large (100-500) companies.

TAG Cyber Annual: Automation, Analytics & Cloud Driving Improved Security Picture (Light Reading) Organization led by former AT&T security chief Ed Amoroso updates third volume of annual reports tracking cybersecurity trends.

How organizations overcome cybersecurity hiring challenges (Help Net Security) This report provides a window into how this gap can be leveraged by individuals and organizations alike to overcome cybersecurity hiring challenges.

For Hackers, Anonymity Was Once Critical. That’s Changing. (New York Times) At Defcon, one of the world’s largest hacking conferences, new pressures are reshaping the community’s attitudes toward privacy and anonymity.

Marketplace

Google Suppresses Memo Revealing Plans to Closely Track Search Users in China (The Intercept) The company forced employees to delete the document, which stated that a Chinese partner would have “unilateral access” to user data.

Why the Right-wing backlash against Google is only going to get worse (The Telegraph) Tech giants have successfully seized power, but now they find it makes them a target

Facebook under fire as cyberbullying scheme struggles to hit targets (The Telegraph) Facebook is facing calls to take concrete action on cyber-bullying after it emerged a scheme it is helping fund to protect children has been forced to push back targets.

John Oliver Calls Facebook 'a Fetid Swamp of Mistruths and Outright Lies' (Motherboard) Oliver goes long on Facebook's content moderation problems.

The curious sudden rise of free US election 'net security guardians (Register) There is no such thing as a gratis lunch, after all

LORCA: Driving Startup Growth & Innovation (Infosecurity Magazine) Michael Hill attended the official opening of East London’s new center for cybersecurity advancements and reports on the new development

Products, Services, and Solutions

50 Best Cloud Security Podcasts (Security Boulevard) Some of the earliest podcasters were influencers in the technology and online space. For well over a decade, programs that specifically discuss security news and topics have been keeping people up to date on data and systems safety. For many, it’s the ideal medium to learn about the latest happenings in the industry via a …

News Site to Investigate Big Tech, Helped by Craigslist Founder (NYTimes) The Markup, dedicated to investigating technology and its effect on society, will be led by two former ProPublica journalists. Craig Newmark gave $20 million to help fund the operation.

Alternate E Source and Blue Ridge Networks Announce Partnership to Bring Cybersecurity Solutions to Smart Building Technology (PR.com) Alternate E Source, provider of Kentix IoT smart sensor technologies, and Blue Ridge Networks, a Northern Virginia based Cybersecurity company, today announced a partnership to add a new layer of cybersecurity...

Company That Pushed Hackers Out of DNC Now Protecting Government Systems (Nextgov.com) CrowdStrike is authorized to protect ‘moderate impact level’ cloud-based government systems.

RedSeal Launches Remote Administrator Managed Service to Augment Customers' Security Teams (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

RSA launches £25m capacity cyber protection product (ReinsuranceNe.ws) RSA, one of the largest UK commercial insurers, has expanded its cyber protection to provide standalone, comprehensive worldwide cover of up to £25

Verizon Digital Media Services adds managed security services to its cloud solution for enterprises - Verizon Digital Media Services (Verizon Digital Media Services) New offering is available as part of a suite of security services including a dual web application firewall, DDoS protection, bot management, and real-time analytics and reporting

U.S. General Services Administration Selects HackerOne as TTS Bug Bounty Partner (Odessa American) HackerOne, the leading hacker-powered security platform, today announced the General Service Administration’s (GSA) Technology Transformation Service (TTS) awarded HackerOne a multi-year contract to run a bug bounty program. GSA was the first federal civilian agency to engage in a bug bounty program and continues their ongoing momentum with this latest bug bounty contract.

Technologies, Techniques, and Standards

French cybersecurity agency open sources security hardened CLIP OS (Help Net Security) The National Cybersecurity Agency of France (ANSSI) has decided to open source CLIP OS, a Linux-based, security hardened operating system.

Amnesty International Toils To Tell Real Videos From Fakes (RadioFreeEurope/RadioLiberty) The rights group Amnesty International is determined to expose fake Internet videos and confirm the authenticity of real footage documenting human rights abuses.

Privacy Protection Means Encryption at the Application Layer (SecurityWeek) As organizations work to address GDPR compliance requirements, it would be a mistake to implement data security measures without holistic consideration for application layer encryption and vulnerability assessments.

Reconciling information security and shrink-wrap agreements (CSO Online) Addressing the security risks that come with non-negotiable shrink-wrap (or click-wrap) agreements.

Mitigate Risk From Malicious and Accidental Insiders (SecurityWeek) Every industry has insiders that are disgruntled, may be seeking revenge or simply want to make a profit and aren’t above engaging in illicit activity to do so.

Machine Learning Confronts the Elephant in the Room (Quanta Magazine) A visual prank exposes an Achilles’ heel of computer vision systems: Unlike humans, they can’t do a double take.

What do you mean by storage encryption? (Help Net Security) In my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and

5 Reasons why e-commerce sites need a token gateway (Rambus) Growing card-not-present fraud is driving demand for card-on-file EMV payment tokenization. As industry players look to simplify tokenization initiatives, token gateway solutions can deliver considerable competitive advantages:

We are all at risk from high-tech snooping (Times) Smuggling Oleg Gordievsky out of the Soviet Union under the noses of the KGB was one of the greatest feats in British intelligence history. It wouldn’t work today. Britain’s top spy in the KGB...

Design and Innovation

Clouldflare and Google Will Help Sync the Internet's Clocks—and Make You Safer (WIRED) Syncing clocks online is vital to web security, which is why Cloudflare will embrace Google's next-gen timekeeping protocol.

Microsoft offers completely passwordless authentication for online apps (Ars Technica) Phone-based authentication is the way forward instead.

The New YubiKey Will Help Kill the Password (WIRED) The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether.

Pokémon's revival raises bar for data privacy and protection (SiliconANGLE) It’s really hard to overestimate the power of small, game-animated, yellow furry bodies.

PAID POST: Can blockchain save the vote? (TechCrunch)   Elections are a symbol of hope and freedom, and the right to vote is an expression of belonging and of having a voice. We trust our electoral systems to preserve an immutable record of the voices we have raised, and the choices we have made. Yet the concept of “one person, one vote” is [&hel…

Academia

Sinclair receives almost $1 million in grant award (WDTN) The grant money will be used to support the Community College Accelerated CyberCorp Pilot Program, a project that aims to help strengthen cybersecurity education programs and improve security of information technology across the country.

Experience often key in cybersecurity job market (The Augusta Chronicle) he arrival of U.S. Army Cyber Command will bring hundreds of jobs to the Augusta area, and schools are attempting to meet that demand.

Legislation, Policy, and Regulation

Challengers Defeat Pro-Kremlin Candidates In Two Governor Races (RadioFreeEurope/RadioLiberty) Two challengers have defeated pro-Kremlin candidates in gubernatorial runoffs, amid widespread anger over pension reforms backed by the ruling United Russia party and President Vladimir Putin.

Kremlin Scrambles As Regions Prepare For Runoff Votes (RadioFreeEurope/RadioLiberty) Regional elections have exposed cracks in the Kremlin's "power vertical," leaving Moscow scrambling to avert defeat in regional runoff elections.

U.S. urge other countries to curtail ties with Russia’s defense and intelligence sectors (Vestnik Kavkaza) The Trump administration will continue to vigorously implement CAATSA and urge all countries to curtail relationships with Russia’s defense and intelligence sectors, State Department spokeswoman Heather Nauert said in a press statement.

UK plan to build cyber warfare unit to combat online threat posed by Russia, North Korea and Iran (Computing) Plan to build cyber-force being held up by political rows over funding, and command and control

Former MI5 chief calls for UK to mount cyber attacks on Russia  (The Telegraph) One of Britain's most senior former security officials has urged the government to meet Russian "aggression with aggression", by launching retaliatory cyber attacks against Moscow.

U.S. Takes Off the Gloves in Global Cyber Wars: Top Oficials (SecurityWeek) The United States is taking off the gloves in the growing, shadowy cyber war waged with China, Russia and other rivals, National Security Advisor John Bolton said.

Trump’s national cyber strategy praised by experts (Fifth Domain) President Donald Trump’s new national cyber strategy has been met with praise by experts and even political opponents

Trump eases curbs on US cyber weapons as election threat looms (The Straits Times) President Donald Trump has issued an order making it easier for the United States to launch cyber attacks, highlighting the potential for a counter-attack if a foreign government is found to be trying to meddle in congressional elections in November.. Read more at straitstimes.com.

Trump Has a New Weapon to Cause ‘the Cyber’ Mayhem (Foreign Policy) The U.S. president and his advisor John Bolton want to take the gloves off in cyberspace—but experts worry offensive attacks could backfire.

Trump's new strategy means the U.S. could get more aggressive with Russia and China over hacking (CNBC) Some of the changes emphasize a shift toward a more offensive cybersecurity posture, a longtime request from the National Security Agency and cybersecurity branches of the U.S. Armed Forces.

Bill to codify DHS cyber program introduced into Senate after passing House (SC Media) Two weeks after it passed the U.S. House of Representatives, a bill that would codify and modernize the Department of Homeland Security (DHS) Continuous

U.S. Senate introduces companion bill to Ratcliffe’s cybersecurity legislation (Ripon Advance) A U.S. Senate version of the bipartisan Advancing Cybersecurity Diagnostics and Mitigation Act introduced by U.S. Rep. John Ratcliffe (R-TX) was unveiled on Sept. 18. Rep. Ratcliffe said he was grateful that his Texas counterpart, U.S. Sen. John Cornyn (R-TX), Read more...

DHS cyber-agency bill may finally come to pass; will it make a difference? (Inside Cybersecurity) The frenetic recent efforts by Senate Homeland Security and Governmental Affairs Chairman Ron Johnson (R-WI) to secure final passage of a long-stalled DHS reorganization measure may finally pay off -- prompting the next question: whether creation of a cyber agency at the Department of Homeland Security actually improves cybersecurity.

DHS Needs to Define Network Disruptions Before It Can Fight Them (Nextgov.com) Agencies have different definition of what an outage is and that matters.

House Members Plan Election Hacking Demonstration (Roll Call) Two members of the House, a Democrat and Republican, will sponsor an event to show how easy it is to engage in hacking a voter database.

Separate The NSA And Cyber Command Now (Law360) Since its inception in 2009, U.S. Cyber Command has been functioning concurrently and under the same leadership as the National Security Agency. In the beginning this may have been appropriate, but in today’s environment they should be conducting their missions independently, says Daniel Garrie of JAMS.

Government draws up plans for social media regulator following Telegraph campaign (The Telegraph) Ministers have started drafting proposals for new laws to regulate social media and the internet after a Daily Telegraph campaign.

While Everyone Was Distracted By Strawberries, Peter Dutton Introduced Laws To Snoop On Your Private Chats (BuzzFeed) The legislation was introduced into parliament just 10 days after consultation ended, and not all submissions have been made public.

Politicians are threatening our right to have private discussions - we must not let them ban secret social media groups (The Telegraph) Imagine being unable to hold a conversation in your own house without the world knowing the topic of conservation and where you live.

Social media is a battlefield that can perpetuate sexual violence and cyber-bullying (Times Live) Rape culture and cyber-bullying are dominating the spaces students at higher-education institutions find themselves in. The South African Human Rights Commission (SAHRC) in collaboration with the University of Johannesburg held a dialogue in an effort to unpack the causes and solutions to the challenges of rape culture and cyber-bullying at universities.

SEC shuffle: CIO, top cyber adviser to step down (FCW) The personnel moves come as the agency looks to FireEye for cyber forensic support.

California wants to stop hackers from taking control of smart gadgets (MIT Technology Review) A proposed state law would help bolster the security of internet-connected devices, but what’s really needed is federal action.

California may ban terrible default passwords on connected devices (Engadget) A proposed law could force smart device manufacturers to shore up security.

State Cybersecurity Plan to Advise Businesses, Election Administrators (93.1 WIBC) A new state cybersecurity plan hopes to help yo

Litigation, Investigation, and Law Enforcement

Iran vows vengeance after military parade slaughter (Times) Iran furiously condemned Britain and other European countries for “harbouring terrorists” yesterday as it accused the West of orchestrating an attack on a military parade that killed 29 people. A...

Analysis | Who spread disinformation about the MH17 crash? We followed the Twitter trail. (Washington Post) The answer might surprise you.

Senators are asking whether artificial intelligence could violate US civil rights laws (Quartz) Senators are pressuring government agencies to study bias in artificial intelligence.

Facebook faces sanctions if it drags its feet on data transparency (Naked Security) The EU justice commissioner said she’s out of patience. Also, she quit Facebook because it’s a “channel of dirt.”

Why was Equifax fined for 2017 cyber attack? (Evening Standard) Credit reference agency Equifax has been fined £500,000 for failing to protect peoples' personal information during a 2017 cyber attack. Up to 15 million Brits had their personal information compromised in the attack but the company said the breach would not have put consumers at risk.

Blockchain Used to Track Down DNC Email Hackers (CoinCentral) The bitcoin blockchain was used to track down Russian DNC hacker group. Find out more about this at CoinCentral.

Trump walks back his plan to declassify Russia probe documents (Washington Post) President says Justice Dept. and others convinced him to change course

Trump Aide Taps 'Fastest Growing' Boutique in DNC's Russia Interference Case (New York Law Journal) For Pierce Bainbridge Beck Price & Hecht—which aims to beat firms like Quinn Emanuel at their own game—client George Papadopoulos is the firm's first foray into the legal drama surrounding Russia and the election of President Donald Trump.

Cybercrime police in Vizag alert citizens about fake sellers in OLX (Yo Visag) Considering the rise in cybercrime activities, the Vizag Cyber Police are alerting the citizens to be careful while dealing with strangers on the popular sell and buy e-platform OLX.

Vote Leave Analytics Firm Hit with GDPR Notice (Infosecurity Magazine) Vote Leave Analytics Firm Hit with GDPR Notice. Another blow for leave campaign

Chinese police arrest 21 over data theft at Alibaba's delivery arm:... (Reuters) Chinese police on Friday arrested 21 suspects in connection with the theft of cu...

Hacker gets 14 years jail time for operating Scan4You malware scanning service (HackRead) Follow us on Twitter @HackRead

Ecuador wanted to make Julian Assange a diplomat and send him to Moscow (Ars Technica) Reuters: UK's Foreign Office did not accept diplomatic status, so plan was scuttled.

Victims report losing more than £21 million in one year to Computer Software Service fraud (Action Fraud) Action Fraud launches a campaign to warn people about the threat of Computer Software Service fraud, one of the country’s most reported top five frauds.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...

Upcoming Events

IT Security Leadership Exchange (Phoenix, Arizona, USA, September 23 - 25, 2018) IT Security Leadership Exchange is an invitation-only, strategic business summit that gathers Chief Information Security Officers (CISOs), senior decision-makers, and industry experts to address the unique...

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...

Merging of Cyber Criminal and Nation State Techniques: A Look at the Lazarus Group (Loudon, Virginia, USA, September 24, 2018) This presentation on North Korea's Lazarus Group as a case study of the convergence of organized cyber crime and nation-state intelligence services will be led by Allan Liska, a solutions architect at...

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...

The Cyber Security Summit: New York (New York, New York, USA, September 25, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout...

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...

Borderless Cyber USA 2018 (Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.