skip navigation

More signal. Less noise.

Don’t slow down development for application security.

We know that application security testing is a bottleneck for software development—but it’s also crucial. You need a solution that can simplify and automate as much of that process as possible without grinding development to a halt. Code Dx automates the most time-consuming steps in AppSec testing, keeping your DevOps pipeline running as smoothly as possible.

Daily briefing.

ZDNet, citing NetLab 360, says that North Korea's Lazarus Group has begun using the Dacts Trojan as it pivots from a concentration on Windows targets into the Linux ecosystem.

KeyFactor warns that encryption weaknesses in RSA keys (the weaknesses arise from poor entropy, that is, inadequate randomness in key generation) could leave large numbers of IoT devices vulnerable to exploitation.

Check Point urges WhatsApp users to update to the latest version of the app. Their researchers have found that attackers could hit older versions and permanently delete chats, as well as work other mischief.

The city of Pensacola, Florida, continues to recover from the ransomware attack it sustained. The mayor is short on details but says things are going well, WUWF reports. The city has, according to the Pensacola News Journal, hired Deloitte to figure out exactly what damage was done.

In Louisiana, as New Orleans continues its recovery from a Ruyk ransomware attack, a similar incident hits Baton Rouge Community College, the Advocate reports.

Julian Assange is expected to argue during his upcoming extradition hearings that, during the period he enjoyed asylum, holed up in Ecuador's London embassy, he was illegally monitored, and that the data collected in such personal surveillance was sold to the US CIA. This, he is thought likely to maintain, is evidence that he won't be able to receive a fair trial in the US, where he faces multiple charges of violating the Espionage Act, the Guardian reports. Mr. Assange is currently in British custody.

Notes.

Today's issue includes events affecting Australia, China, Germany, India, Democratic Peoples Republic of Korea, Russia, Spain, United Kingdom, United States.

Bring your own context.

Modeling the IoT and modeling ICS may look similar, but they present different challenges.

"But one of the challenges that we're finding, one of the things I wanted to talk about, is when you move from ICS to IoT, you're moving to this completely different physical process. So within industrial control systems, actually, it's quite straightforward to create something that emulates the water treatment work or electricity grid - notwithstanding those are quite complex, but it's a defined and scoped process. But the problem with a lot of IoT-type work is the process you're trying to emulate and simulate is that of people, that of a group of people working in a building. If you're thinking about industrial IoT, yes, again, that's related to industrial processes. But a lot of the IoT technology that sits around that also interacts with humans in a slightly different way than just your pure industrial control system. So one of the challenges we're trying to tackle here at Lancaster is how do we build an IoT testbed that enables us to have high accuracy around the human aspect of interaction with those systems."

—Daniel Prince, senior lecturer in cybersecurity at Lancaster University, on the CyberWire Daily Podcast, 12.13.19.

And, of course, all models remain imperfect representations of reality. Extremely useful, but not exactly the real thing, either.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

In today's Daily Podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses Google location data being used to find a bank robber.

And Recorded Future's podcast, produced in partnership with the CyberWire, is also up. In this episode, "Insights From a Distinguished Law Enforcement Veteran," former Boston Police Commissioner Edward Davis shares his thoughts on law enforcement in the age of ransomware and the role that threat intelligence plays.

Information Security Institute Virtual Information Session (Online, January 23, 2020) Our graduate students in the Johns Hopkins University Information Security Institute work alongside our faculty who are world-renowned for their research in cryptography, privacy, medical information security, and network and system security. To learn more, register for the January 23rd one-hour session to get an overview of the Information Security Institute. Panelists will provide a program overview, areas of research, admissions requirements, and discuss life in Baltimore.

6th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 25, 2020) The 6th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 25th, in Baltimore, Maryland. Learn about the do’s and don’ts of risk management with industry leaders and other cyber professionals. Check out the details at http://isi.jhu.edu and click on 6th Annual Cybersecurity Conference for Executives.

Cyber Attacks, Threats, and Vulnerabilities

Russian disinformation network said to have helped spread smear of U.S. ambassador to Ukraine (Washington Post) Five days after false reports of a "do not prosecute list," a fake image of the list appeared online. It was spread by a campaign attributed to Russia.

Lazarus pivots to Linux attacks through Dacls Trojan (ZDNet) The Trojan is able to infect both Windows and Linux machines.

Report: African Mobile Internet Users Exposed in Huge Data Leak (vpnMentor) Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in a database belonging to South Africa ICT company,

This WhatsApp bug could allow hackers to crash the app and delete group chats forever (ZDNet) Researchers detail security flaw that allowed hackers to crash WhatsApp and permanently delete contents of group chats - and urge users to update the app to protect against attacks.

Destroyed: A method of destroying Whatsapp group chats forever, say infosec bods of vuln patch (Register) Good news for Check Point; less so for blabbermouths with regrets

Report: Popular Online Retailer Exposes Customers in Worldwide Data Leak (vpnMentor) Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a leak in a database belonging to the online retailer

Android vulnerable to cyberattack: Union Home Ministry (The Hindu) A bug, ‘StrandHogg’, allows malware applications to pose as genuine applications

Explained: What is the 'StrandHogg' bug? (The Hindu) The vulnerability allows sophisticated malware attacks without the need for a device to be rooted to the Android operating system.

Encryption weaknesses in RSA certificates leave IoT devices vulnerable to attack (Computing) Researchers find one-in-172 RSA certificates using a common factor to generate keys

SQL Server 2019 Security Tool Inadvertently Reveals Where Sensitive Data is Stored (Imperva) The first step in protecting your data and ensuring your database is compliant with security benchmarks and privacy regulations such as SOX, PCI, HIPAA, and GDPR is to understand what sensitive information resides in that database. Microsoft’s SQL Server 2019 introduces a new tool SQL Data Discovery & Classification. Built into SQL Server Management Studio …

Removing the Human From the Machine Can Doom Cyber Resilience (Security Magazine) If your cyber risk management efforts remove key human elements from the “machine,” you might accomplish compliance but not resilience.

Radware issues warning over 'Jingle Bots' eCommerce disruption (Mobile Marketing Magazine) As consumers head online to get the best deals in the run up to Christmas and during the January sales, research from Radware , a web application security firm, reveals it could be in vain, thanks to so called ‘Jingle Bots’ playing havoc. An in-depth analysis of internet traffic on Cyber Monday and Black Friday carried out by the firm reveals that only a third of shoppers were real people. The rest were automated bots designed to disrupt the smooth running and revenues of eCommerce sites by jamming them with fake shoppers so genuine shoppers give up or shop elsewhere. Nick-named ‘Jingle bots’, these internet bots disguised as bona fide shoppers because they behave just as people would, made...

Acer Quick Access - DLL Search-Order Hijacking and Potential Abuses (CVE-2019-18670) (SafeBreach) SafeBreach Labs discovered a new vulnerability in Acer Quick Access software.

ASUS ATK Package - Unquoted Search Path and Potential Abuses (CVE-2019-19235) (SafeBreach) SafeBreach Labs discovered a new vulnerability in the ASUS ATK Package which is pre-installed on ASUS computers.…

Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568 (SafeBreach) SafeBreach Labs discovered a vulnerability in Intel(R) Rapid Storage Technology Service.

Maze Ransomware Gang Dumps Purported Victim List (BankInfo Security) The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.

Maze behind Pensacola ransomware attack (SC Media) Maze was behind the ransomware attack on the City of Pensacola that began early Saturday morning, and its operators have demanded a $1 million ransom to

Mayor: Progress in Ending Pensacola 'Cyber-Battle' (WUWF) Still no word from Pensacola officials, on the cyber-attack involving the city’s computer systems. But Mayor Grover Robinson did have an update of sorts,

How bad was the cyberattack against Pensacola? The city hired a firm for $140K to find out (Pensacola News Journal) Pensacola has hired Deloitte for $140,000 to evaluate the extent of a cyberattack that crippled the city's computer systems for several days.

New Orleans cyber attack updates: Officials confident data can be recovered, but no ETA yet (NOLA.com) New Orleans Mayor LaToya Cantrell said in a press conference Monday that the current recovery procedures are working in response to the citywide cyber attack on public computers Friday.

After New Orleans cyber attack, here's what agencies will and won't be affected this week (NOLA.com) The effects of a cyber attack that left City Hall paralyzed on Friday will continue to have its impacts felt into the coming week, with officials saying Sunday night that

Baton Rouge Community College computers targeted in ransomware cyberattack; State Police called in (The Advocate) Two days before commencement ceremonies, Baton Rouge Community College leaders learned that its computers were cyberattacked by ransomware.

Ransomware 'Crisis' in US Schools: More Than 1,000 Hit So Far in 2019 (Dark Reading) Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.

Hackensack Meridian Health pays attackers to thwart ransomware incident (CyberScoop) New Jersey’s largest hospital system said last week it paid an extortion fee to hackers who had disrupted medical facilities with a ransomware attack.

Epilepsy Foundation Was Targeted in Mass Strobe Cyberattack (New York Times) Hackers sent images of flashing strobe lights to the foundation’s thousands of Twitter followers in several attacks.

Voting-Machine Parts Made by Foreign Suppliers Stir Security Concerns (Wall Street Journal) A voting machine that is widely used across the country contains some parts made by companies with ties to China and Russia, researchers found, fueling security questions.

Navy letter shows military worried about unknown vulnerabilities in DJI drones (CyberScoop) Weak encryption protocols and limited supply chain visibility had the Navy warning its members about using DJI drones, according to an internal letter.

Official Navy memo on DJI drones noted cheap cost, risk (C4ISRNET) A Navy memo was basis for the Army's 2017 moratorium on the use of DJI drones.

1-in-3 computers dealing with biometric data face hacking attempts: Kaspersky report (CRN - India) One in three computers (37 per cent) engaged in collecting biometric data globally faced hacking attempts in the third quarter of this year, a new report said. The devices — servers and workstations — use to collect, process and store biometric data (such as fingerprints, hand geometry, face, voice and iris templates). Overall, a significant …

Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk (the Guardian) Official photos seem to show president using unsupported OS at Kremlin and residence

Facebook's Tor Site Down for Over a Week Due to Expired TLS Cert (BleepingComputer) Facebook has announced that its Tor gateway will be down for one to two weeks due to an expired TLS certificate. This is a bit strange as it normally should not take two weeks to renew a certificate.

Royal Mail text scam offering free iPhone 11 Pro could let fraudsters rinse your bank account ahead of Christmas (The Sun) BRITS are reporting that they’ve been the target of a convincing scam message purporting to be from Royal Mail. Cyber criminals are using the fake texts to trick victims into handing over the…

Security Patches, Mitigations, and Software Updates

Google pauses Chrome 79 rollout on Android after bug wipes data in some apps (Android Police) Chrome 79 started rolling out on desktop and mobile platforms a few days ago. Unfortunately, a bug has cropped up that wipes data in certain apps that use

Cyber Trends

Valimail Research Finds Security Professionals are Skeptical About Cybersecurity Vendor Claims (Valimail) Survey Shows More Than 50% of Enterprise IT Pros Say Cybersecurity Vendors Use Unclear and Ambiguous Data to Peddle Products

NordVPN Interview: Regional Tensions Drive Increased VPN Usage (PreciseSecurity.com) Ruby Gonzalez, the Head of Communications at NordVPN talked to PreciseSecurity.com about the cybersecurity market and how the industry is moving forward.

Financial Services Get Hooked, Experience 147% Increase in Phishing Clicks (Menlo Security) According to JPMorgan Chase CEO Jamie Dimon, “The threat of cyber security may very well be the biggest threat to the US financial system.”Reports show a 56% year-over-year increase in digital threats targeting the sector, and according to new research, phishing is a key threat vector

Mac threat detections on the rise in 2019 (Malwarebytes Labs) For the first time ever, Mac threats broke into Malwarebytes' top five overall detections of 2019. See how our data shows Mac malware on the rise.

New Tactics Emerge as Phishing Evolves (Decipher) Recent phishing campaigns uncovered by Microsoft are using custom 404 error pages and search result poisoning to fool victims.

Marketplace

EfficientIP receives $11m Series B funding from Jolt Capital to accele (PRWeb) EfficientIP, the network security and automation specialist, today received an $11 million Series B investment from Jolt Capital to support its continued internati

Satori Cyber Raises $5.25 Million to Deliver Industry’s First Secure Data Access Cloud, Accelerating Data-Driven Innovation (BusinessWire) Satori Cyber, the Israeli startup revolutionizing data protection and governance, today announced $5.25 million in seed funding led by YL Ventures. Fo

CrowdStrike: Strike While Its Iron Is Hot (Seeking Alpha) CrowdStrike shares are down more than 50% from their peak. The company just announced another blow-out quarter that has compressed valuation metrics substantially.

Google and YouTube moderators speak out on the work that gave them PTSD (The Verge) They scrub the internet of violent and disturbing content, and it haunts them forever.

Booz Allen Opens New Colorado Office (ExecutiveBiz) Booz Allen Hamilton has inaugurated a new office in Aurora, Colo., that will function to support federal government customers from the intelligence and defense sectors, Denver Post reported Friday.

Forcepoint Names Lisa Schreiber Newly-Created Chief Customer Success Officer Driving Delivery of World-Class Customer Experience (Forcepoint) Technology and customer focused business leader to turn customer experience into a key differentiator

Defense Industry Executive Boyd Brown Joins TrapX Security As Its Deception Strategy Officer (PR Newswire) Boyd Brown is a defense industry executive with over 20 years of experience building and leading teams of Information Warfare and Deception...

Bill Cull Joins Cellebrite as SVP for Federal (GovCon Wire) Bill Cull, former vice president for IBM’s (NYSE: IBM) public sector arm, has been named senior vice

Tenable Appoints Marty Edwards as Vice President of Operational Technology Security (Tenable®) Longest-serving Director of ICS-CERT joins Tenable following its acquisition of industrial security leader Indegy Tenable®, Inc., the Cyber Exposure company, today announced the appointment of Marty Edwards, a globally recognized expert in cybersecurity for industrial control systems and operational technology (OT), as Vice President of OT Security.

Products, Services, and Solutions

Bugcrowd Launches CrowdStream and In-Platform Coordinated Disclosure (Bugcrowd) Security is a team sport. The information held by fellow security practitioners and researchers has the power to affect how and when we respond to adversarial t

Fortinet Tightens Partnership with Google Cloud to Provide Advanced Cloud Security and Accelerate the Cloud On-Ramp (West) Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced extended integration of its cloud security portfolio with Google Cloud to offer customers migrating to Google Cloud Platform (GCP) advanced security for their workloads and applications.

ForgeRock Joins Google Cloud Platform Partner Advantage Program at Premier Level (West) Recently-Announced ForgeRock Identity Cloud Built on Google Cloud

Qualys Partners with Google to Natively Embed the Qualys Cloud Agent into the Google Cloud Platform (Qualys) One-click integration automatically installs the Qualys Cloud Agent and reports vulnerabilities directly into the Google Security Command Center

Exabeam Signs Multi-Year Agreement to Run SaaS Cloud Offering on Google Cloud (Exabeam) Exabeam, the Smarter SIEM™ company, has announced a multi-year agreement to[...]

Google Cloud and Palo Alto Networks Expand Strategic Partnership (Security Boulevard) Companies partner to introduce new threat detection solutions and security solutions

In new security push, Google Cloud adds a raft of integrations and partner tie-ups (SiliconANGLE) In new security push, Google Cloud adds a raft of integrations and partner tie-ups

Microsoft received a key provisional security nod. Here's what that means for JEDI. (Washington Business Journal) The new authorization comes as the company is staffing up to take on the DOD's massive cloud contract.

CipherTrace Launches Crypto Risk Intelligence Products for Banks (BusinessWire) CipherTrace, the global leader in cryptocurrency intelligence, today announced the launch of CipherTrace Crypto Risk Intelligence, its comprehensive c

Fortinet Secure SD-WAN Chosen by Over 21,000 Global Customers, Supports Enterprises with up to 100,000 Sites (West) Fortinet’s Security-driven Networking Approach to SD-WAN Continues to Gain Momentum in Supporting WAN Edge Transformation

ShiftLeft Advances DevOps with Industry’s Most Developer-Friendly Automated Application Security Platform (StreetInsider.com) New Offering Enables Developers to Secure up to 200,000 Lines of Code and Perform 300 Scans Per Year at No Cost

SecureSky Cyber Threat Center Increases Its Threat Intelligence Capabilities with Microsoft Security Response Center (MSRC) and Active Protections Program (MAPP) Partnership (PR Newswire) SecureSky today announced a partnership with Microsoft to strengthen its threat intelligence capabilities and provide customers with proactive...

Technologies, Techniques, and Standards

Microsoft: We never encourage a ransomware victim to pay (ZDNet) Microsoft advocates for organizations to take preemptive measures. Says companies should treat cyberattacks "as a matter of when" and not "whether."

CISA Hosts First Annual President’s Cup Cybersecurity Competition (CISA) WASHINGTON – The first annual President’s Cup Cybersecurity Competition wrapped up yesterday. The competition began in September and drew more than 1,000 individuals and 200 teams. After two qualifying rounds, 10 individual finalists and five team finalists came to the Washington, D.C. area for the final round at the CISA Cybersecurity Lab.

Removing the Human From the Machine Can Doom Cyber Resilience (Security Magazine) If your cyber risk management efforts remove key human elements from the “machine,” you might accomplish compliance but not resilience.

Medical device cyber security risks are essentially the same as for industrial control systems and still have gaps (Control Global) I participated in the 2nd Medical Device Cyber Security Summit December 11-12 in San Francisco. As the medical device industry has not been my primary focus, it was a very interesting meeting.

Huawei - What is threat modeling for 5G cybersecurity? (RCR Wireless News) A key step in cybersecurity best practice and staying a step ahead of bad actors is engaging in what’s called threat modeling.

It’s time to disconnect RDP from the internet | WeLiveSecurity (WeLiveSecurity) ESET has released a free utility to check if your system running Windows is susceptible to the BlueKeep (CVE-2019-0708) vulnerability.

4 tips on how to evaluate enterprise security risk and prepare for potential threats (SecurityInfoWatch) An intelligent security software solution is key to managing a complex information environment

DNC releases tips for campaigns, public to fight disinformation online (TheHill) The Democratic National Committee (DNC) released tips Monday for campa

How a Password Manager Protects You From Phishing Scams (How-To Geek) Password managers make it easy to use strong, unique passwords everywhere. That’s one significant benefit to using them, but there’s another: Your password manager helps protect you from imposter websites trying to “phish” your password.

Horrors of an unsafe internet: Cyber crime cops and experts explain how you can protect your family (The News Minute) With dangers lurking in every corner of the internet, how can you protect your family’s digital life? Hear from these policemen and experts.

You Are A Cyber Threat To Your Mother In Retirement, Here’s How (Forbes) Smart technology, or Internet-of-Things, now provides a critical role in supporting caregivers and the wellbeing of older adults living in retirement. But, these technologies also provide opportunities to hackers. Caregivers now have a new job, ensuring the cyber security of their older loved ones.

Design and Innovation

Instagram to now flag potentially offensive captions, in addition to comments (TechCrunch) Earlier this year, Instagram launched a feature that would flag potentially offensive comments before they’re posted. Now, the social media platform is expanding this preemptive flagging system to Instagram’s captions, as well. The new feature will warn users after they’ve written…

How Google applies Europe's Right to Be Forgotten (Help Net Security) Since 2014, Google received some 3.2 million requests to delist URLs, from approximately 502,000 requesters, and decided to delist 45% of those URLs.

Perspective | What does your car know about you? We hacked a Chevy to find out. (Washington Post) Our privacy experiment found hundreds of sensors and an always-on Internet connection. Driving surveillance is becoming very hard to avoid.

Research and Development

Avanan Granted Another Cybersecurity Patent for Email-Based Shadow IT Discovery (West) USPTO recognizes unique capability for cloud services discovery and monitoring

Legislation, Policy, and Regulation

India’s Internet shutdown in Kashmir is the longest ever in a democracy (Washington Post) Authorities say the blackout, now more than four months old, is due to security concerns.

Germany Says Security Alone Will Define Decision on Huawei in 5G (Bloomberg) Comments come after Chinese envoy threatens consequences. ‘Industry considerations’ won’t play role in 5G decision.

Analysis | The Cybersecurity 202: Pressure still on McConnell after $425 million election security deal (Washington Post) Democrats and activists vow to keep fighting for security mandates.

Closing a Critical Gap in Cybersecurity (Lawfare) A new proposal improving the Cybersecurity and Infrastructure Security Agency’s ability to identify and issue notifications regarding vulnerabilities connected to the public Internet would help the agency improve American critical infrastructure cybersecurity.

Emotion-detection in AI should be regulated, AI Now says (Naked Security) It’s built on junk science, yet it’s being used to determine who gets hired, fired, insured, medicated and more, the research institute says.

London's Met Police splash the cash on e-learning 'cyber' training for 4k staffers (Register) Getting tooled up for future crimes

Michigan’s volunteer cyber corps expands despite critical audit report (City Pulse) Cyber security requires constant updates and reviews, experts say — and a group of Michigan volunteers that provides rapid response to attacks on government data just got one of its own.

Litigation, Investigation, and Law Enforcement

Russia Faced No Major Cyberspace Incident Damaging Govt Entities In 2019- Security Center (UrduPoint) Russia has not faced any major cyberspace incident capable of damaging government entities in 2019 thanks to experts effort to remove security vulnerabilities, the deputy head of the National Coordination Center for Computer Incidents said on Monday.This year, 182 notifications about vulnerabiliti ..

Julian Assange’s extradition fight could turn on reports he was spied on for CIA (MSN) Julian Assange’s fight against extradition to the US could last years, and his argument could hinge on reports he has been illegally spied upon and his sensitive information given to the CIA. 

Is using TikTok a national security risk? (Fifth Domain) The chairman of a national security subcommittee in the House of Representatives is worried that federal employees who use TikTok, Grindr and other mobile applications owned by foreign governments could be susceptible to blackmail or become national security vulnerabilities.

Nginx founders complain over Russian police raid over alleged copyright violation (Computing) Police raid on Nginx came after Russia's Rambler Group filed a copyright violation case against Nginx earlier this month - nine months after the company was sold to F5 Networks

“Dig up his body,” say creditors of deceased cryptocurrency player (Naked Security) Apparently, dead men *can* tell tales… especially when millions and millions of cryptocoins are missing.

2 former Haverford College students sentenced to probation for attempted Trump tax hack (Philadelphia Inquirer) U.S. District Judge Cynthia Rufe said her probationary sentences were intended to make an impression on Andrew Harris and Justin Hiemstra and “on anyone out in the public” who would seek to “abuse privileges and privacy of others.”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Georgetown Law 2020 Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2020) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. You have an important role to play in cybersecurity leadership,...

2020 Billington CyberSecurity Summit (Washington, DC, USA, September 8, 2020) Billington CyberSecurity produces world class educational forums and virtual seminars about the threats, challenges, and opportunities related to protecting our nation's critical cyber infrastructure.The...

QuBit Belgrade 2020 (Belgrade, Serbia, October 1, 2020) Practical workshops, excellent speakers, educational session, news & networking. QuBit consists of one day full of educational presentations, keynotes, case studies and interactive panel discussions in...

Upcoming Events

CPX 360 Bangkok (Bangkok, Thailand, January 14 - 16, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

Cyber Security for Critical Assets, MENA 2020 (Dubai, United Arab Emirates, January 20 - 21, 2020) The 17th in a global series of Cyber Security for Critical Assets summits, #CS4CA MENA 2020 focuses on safeguarding the critical industries of the Middle East and Northern Africa from cyber threats. CS4CA...

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable...

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.