skip navigation

More signal. Less noise.

The Best Defense is a Good Offense

A defensive security posture is no match against today’s sophisticated adversaries—your organization needs to take a proactive approach to address these threats. To be successful, analysts need to understand the tactics, techniques, and procedures used against your organization. The key to understanding the adversary’s motives and patterns? Threat modeling, risk scoring, and gap analysis. Read more about the importance of threat modeling in our newest whitepaper, The Power of a Tailored Threat Model.

Daily briefing.

The Sydney Morning Herald reports that investigators are closer to singling out Chinese intelligence services as responsible for attempts to gain access to Australian Parliamentary and political party systems. The attempts are thought consistent with Beijing's long-term goal of gaining insight into the Five Eyes' intelligence products and operations.

A wave of other attacks disclosed in Australia seem more straightforwardly criminal in their motivation. Ransomware, as the Age notes, has afflicted a number of targets over the past few months, including a hospital, the large corporate superannuation fund TelstraSuper, and the Roman Catholic Archdiocese of Melbourne.

Reuters says Kiev's SBU security service has charged Russia with organizing a large influence campaign to secure election of its preferred candidate in Ukraine's upcoming presidential election. Which candidate Moscow favors isn't specified, but the methods used cover everything from state-of-the-art troll farming to the kind of ground-game bribing of voters an early-20th-century Chicago ward heeler would immediately recognize. 

Huawei's lower-cost, generally reliable, and good-enough devices may be too attractive for the telecom sector to forego, the Wall Street Journal says. The tide seems now to have set against US efforts to convince other countries to exclude Huawei from their 5G networks. Forbes notes that 5G security touches control systems as well as IT devices.

If your phone seems to be losing its charge much faster than it ought to, Oracle may have a diagnosis. Its researchers have discovered an ad-fraud scheme they're calling DrainerBot that sucks prodigious amounts of both power and data.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, India, Iran, Russia, Switzerland, Thailand, Ukraine, United Kingdom, United States.

Join the blue team with ExtraHop at RSA 2019.

Headed to San Francisco in March? Skip the rush of the show floor and book your threat hunting session in advance. ExtraHop puts you in the cockpit with network traffic analysis so you can be the blue team as an attack unfolds, reconstruct a database exfiltration, and more. Schedule your demo now to explore security at enterprise scale at RSA!

In today's podcast, out later this afternoon, we talk with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin updates us on a lawsuit involving a man refusing to unlock his phone at the U.S. border. Our guest is Linda Burger from NSA, with information on the Agency's  Technology Transfer Program.

Experience Deep Learning for Network Threat Protection at RSA 2019 (San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”

Register for the RSA Conference 2019 today! (San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.

Visit LookingGlass at RSA 2019 to Handle Your Risky Business (San Francisco, California, United States, March 4 - 8, 2019) Join LookingGlass at RSA 2019 to learn more about how we can help you manage your organization’s risky business. Get a free expo pass when you reserve a personal, in-depth demo tailored to your security needs!

XM Cyber is coming to RSA (San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Cyber Attacks, Threats, and Vulnerabilities

China, not Iran, still the main suspect in hacking of Australia's political parties, say sources (The Sydney Morning Herald) Top-level sources with detailed knowledge of the cyber attack on Australia's political parties and Parliament have dismissed a report that Iran and not China was behind the hacking of Australia's main political parties.

Ukraine security service accuses Russia of meddling in election (Reuters) Ukraine's State Security Service SBU accused Russia on Thursday of meddling...

Huawei And Facing Up To 5G-Related Cyber Risks (Forbes) Does it matter, that in spite of efforts by the U.S. government, and a history of cyber intrusion from China, Germany and the U.K. are poised to allow Huawei equipment to be part of their 5G networks? Yes, so we need to pay more attention to securing our physical infrastructure, not just networks.

Toyota Aust still affected by cyber attack (Cowra Guardian) Toyota Australia's corporate IT systems remain offline days after an attempted cyber attack on the company. The company's dealer network remains up and runnin...

Catholic Church, major super fund and Toyota hit by cyber attacks (The Age) A day after The Age revealed that a cyber crime syndicate hacked and scrambled the files of Melbourne Heart Group, a cardiology unit based at Cabrini Hospital, it can also be revealed that the entire Melbourne Archdiocese was also recently the subject of a brazen attack.

Experts Find Serious Problems With Switzerland's Online Voting System (Motherboard) The public penetration test doesn’t begin until next week, but experts who examined leaked code for the Swiss internet voting system say it’s poorly designed and makes it difficult to audit the code for security and configure it to operate securely.

Russian Military Says Nyet to the Internet (Foreign Policy) Putin wants soldiers to stop revealing secrets of his shadow wars on their social media pages.

CrowdStrike report says breakout time for threat actors is increasing (SearchSecurity) Cybersecurity defenders need to embrace speed to detect and respond against intruders, according to CrowdStrike's 2019 Global Threat Report. Learn why 'breakout time' is a key metric.

Russian State-Sponsored Hackers Are Fastest: CrowdStrike (SecurityWeek) It takes Russian state-sponsored hackers less than 20 minutes to start moving laterally within a network after the initial breach, CrowdStrike says in its latest Global Threat Report.

Shifting in the Wind: WINDSHIFT Attacks Target Middle Eastern Governments (Unit42) Executive Summary In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles (here and here) were released by Objective-See which provide an analysis of some validated WINDSHIFT samples targeting OSX systems. Pivoting on

WinRAR Vulnerability Exposes Millions of Users to Attacks (SecurityWeek) A vulnerability in WinRAR, the archiver used by over 500 million users worldwide, can be exploited to execute arbitrary code by getting the target to open a specially crafted ACE file.

Windows Servers Vulnerable to DoS Attacks, Microsoft Warns (SecurityWeek) Microsoft warns users that Windows servers running IIS are vulnerable to DoS attacks that cause CPU usage to spike to 100%. Similar flaw discovered by the same researcher recently in nginx.

US Stryker Vehicles in Europe Have Deep Cyberwar Weaknesses - Pentagon Report (Sputnik) The two newest versions of the US Army’s Stryker combat vehicle in Europe have “cybersecurity vulnerabilities that can be exploited,” a US Department of Defense report reveals. It’s a growing problem for the US’ high-tech vehicles and weapons systems ‒ and one that reflects the priorities of the military-industrial complex, an expert tells Sputnik.

A Decryption Key for Law Firm Emails in Hacked 9/11 Files Has Been Released (Motherboard) Someone has published the decryption key for the third layer of allegedly 9/11-linked documents from The Dark Overlord hacking group.

Azorult via fake Chinese Government New Import Export Regulations (My Online Security) I am quite impressed with the level of Social Engineering with this malware delivery Malspam campaign. With Brexit fast approaching and the likelihood of no deal between UK and Europe…

Is your phone always low on battery and chewing through data? The ‘DrainerBot’ could be to blame. (Washington Post) A massive fraud operation affects potentially millions of Android users, according to Oracle researchers.

Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data (Register) App piracy fighter Tapcore strenuously denies involvement

Google removes 28 fake apps from Play Store: Quick Heal (The Indian Express) Google has removed 28 fake apps from its Play Store with the most downloaded being Virtual Data with over 10,000 downloads, followed by Bike insurance Advisor, Health Cover and Chit Funds with more than 5,000 downloads each.

Google's Nest Hub Has a Microphone It Forgot to Mention (SecurityWeek) Google said it forgot to mention that it included a microphone in its Nest Secure home alarm system, the latest privacy flub by one of the tech industry’s leading collectors of personal information.

A Tale of Epic Extortions - How Cybercriminals Monetize Our Online Exposure (Digital Shadows) Digital Shadows’ Photon Research Team has found that cybercriminals have diversified their extortion methods, and the threat landscape is as wide and varied as it’s ever been.

Cybercrime Groups Promising $360,000 Annual Salaries to Accomplices Helping to Extort High Net Worth Individuals: C-Level Executives, Lawyers and Doctors in Threat Actors’ Cross Hairs (BusinessWire) Digital Shadows today published new research looking at the business of cyber extortion, entitled 'A Tale of Epic Extortions.’

Dark Web Market Price Index - 2019 (UK Edition) (Top10VPN) We’ve been monitoring the thriving illicit trade in stolen personal info to create this annual update to the Price Index. Hacked data is cheap on the dark web: most individual accounts continue to sell for less than £10, even big names like Apple, Fortnite, Netflix and Airbnb. Notable exceptions to the rule include Amazon and British Airways accounts, which have soared in value since last year.

PayPal Processes Payments for ‘Stalkerware’ Software Sold to Abusive Partners (Motherboard) The booming industry of spyware to spy on romantic partners doesn’t exist in a vacuum: Companies need financial and tech giants to process their payments and advertise their wares.

WinPot ATM Malware Resembles a Slot Machine (SecurityWeek) A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.

Major companies pull ads from YouTube after they appear next to disturbing videos featuring children (Telegraph) Epic Games, AT&T and Nestle have pulled their pre-roll advertising on YouTube over concerns that their brands were appearing alongside disturbing videos of children online.

As fallout over pedophilia content on YouTube continues, AT&T and Hasbro pull all advertisements (CNBC) AT&T is pulling its ads from YouTube following reports that pedophiles have latched onto videos of young children.

Malware that hunts for account credentials on adult websites tripled in 2018 (ZDNet) The number of adverts selling logins for hacked accounts on adult websites doubled in 2018.

Security Patches, Mitigations, and Software Updates

WinRAR patches 19-year-old security vulnerability that put millions at risk (The Verge) Support for an outdated format was to blame

Adobe Releases Second Patch for Data Leakage Flaw in Reader (SecurityWeek) Adobe releases second patch for the Reader vulnerability tracked as CVE 2019-7089 after the researcher who found it managed to bypass the first fix.

Cisco Patches High Severity Flaws in HyperFlex, Prime Infrastructure (SecurityWeek) Cisco this week released patches for more than a dozen vulnerabilities across its product portfolio, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance.

Critical Drupal Vulnerability Allows Remote Code Execution (SecurityWeek) Updates released for the Drupal CMS patch a “highly critical” vulnerability that can be exploited for remote code execution (CVE-2019-6340).

Cyber Trends

Are zero-day exploits the new norm? (CSO Online) Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

Understanding the mobile threat landscape in 2019 (Wandera) It should be another momentous year for mobile security, with cyber attacks growing rapidly in sophistication and distribution. This report will cover the key mobile security trends that emerged last year as well as summarize thoughts for the mobile threat landscape for the year ahead.

Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says (Oracle) Oracle and KPMG study finds that confusion over cloud security responsibilities, lack of visibility and shadow IT complicate corporate security

The risks associated with the influx of unauthorized collaboration tools (Help Net Security) A majority (82 percent) of end-users are pushing back on IT or management when the company tries to dictate which collaboration tools should be used.

Downtime Can Cost a Company up to $67 Million Over Two Years, Threatening Brand Reputation (Security Boulevard) A cyber-incident inflicts damage beyond just downtime and recovery costs. A breach can spell disaster for a company’s image, leading to devaluation, lost business, high turnover, and even bankruptcy in extreme cases. However, a breach isn’t the only cyber-threat lurking in the business sector.

Former Director of National Intelligence James Clapper warns against media misinformation at SIPA event (Columbia Daily Spectator) Former Director of National Intelligence James Clapper encouraged students to absorb daily news with a healthy dose of skepticism at a panel discussion held at the School of International and Public Affairs on Thursday.

edgescan Release the 2019 Vulnerability Stats Report (Benzinga) edgescan, a leader in fullstack vulnerability management via its cloud based SaaS released their "Vulnerability Stats Report 2019"...

Marketplace

Huawei speeds up efforts to address security concerns as Trump leaves door open to US market (Telegraph) Huawei is speeding up its $2bn (£1.

Huawei plan to fix British security fears due in H1 this year:... (Reuters) Huawei will present a plan to address British security concerns about its equipm...

Huawei Is Expanding in Canada, Despite U.S. Pressure (New York Times) The Chinese technology company, accused by American authorities of posing a security risk, will add to its research and development group in Canada.

Investors fear bill to restrict TEDCO funding might hurt Md. startups (Baltimore Business Journal) "If startups they can’t find the resources they need in Maryland, they’ll leave," said longtime venture investor Bob Ackerman.

BlackBerry Completes Acquisition of Cylance (Cylance) BlackBerry Limited (NYSE: BB; TSX: BB) today completed its previously-announced acquisition of Cylance, a privately-held artificial intelligence and cybersecurity company based in Irvine, California.

Zix Completes AppRiver Acquisition: Cloud Security Provider's Next Moves (ChannelE2E) Zix completes AppRiver acquisition. Among CEO David Wagner's top priorities for the cloud-based security provider: Accelerating growth through channel partners.

Leidos closes sale of commercial cyber business (Washington Technology) Leidos completes the divestiture of its commercial cyber business and becomes the latest in a long line of government contractors to do the same.

Harris Beach Launches Software Company to Address Gaps in Cybersecurity Regulatory Compliance (PR Newswire) Harris Beach PLLC, one of the country's top law firms according to The National Law Journal, today announced the ...

Blockchain Security Leader CertiK Joins the Universal Protocol Alliance (BusinessWire) The Universal Protocol Alliance, a coalition of leading blockchain organizations including Bittrex International, Uphold, Brave, Cred, Blockchain at B

Startup that offers free online cybersecurity courses will move to College Park (Arc Publishing) Cybrary will initially set up shop in the Discovery District and later relocate to River Road

Georgia cyber firms visit Maryland to see how federal, private entities can cooperate (Baltimore Business Journal) Representatives from Georgia-based cybersecurity firms met in Maryland this week to discuss synergies between the two states' cyber industries.

Deep Instinct Appoints Deborah Chase Hopkins to Its Board of Directors (BusinessWire) Deep Instinct, the first company to apply Deep learning to cybersecurity, today announced the appointment of Deborah Chase Hopkins to its Board of Dir

Products, Services, and Solutions

Iskraemeco to use MTG's cryptographic key management system (UNN) Key management systems are becoming increasingly important in the production of smart meters and in their management in operational business

ISARA Corp. Unveils Tools To Simplify and Accelerate Quantum-Safe Cryptography Rollout (BusinessWire) ISARA Corp., the leading provider of agile quantum-safe security solutions, today announced new and updated tools that make it easy to test and implem

Comodo Cybersecurity Sets the Stage for Another Record Year of Channel Growth with New Channel Partner Program (GlobeNewswire News Room) New partner program will support 100% of revenue growth and incent partners heavily to lead with Comodo’s leading solution

Lacework Extends Multicloud Support to Google Cloud Platform (Lacework) Lacework now delivers automated threat detection and deep visibility for Google Cloud Platform, Amazon Web Services, Azure, and Kubernetes platforms.

Accedian and Quali partner to tackle the challenges of cloud migration and 5G test automation for network slices (Accedian) Secure and Fast offering is designed to automate the management of data, services and workflows to hybrid clouds without causing disruption.

Don’t Caulk Your USB Ports (Interfocus) It was difficult to imagine how disruptive a piece of technology it would become when the venerable thumb drive hit the market.

Aquilai Launches Ajax Intelligence Phishing Solution. (IT Security Guru) Aquilai has launched their cloud based Ajax Intelligence solution to combat all forms of email phishing prevalent on Microsoft Exchange,

SecureLink and Thycotic Partner to Provide Enhanced Credential Management Capabilities (PR Newswire) SecureLink, the leader in vendor privileged access and Thycotic, provider of privileged access...

PacketViper Announces Version 5.0 of its Cyber Deception Platform (BusinessWire) PacketViper, a leading provider of cybersecurity deception solutions, today announced version 5.0 of their active, threat facing deception platform.

K2 claims victory over zero-day attacks (ZDNet) K2 says it has a future-proof method of stopping all attacks on unknown and unpatched vulnerabilities in applications.

Bkav releases free tool to check server security (SGGP English Edition) Bkav Corporation has just introduced a free tool to help network administrators to check the security status of their servers against bruteforce attacks on password of remote desktop services. This tool can be accessed at http://tools.whitehat.vn/online/84.

Technologies, Techniques, and Standards

2 of our reporters asked to be hacked, so you don't have to learn the hard way (CBS News) CNET senior producer Dan Patterson and CBS News investigative reporter Graham Kates asked a professional team to hack them. The two join CBSN to discuss broader implications of the experiment, including for the 2020 election.

Cyber Incident Response and Resiliency in Cities (New America) How cities can work with federal, state, private, and nonprofit partners to improve their cybersecurity and resiliency.

Creating Civic Collaboration on Cyber for Cities (Meritalk) A paper released by think tank New America on Thursday recommends that local governments build partnerships with Federal, state, and other local partners to prepare for major cyberattacks. At the Federal level, strategies for doing helping cities include providing grants targeted specifically to cybersecurity help, the report suggests.

Why Social Network Analysis Is Important (News from the Lab) I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do s…

Red Teaming: The Vulnerabilities We Find Time and Time Again (Computer Business Review) These are the key vulnerabilities typically identified in Red Teaming exercises, a simulated, targeted cyber-attack that typically...

There is more to cyber risk than security, says thryve expert (Intelligent CIO Middle East) Riaan Bekker, Force Solutions Manager at thryve, which provides risk and governance management technologies, says cyber risk isn’t just about security; it has become a serious issue of business continuity and is the core responsibility of executives of businesses of any size to protect shareholder value. Risk experts hold no doubts. The changes technology is […]

Bitdefender decryptor saves over $2M for Gandcrab victims in 48 hours (2-Spyware) The infamous Gandcrab 5.1 is decryptable thanks to Bitdefender. For almost one year now, we all have been hearing about the infamous Gandcrab ransomware and

Academia

IBM will get up to $300 million from state toward its $2 billion SUNY Poly AI project (Albany Business Review) The state approved a grant on Thursday for IBM to create more than 300 new jobs at SUNY Polytechnic Institute in Albany.

18 California Cyber Teams Heading to CyberPatriot National Competition (PR Newswire) Once again, this year, California's cyber athletes will be well represented at the annual CyberPatriot XI...

Legislation, Policy, and Regulation

Rethink 2%: NATO ‘Defense Spending’ Should Favor Cyber (Defense One) Today, a dollar or euro spent on network security goes farther than one spent on conventional arms.

China Uses DNA to Track Its People, With the Help of American Expertise (New York Times) The Chinese authorities turned to a Massachusetts company and a prominent Yale researcher as they built an enormous system of surveillance and control.

China, Australia on a cyber-collision course (Asia Times) A hack attack on Australia’s parliamentary servers points towards Beijing’s known desire to penetrate the Five Eyes intelligence-sharing alliance

U.S. won't partner with countries that use Huawei systems: Pompeo (Reuters) U.S. Secretary of State Mike Pompeo on Thursday warned that the United States wo...

You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you (Register) Don't need reason, don't need rhyme. Ain't nothing I would rather do: going down, party time

U.S. Campaign Against Huawei Runs Aground in an Exploding Tech Market (Wall Street Journal) The Chinese company’s low prices outweigh spying concerns for many countries ramping up 5G spending, in particular the pivotal internet economy of India. “The perception here is that the U.S. action is more a matter of foreign policy.”

New report questions effectiveness of cyber indictments (Fifth Domain) A new report from CrowdStrike asserts indictments of hackers has had little effect in deterring continued malicious cyber behavior globally.

Analysis | The Cybersecurity 202: Election security is going to be the hot new Democratic campaign issue in 2020 (Washington Post) Once-wonky security proposals are now applause lines with voters.

Trump Won’t Rule Out Using Stolen Data in 2020 Campaign (Daily Beast) Democratic candidates have committed not to use hacked materials against one another. The Trump campaign declined to make such a pledge.

Lawmakers probe for Stingray info in funding bill (FCW) Congress wants to know more about how the Department of Homeland Security and state and local partners use cell-site simulators and whether they are complying with existing departmental regulations.

Rights advocates worry cyber bills a major threat (The Nation) Some tweaks made after outcry, but sweeping state powers raise fears of invasion of privacy

Analysis | The Cybersecurity 202: California wants to let political candidates use campaign cash to secure their devices (Washington Post) The bill could be a model for other states.

California to close data breach notification loopholes under new law (TechCrunch) California, which has some of the strongest data breach notification laws in the U.S., thinks it can do even better. The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the req…

Litigation, Investigation, and Law Enforcement

The Russian Sleuth Who Outs Moscow's Elite Hackers and Assassins (WIRED) Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

Canada Helping Australia Determine 'Full Extent' of Hack (SecurityWeek) Canada's Communications Security Establishment (CSE ) said it is working with Australia to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election.

Roger Stone Allegedly Communicated With Mysterious Hacker Guccifer 2.0 (SecurityWeek) Search warrants allegedly discovered that Roger Stone had communications with hacker known as Guccifer 2.0 and with WikiLeaks (AKA Organization 1).

Justice Department preparing for Mueller report in coming days (Washington Post) With dwindling personnel, the special counsel appears to be close to ending his investigation of the president and alleged Russian election interference.

Analysis | Power Up: 'By the Book Bob:' Prosecutors say Mueller will tightly hug Justice guidelines in report (Washington Post) One lawyer even speculated Congress could subpoena Mueller.

Thais give Russia, US right to extradite hacking suspect (AP NEWS) A Thai court ruled Wednesday that a Russian man who allegedly was part of a gang that stole millions of dollars online from bank accounts can be extradited to the United States to...

Hacker Lauri Love denied bid to get computers back (Naked Security) Hacker Lauri Love has failed to get his computers back six years after UK’s National Crime Agency took them as part of a criminal investigation.

Consumer groups accuse Facebook of duping children (Silicon Valley Business Journal) The Federal Trade Commission has been asked to investigate whether Facebook violated consumer protection and child privacy laws by duping children into making in-app purchases in Angry Birds and other games

Lawyers call for judges to learn emojis (Times) To a typical High Court judge, a text message containing an aubergine or a maple leaf might seem fairly innocuous. Senior lawyers, however, are urging the judiciary to learn to interpret the use of...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

U.S. Commercial Service at RSAC2019 (San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...

2019 Air Force Intelligence Community Security Review Board (SRB) (San Antonio, Texas, USA, March 16 - February 19, 2019) The 2019 Air Force (AF) Intelligence Community (IC) Security Review Board (SRB) is set to convene on 16 & 17 April 2019 at the Omni San Antonio Hotel at the Colonnade, San Antonio, TX. This two-day event...

ACSC 2019: Collaborate (Boston, Massachusetts, USA, November 7, 2019) The 2019 Annual Conference is a chance for ACSC members and people from the New England cybersecurity community to come together and share information, network, and learn about the latest information in...

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

BSides Columbus 2019 (Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...

FAIR Analysis Fundamentals Training Course before the 2019 RSA Conference (San Francisco, California, USA, March 3 - 4, 2019) FAIR Analysis Fundamentals training from FAIR Institute Technical Advisor, RiskLens, provides the conceptual foundation and practical experience necessary to competently perform FAIR analyses. This training...

G’Day USA US-Australia Dialogue on Cyber Security (San Francisco, California, USA, March 4, 2019) The 2019 G’Day USA US-Australian Dialogue on Cyber Security will be held in San Francisco in the margins of the annual RSA Conference, which attracts more than 45,000 cyber and digital industry leaders.

RSA 2019 (San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.