skip navigation

More signal. Less noise.

What are the best practices and tools for SecOps in 2019?

Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.

Daily briefing.

The BBC's Russian-language service reported late Friday that Sitek, a Moscow-based IT firm, had been successfully hacked. The company's website was defaced with a leering Yoba face, and the attackers claimed to have stolen some seven-and-a-half terabytes of data. Sitek is generally thought to be an FSB contractor. Among the information the attackers obtained and shared with hacktivist group Digital Revolution were screenshots of the target company's internal interface. The Sitek projects exposed included social media monitoring solutions and TOR deanonymization tools.

CBS News and others report that Microsoft has observed a "spike" in Iranian cyberattacks since nuclear non-proliferation agreements collapsed. FireEye warned last week that APT34, also known as Helix Kitten, is undertaking a large catphishing campaign via LinkedIn. Its apparent goal is espionage directed against the financial and energy sectors. Government agencies are also targeted.

The Financial Times reports that the controversial lawful intercept shop NSO Group is offering a new version of its Pegasus spyware that can access private messages held in major cloud services, including those provided by Apple, Amazon, Google, and Facebook. BGR says Pegasus costs "millions of dollars," effectively pricing it out of the range of any but government customers.

Former NSA contractor Hal Martin was sentenced to nine years imprisonment on Friday for theft of classified information. As ZDNet observes, the government did not establish that Martin was the source of the ShadowBrokers' leaks.

The Federal Trade Commission says Equifax will pay $575 million in its settlement over the credit bureau's 2017 breach.

Notes.

Today's issue includes events affecting Bulgaria, China, European Union, India, Iran, Israel, Russia, Taiwan, United Kingdom, United States.

Bring your own context.

Vulnerability scanning is an important hygienic measure. But it must be done with a degree of circumspection.

"Now, a very simple vulnerability scan would basically just scan your network, check what service are exposed and report on that. But that's usually not all that useful. So what you do is you actually provide your vulnerability scanning system with credentials. It can log into a systems and then find out more detail of what the system may be vulnerable to. The tricky part here is that, in order to do this, the credentials being used by the vulnerability scanning systems often have some elevated privileges, and an attacker can actually take advantage of these credentials and use them, then, to attack your system if they're able to intercept a connection that is established by the vulnerability scanning system."

—Johannes Ullrich of the SANS Institute on the CyberWire Daily Podcast, 7.19.19.

The infections shouldn't be iatrogenic.

With LookingGlass, it’s Game Over For Threat Actors

There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.

In today's podcast, out later this afternoon, we speak with our partners at the Johns Hopkins University Information Security Institute, as Joe Carrigan talks about Android apps circumventing privacy permission settings. Our guest is David Brumley from ForAllSecure discussing autonomous security and DevSecOps.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Hackers steal 7.5TB of data from Russian Intel Agency FSB's contractor (HackRead) The hackers stole the data and shared it with another hacking group who was involved in the hacking of another FSB contractor.

Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed (BleepingComputer) A contractor for the Russian Federal Security Service (FSB) has been hacked and secret projects that were being developed for the intelligence agency were leaked to Russian Media. These projects detail Russia's attempt to de-anonymize users on the Tor network, collect data from social networks, and how to isolate the Russian internet

Russia's FSB intelligence agency hacked - loses 7.5TB of data (Computing) FSB projects to de-anonymise Tor and isolate Russia from the internet exposed

Москит, Надежда, Наутилус: хакеры раскрыли суть проектов тайного подрядчика ФСБ (BBC News Русская служба) Хакеры взломали сервер крупного подрядчика российских спецслужб и ведомств, а затем поделились с журналистами описаниями десятков непубличных проектов в области интернета: от деанонимизации пользователей браузера Tor до исследования уязвимости торрентов.

Iranian hackers behind ‘incredible’ spike in attacks after collapse of nuclear deal, Microsoft says (The Washington Times) Iranian hackers were behind an “incredible” spike in cyberattacks detected after President Trump’s withdrawal from the Iranian nuclear deal, a top Microsoft executive said Friday.

Warning As Iranian State Hackers Target LinkedIn Users With Dangerous New Malware (Forbes) Iranian state hackers are at it again—targeting the commercial sector as the country's cyber war with the U.S. continues. This time LinkedIn users are the focus, with fake invitations leading to the installation of malicious malware on infected machines.

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections (Threatpost) The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.

Hard Pass: Declining APT34’s Invite to Join Their Professional Network « Hard Pass: Declining APT34’s Invite to Join Their Professional Network (FireEye) FireEye identified a phishing campaign conducted by APT34 in late June 2019.

Warning As Iran 'Ready To Strike' In The West Using Sleeper Terror Cells: Report (Forbes) As tensions continue to escalate with Iran, British intelligence agencies now fear Iranian-sponsored terror cells are ready to mount lethal strikes on western soil, according to reports.

The top brass is not in your DMs (Fifth Domain) Governments across the world, including the U.S. Department of Defense, are becoming increasingly concerned about fake social media accounts for leaders as senior as the Joint Chiefs of Staff.

Metropolitan Police apologises for Friday night hacking incident (Computing) US President Donald Trump takes one more swipe at Sadiq Khan

Microsoft Confirms Windows 'Great Duke Of Hell' Malware Attack (Forbes) Astaroth is, as demonologists will tell you, the Great Duke of Hell and part of the evil trinity. Microsoft, however, is warning that Astaroth malware is attacking Windows users with a fileless "invisible man" methodology. Here's what you need to know.

Financial Loan Apps Are Exposing Real-Time Location Data On Millions Of People (Forbes) More than 100 apps have been leaking sensitive information about Chinese citizens including loan records and real-time location data.

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack (KrebsOnSecurity) Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days.

My browser, the spy: How extensions slurped up browsing histories from 4M users (Ars Technica) Have your tax returns, Nest videos, and medical info been made public?

Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide (TrendLabs Security Intelligence Blog) We found a threat that scans for open ports and brute forces systems with weak credentials to drop a Monero cryptocurrency miner. While the installation and mining process is hidden by old evasion tool XHide Process Faker, the malware can be used for bigger attacks in the future as both the shellbot and miner can be monetized.

Hackers breach 62 US colleges by exploiting ERP vulnerability (ZDNet) Hackers are breaching college networks and creating fake accounts that are used "almost immediately for criminal activity."

Ed Dept: Hackers breached 62 colleges, created thousands of fake student profiles (Education Dive) Some accounts were used for criminal activity, according to the department, while the software developer says the event is an "industry issue."

New iPhone hacking tool can reportedly access a user’s iCloud data (BGR) An Israeli security company with a track record of developing some of the most advanced and sophisticated mobile hacking tools we’ve ever seen has upped the ante considerably. According to a …

Israeli group’s spyware ‘offers keys to Big Tech’s cloud’ (Financial Times) Company’s sales pitch claimed technology can access data from Apple, Google, Facebook and Amazon

NSO spyware ‘targets Big Tech cloud services’ (KnowBe4) The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch.

From FaceApp to NSO: Is privacy possible in the digital age? (The Telegraph) Another day, another technological privacy debacle.

Fake FaceApp Challenge Apps Are Installing Malware. Here's What You Need To Know (Forbes) With the FaceApp Challenge viral frenzy showing little sign of slowing down, security researchers have uncovered fake apps that are installing malware. Here's what you need to know.

Beware of fake FaceApp before installing on your phone (Deccan Herald) While controversy is raging over the FaceApp's privacy concerns, a report has come to light that a malware-riddled fake application with the same moniker has made its way to mobile app stores.  Security researchers at Kaspersky have uncovered a fake FaceApp, which is fooling unsuspecting people to download them and infect victims’ devices with an adware module called MobiDash.

Huawei cyber-security risk: Chinese military hacker recruitment 'undeniable' says academic (Express) Huawei has been recruiting high-level operatives with links to China's military and intelligence agencies, a new study based upon leaked employee information has alleged.

Google cleans out stalker, spyware apps from Play Store (ZDNet) Google is making a stand on apps designed for tracking employees, partners, and children.

Android warning: Stay clear of these Google Play Store apps which stalk you (Express.co.uk) ANDROID fans have been put on alert and warned about several malicious apps found on the Google Play Store which stalk users.

Here's the Malware You Should Actually Worry About (WIRED) For all the attention on sophisticated nation-state attacks, the malware that’s most likely to hit your phone is much more mundane.

Europe's Weeklong Satellite Outage Is Over—But Still Serves as a Warning (WIRED) The dramatic EU Galileo incident underscores the threat of satellite timing and navigation system failures.

Results from NREL’s Assessing the Impact of Cybersecurity on the Nation’s Wind Farms Workshop (Control Global) There were approximately 50 participants from wind turbine and control system suppliers, utilities, national laboratories, regulators, wind farm standards organizations, and a credit rating agency at the NREL “Assessing the Impact of Cybersecurity on the Nation’s Wind Farms” workshop. The lack of public awareness of wind farm cyber incidents has negatively affected the industry’s focus on addressing cyber security.

Slack Reveals New Details on 2015 Compromise (Decipher) Four years after an intrusion, Slack has discovered new details about the incident and moved to reseat many users’ passwords.

This App Lets Your Instagram Followers Track Your Location (WIRED) By aggregating data from geotagged posts and stories, Who's in Town can paint a detailed picture of the habits and haunts of anyone with a Instagram account.

China’s deepfake celebrity porn culture stirs debate about artificial intelligence use (TODAYonline) The widespread use of artificial intelligence to create deepfake celebrity porn videos for Chinese internet users has raised fresh questions about the use and abuse of the technology.

Security Patches, Mitigations, and Software Updates

Firefox to pile on more native privacy features (Naked Security) Mozilla is integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned website.

Microsoft Issues Windows 10 Upgrade Warning (Forbes) Microsoft has confirmed it will force new updates on hundreds of millions of Windows 10 PCs...

Cyber Trends

Ransomware Attacks Grow Rampant, Paying Still Not a Good Option (BleepingComputer) A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.

Survey: Cybersecurity risks threaten deals (Crain's Cleveland Business) From Bloomberg: Of more than 2,700 information technology and business decision makers surveyed by Forescout Technologies Inc. in seven countries, 53% reported that their organization had encountered a critical cybersecurity issue or incident that put an M&A deal in jeopardy. And 65% of respondents said they had experienced buyers’ remorse because of cybersecurity concerns after closing a deal. 

Marketplace

Cybersecurity Has Big Tailwinds: Earn 8% To 10% Income (Seeking Alpha) The cybersecurity industry is projected to hit $1 trillion in spending. We detail three ways to invest in this booming industry. Yields are from ~7.8% to 10.8% annualized.

Privacy Start-Ups Raising Millions as Stronger Data Protection Laws Grip California and Europe (Toolbox Tech) One Trust, an Atlanta-based data protection start-up, has raised $200 million in series A funding as pressure grows on tech companies in California and Europe to stay on top of privacy laws.The General Data Protection Regulation, a European Union law on data protection and individual privacy, and the California Consumer Privacy Act, which will...

Smart Money Said ‘Skip Bitcoin, Bet on Blockchain.’ Not Any More (Bloomberg) Venture funding in blockchain startups may tumble 60% in 2019. Meanwhile, Bitcoin’s price has more than doubled this year.

Huawei ensures cyber security with a huge transformation (Asia Times) The Shenzhen-based telecom equipment maker says it prefers not to use its self-developed operating system on smartphones due to the lack of an ecosystem

CrowdStrike more than doubles revenue in first earnings report (CRN) Cybersecurity vendor's share price soars

Products, Services, and Solutions

New infosec products of the week: July 19, 2019 (Help Net Security) The most important infosec products of the week included releases from 42Crunch, Perimeter 81, Symantec, Privitar, Enzoic and CyberGRX.

Prey for Education Streamlines Schools’ Mobile Device Management, Automates Security, and Improves Accountability (West) Latest tailored release facilitates control of 1:1 device programs and faculty assigned devices with a focus on data privacy and reactive theft prevention for K-12 and university environments

IronNet to Deliver Cloud-Native Network Traffic Analysis with Amazon Web Services (New Kerala) IronNet Cybersecurity, a market leader in Network Traffic Analysis NTA and the industrys first real-time, machine-speed Collective Defense provider, announced the expansion of IronDefense functionality to support the new Amazon Virtual Private Cloud Amazon VPC traffic mirroring feature f

Windows Defender Gets a New Name: Microsoft Defender (BleepingComputer) Windows Defender is being rebranded to Microsoft Defender to indicate that it now part of a cross platform family of products. This includes enterprise products, which offer solutions for multiple OS platforms.

Symantec announces new cloud access security solution (DATAQUEST) The latest solution from Symantec will enable enterprises to enforce consistent Zero Trust security policies for users accessing SaaS applications

Technologies, Techniques, and Standards

Huawei’s new OS is for industrial use, not Android replacement (TechCrunch) Seems Hongmeng isn’t the Android replacement it’s been pitched as, after all. The initial story certainly tracked, as Huawei has been preparing for the very real possibility of life after Google, but the Chinese hardware giant says the operating system is primarily focused on industrial use. The la…

Design and Innovation

Security Watch: Elon Musk’s NeuraLink Links Brains to iPhones via Bluetooth (Threatpost) Directly linking thoughts to a phone via Bluetooth — what could go wrong?

Oculus founder says best US minds need to work on A.I. just like they did during the nuclear arms race (CNBC) If U.S. scientists and researchers had refused to work on nuclear weapons, like Google did on AI, the world would be much worse, argues Palmer Luckey.

Research and Development

Shapeshifting Morpheus chip aims to baffle hackers (Naked Security) Morpheus aims to make hacking so difficult at microprocessor level that attackers will give up long before they can do any damage.

Academia

Columbia cybersecurity team to compete on national stage (WISTV) One of the best collegiate Cybersecurity teams in the country is found in Columbia and they are getting ready for a big national competition.

MSU staff, students among competitors in cybersecurity challenge co-sponsored by NSPARC (Mississippi State University) Battling in teams, earning points and gaining bragging rights while sparking interest in cybersecurity will be the essence of the upcoming Capture the Flag hacking competition. Co-sponsored by Mississippi State University’s National Strategic Planning and Analysis Research Center and ServiceMaster, this CTF event will be held July 27 from 9 a.m. to 6 p.m.

Legislation, Policy, and Regulation

A Proposed Response to the Commercial Surveillance Emergency (Lawfare) The U.N. special rapporteurs’ reports on the murder of Jamal Khashoggi lay bare the urgent need for restrictions on the private surveillance technology market.

Cyber Warfare: U.S. Military Admits Immediate Danger Is 'Keeping Us Up At Night' (Forbes) This year has marked a turning point for cyber warfare—and the implications of the (largely unseen) escalation taking place have now become a real and present danger to us all.

What's keeping generals up at night? Cyber threats (Task & Purpose) The Pentagon is recruiting a new cadre of computer geeks to address a threat that the military's top intelligence officer says keeps him up at night.

Cyberthreats Keeps DIA Director Up at Night (U.S. DEPARTMENT OF DEFENSE) Lt. Gen. Robert P. Ashley Jr., director of the Defense Intelligence Agency, talked about the emerging threats at the Aspen Security Forum in Aspen, Colorado.

China Cyber Attacks on AFSPC Contractors ‘Stealing Us Blind’ (Breaking Defense) "When you talk about resiliency and the fight tonight, I'm bringing out everything and the kitchen sink. I'm gonna MacGyver anything I can bring," says AFSPC Brig. Gen. DeAnna Burt.

Schiff, House Intelligence chair, says he first learned of Russian attacks on Senate campaigns at a security forum (Washington Post) The California Democrat recalled his surprise when a Microsoft representative said at a conference last year that three Senate campaigns had been attacked by what seemed like the same Russian government-linked group that interfered in the 2016 election. “That should not be the first time the Intelligence chair is hearing that,” he said.

Cyberdeterrence Needs People, Not Weapons (Foreign Policy) Mass mobilization might be the best line of defense in a world of online warfare.

EU Assessing Security Risks to 5G That Could Include Huawei (Bloomberg) Member states contributing to risk assessment report by Oct. 1. Concerns stem from China’s law on cooperation in intelligence.

Taiwan to blacklist Chinese tech firms (Asia Times) Huawei, ZTE, Xiaomi, Oppo and Hikvision deemed to pose a significant threat to the island

Italy not to push emergency legislation on 5G 'golden power': report (RCR Wireless News) The Italian government had recently approved a decree to increase the government’s powers to intervene in the critical 5G market

Government telecoms review to soft-pedal on Huawei (the Guardian) Omission of Chinese firm’s role in building 5G networks will reopen divisions among ministers

Huawei 5G indecision is hitting UK’s relations abroad, warns committee (TechCrunch) The U.K.’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay. …

White House to host meeting with tech executives on Huawei ban:... (Reuters) White House economic adviser Larry Kudlow will host a meeting with semiconductor...

Analysis | The Cybersecurity 202: Trump's commitment to Huawei bans faces stress test today (Washington Post) U.S. companies want to sell parts and software to the Chinese telecom.

Trump’s war on Huawei risks hobbling US innovation (Quartz) Why a plan to undermine China's tech giant may be backfiring.

Is Huawei or the Exploding Cyber threat the Biggest Concern for 5G? (CPO Magazine) Exclusion of Huawei from U.S. market is a distraction from addressing cyber threats in 5G networks where much greater number of connected devices could be subjected to attacks.

Antitrust regulators are using the wrong tools to break up Big Tech (Quartz) Google and Amazon have stripped us of making our own choices—but they’ve done a great job of convincing us otherwise.

Director Of National Intelligence Dan Coats Appoints New Election Security Czar (NPR.org) Spy world veteran Shelby Pierson will attempt to centralize election security efforts across the intelligence community with soon-to-be-designated agency leads.

Elections experts say cybersecurity threats demand federal funding (TribLIVE.com) Unfunded cybersecurity needs are leaving state and local election officials to stand on the front lines of threats from sophisticated international interests, a new report asserts. “Defending Elections,” a report from the Brennan Center for Justice, highlights growing concerns that myriad unmet security needs pose a threat to fair elections.

Jio backs data localisation to stave off cyberattacks (ETCIO.com) The company said data localisation will also spur investments in creating servers and cloud capacities, boosting R&D and creating employment.

Litigation, Investigation, and Law Enforcement

An entire nation just got hacked (CNN) Asen Genov is pretty furious. His personal data was made public this week after records of more than 5 million Bulgarians got stolen by hackers from the country's tax revenue office.

Man Accused Of Hacking Bulgaria's Tax Agency Is Released And Given Lesser Charges (NPR) A Bulgarian cybersecurity expert was arrested by police after being accused of involvement in the hack of millions of records from the nation's tax agency.

Glen Burnie man who stole, hoarded millions of classified NSA documents sentenced to nine years in federal prison (Baltimore Sun) A former National Security Agency contractor was sentenced Friday to nine years in prison for stealing nearly half a billion pages of classified NSA documents over two decades.

Contractor who stole 50TB of NSA data gets nine years in prison (ZDNet) Prosecutors never proved former NSA contractor was the origin for the Shadow Brokers leak.

Former NSA contractor Hal Martin sentenced to 9 years for theft of government info (CyberScoop) Former NSA contractor Hal Martin was sentenced Friday to 9 years in prison for his role in a massive theft of classified documents.

NSA contractor sentenced to prison for huge theft of classified... (Reuters) A former National Security Agency contractor was sentenced in Maryland to nine y...

NSA Office of the Inspector General Releases Semi-Annual Report to Congress (IC ON THE RECORD) The National Security Agency/Central Security Service Office of the Inspector General has released an unclassified version of its latest Semi-Annual Report to Congress on its public website, OIG.NSA.GOV. This report details NSA OIG’s activities from October 1, 2018-March 31, 2019.

Equifax to Pay Around $700 Million to Resolve Data-Breach Probes (Wall Street Journal) The credit-reporting firm is nearing a deal to settle a slew of state and federal investigations into a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other personal information.

Equifax to pay up to $700 million to settle state and federal investigations into 2017 security breach (Washington Post) Equifax has agreed to pay $650 million to settle a series of state and federal investigations into a massive 2017 data breach that left more than 147 million Americans’ names, Social Security numbers, credit-card details and other sensitive information exposed.

Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach (Federal Trade Commission) NOTE: The FTC will host an IN-PERSON press conference at FTC Headquarters, 600 Pennsylvania Ave, NW, Washington D.

FTC approves settlement with Google over YouTube kids privacy violations (Washington Post) The Federal Trade Commission has finalized a settlement with Google in its investigation into YouTube for violating federal kids' privacy laws, according to two people familiar with the matter who were not authorized to discuss it on record.

To Fight Terrorists, Follow the Money (Foreign Policy) Prosecuting money launderers is the best way to stamp out terrorism and corruption.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2019 FAIR Conference (National Harbor, Maryland, USA, September 24 - 25, 2019) Hosted by the FAIR Institute and our sponsoring partners, the 2019 FAIR Conference brings leaders in information and operational risk management together to explore best FAIR practices that produce greater...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Smoky Mountain Bigfoot Conference (Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.