skip navigation

More signal. Less noise.

What are the best practices and tools for SecOps in 2019?

Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.

Daily briefing.

The FTC this morning announced the final details of its settlement with Facebook. Reuters reports that Facebook will, in addition to its financial penalties, be required to establish a board-level privacy committee. CEO Zuckerberg will be expected to certify, quarterly, that the company is properly safeguarding user privacy.

The complaint accompanying the settlement asserts that Facebook misled users about use of their data, insecurely implemented two-factor authentication, and failed to properly inform users about the access third-party apps had to "friends'" data. The Washington Post headline calls the penalties "stunning," but this is a minority view, undercut by the article itself, which recounts the ways in which Facebook arguably got off lightly.

Digital Revolution has named the hackers, "0V1ru$," who gave them the FSB documents now posted online. The files are said to come from SyTech, a Moscow contractor working for Unit 71330, an FSB shop that Naked Security says does signals intelligence.

BlueKeep exploitation grew likelier with publication of a guide to weaponizing the vulnerability. Ars Technica says the explainer appears associated with Tencent KeenLab. It's been posted as a slide deck to GitHub.

The US National Security Agency is creating a new directorate for cybersecurity. The Wall Street Journal reports that the new organization will become operational on October 1st. It will be led by Anne Neuberger, formerly NSA's Chief Risk Officer. The directorate is said to represent a closer coupling of defensive and offensive capabilities.

The US Justice Department is opening an anti-trust investigation into Big Tech.

Notes.

Today's issue includes events affecting Bulgaria, China, Czech Republic, European Union, Iran, Italy, Democratic Peoples Republic of Korea, Romania, Russia, Turkey, United Kingdom, United States.

Bring your own context.

What good does the Sec in DevSecOps do, once the software is in production?

"Let's say you're doing a penetration test at the end of the application lifecycle. A lot of times, you're just scanning for known vulnerabilities. And I tell you what, when a hacker is trying to break into your system, they're not just scanning for known vulnerabilities, at least not the good ones who are trying to get into your system. And so what we're starting to do is add in tools that help build in security checks as you build and ship software. And a lot of that's actually about security testing."

—David Brumley, co-founder and CEO of ForAllSecure and a professor at Carnegie Mellon University, on the CyberWire Daily Podcast, 7.22.19.

If the process works as intended, the software that emerges is not only more secure, but it's more reliable as well.

With LookingGlass, it’s Game Over For Threat Actors

There are many weapons to choose from when it comes to cybersecurity solutions providers – and you must choose wisely. With LookingGlass Cyber Solutions as your security provider, its “Game Over” for threat actors trying to infiltrate your network. To learn more about our solutions, visit our experts at the LookingGlass Network & Chill Lounge, Mandalay Bay South, Palm A on level 3, August 7 & 8. Take a break from the hectic show floor for old school video games, happy hour from 3-7 PM, and a demo tailored to your organization’s security needs.

In today's podcast, out later this afternoon, we speak with our partners at Webroot, as David Dufour discusses security awareness training. Our guest is Emily Wilson from Terbium Labs, who speaks with us about the Federal Trade Commission’s investigation into complaints over YouTube’s improper collection of kids' online data.

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

FSB hackers drop files online (Naked Security) A hacking group that distributed files stolen from a Russian contractor to the media last week has published some of the documents online.

Chances of destructive BlueKeep exploit rise with new explainer posted online (Ars Technica) Slides give the most detailed publicly available technical documentation seen so far.

APT34 spread malware via LinkedIn invites (SC Media) FireEye researchers identified a phishing campaign conducted by APT34 masquerading as a member of Cambridge University to gain their victim's trust to open malicious documents.

Cybercrime gang adds new tactics to credit card data-stealing campaign (ZDNet) FIN8 is distributing new malware as part of its ongoing goal of stealing and selling payment information from customers of retailers and the hospitality sector.

ABADBABE 8BADF00D: Discovering BADHATCH and a Detailed Look at FIN8’s Tooling (Gigamon ATR Blog) FIN8 is a financially-motivated threat group originally identified by FireEye in January of 2016, with capabilities further reported on by Palo Alto Networks’…

Vigilante Hacker ‘Phineas Fisher’ Denies Working for the Russian Government (Vice) In a new book, a veteran cybersecurity reporter wrote that the infamous hacker who embarrassed surveillance vendors FinFisher and Hacking Team may be a Russian government agent. We caught up with Phineas Fisher and broke down the evidence.

Citrix Confirms Password-Spraying Heist of Reams of Internal IP (Threatpost) Security experts say the attack stemmed from weak cybersecurity controls.

Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways - Cofense (Cofense) The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. The attacks span major industries like banking, power, and media. Here’s how they work. Email Body: The email body is a genuine notification from WeTransfer which informs the victim that a file has been shared with them. The attackers utilise what appears to be compromised email accounts to send a genuine link to a WeTransfer hosted file. As these are legitimate links from WeTransfer, this allows them to travel...

Remote code execution vulnerability in VLC remains unpatched (ZDNet) The bug is present in VLC’s latest release.

GE Aestiva and Aespire Anesthesia (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE Aestiva and Aespire Anesthesia published July 9, 2019, on the ICS webpage on us-cert.gov.

NREL EnergyPlus (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: National Renewable Energy Laboratory (NREL) Equipment: EnergyPlus Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Mitsubishi Electric FR Configurator2 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities may enable arbitrary files to be read or cause a denial-of-service condition.

Emotet: A Technical Analysis of the Destructive, Polymorphic Malware (Bromium) Emotet is a modular loader that was first identified in the wild in 2014.[1] Originally Emotet was a banking Trojan designed to steal financial information from online banking sessions through man-in-the browser (MITB) attacks, but since 2017 it has been observed distributing other malware families, such as IcedID, Zeus Panda and TrickBot.[2] The malware has been actively developed, with each new version changing or extending its capabilities.

BEC Scammers Trick Employees Into Giving Away Customer Info (BleepingComputer) BEC scammers are now targeting a company's customers using a new indirect attack method designed to collect information on future scam targets by asking for aging reports from collections personnel.

COModo: From Sandbox to SYSTEM (CVE-2019–3969) (Medium) Antivirus (AV) is a great target for vulnerability hunting: Large attack surface, complex parsing, and various components executing with…

Comodo Antivirus Multiple Vulnerabilities (Tenable®) Multiple vulnerabilities were discovered in Comodo Antivirus / Comodo Antivirus Advanced. The following vulnerabilities were verified to be present in version 12.0.0.6810 of Comodo Antivirus, except CVE-2019-3973, which only affects versions up to 11.0.0.6582.

Flaws in widely used corporate VPNs put company secrets at risk (TechCrunch) Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets. Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, sai…

US Troops Using Russia-Connected FaceApp Urged to Be Cautious (Military.com) Senate minority leader Chuck Schumer wants a congressional investigation into FaceApp.

Deliveroo Accounts Are Being Hacked And Sold For Just $6 (Forbes) Hackers making big bizarre orders from stolen Deliveroo accounts, like a £150 order of ice cream and cakes.

Your Android’s accelerometer could be used to eavesdrop on your calls (Naked Security) Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more.

Lancaster University students’ data stolen in cyber-attack (the Guardian) Records and ID documents accessed and fake invoices sent in ‘malicious’ hack

Lancaster University phishing attack demonstrates vulnerability of higher education sector (SC Magazine) A data breach at Lancaster University exposed data including undergraduate applicant information and student records

Security Patches, Mitigations, and Software Updates

Google bans DarkMatter certificates from Chrome and Android (ZDNet) Mozilla previously banned DarkMatter certificates from Firefox at the start of the month.

Cyber Trends

IBM Study Shows Data Breach Costs on the Rise; Financial Impact Felt for Years (IBM News Room) IBM (NYSE: IBM) Security today announced the results of its annual study examining the financial impact of data breaches on organizations. According to the report, the cost of a data breach has...

Corporate Mobile Security Isn’t Cutting It | RSA Conference (RSA Conference Blog) Corporate Mobile Security Isn’t Cutting It

Beyond the Phish 2019 (Proofpoint) A strong cybersecurity posture has many facets.

Marketplace

Startup Foundry DataTribe Announces Second-Annual Cybersecurity Startup Challenge (PRWeb) DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies with nation-state experienced technical

Norsk Hydro cyber attack could cost up to $75m (ComputerWeekly.com) March 2019 ransomware attack could cost Norwegian aluminium giant up to $75m in the first half of the year, according to latest estimates.

Bitglass Announces Expansion Into Japan and Canada With New Offices and Strategic Hires (Yahoo) Bitglass, the Next-Gen CASB company, has just announced its expansion into two new markets with the opening of regional offices in Toronto, Canada as well as Tokyo, Japan. At the helm of the regional expansions are David Newall, Canada Country General Manager, and Yasuyuki Shinmen, Japan Country General

DarkMatter Group Expands Its Leadership Team (PR Newswire) Newly appointed EVP of Secure Solutions and EVP of Cyber Defense will play a vital role in delivering DarkMatter's smart and safe digital journey...

Products, Services, and Solutions

ThetaRay 4.0 With IntuitiveAI Gives Banks a Powerful New Weapon Against Financial Cybercrime (Yahoo) ThetaRay, a leading provider of AI-based Big Data analytics, today announced Version 4.0 of the company's namesake advanced analytics platform. ThetaRay's IntuitiveAI solutions replicate the powerful decision-making capabilities of human intuition to detect

Exabeam Security Management Platform Products Approved for Phase IV of the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program (Exabeam) The DHS’s CDM program helps strengthen the cybersecurity of government networks and systems

SearchLight's Biggest Ever Update: New Ways to Discover, Contextualize, and Prioritize Digital Risks (Digital Shadows) Since founding the company in 2011, we've had some memorable milestones: from the first release of SearchLight in 2014, to being named the Leader in Digital Risk Protection by Forrester in 2018. However, today's release marks the biggest and most exciting landmark to date.

WatchGuard Speeds Zero Day Malware Breach Detection from Months to Minutes (West) New AI-based breach mitigation capabilities enable IT solution providers and midsized businesses to automatically detect and remediate zero day threats and evasive malware within minutes

Authentic8 aims to protect DoD with secure browser (Intelligence Online) Californian start-up Authentic8 is looking to establish itself as the Pentagon main supplier of isolated web browser, as part of the security overhaul led by the Defense Information Systems Agency

Centrify Brings Enterprise-Grade Privileged Access Management to SMBs with Free Tier Password Vault (Yahoo) Centrify, a leading provider of cloud-ready Zero Trust Privilege to secure modern enterprises, today announced a free cloud-based Privileged Access Management (PAM) offering for the more than half of organizations that do not have a password vault. Centrify’s Free Tier Vault is available immediately

ThetaRay offering uses AI against financial cybercrime (Security Brief) ThetaRay version 4.0 enable banks to pinpoint activity that suggests money laundering, terrorist financing, human and drug trafficking, and other financial crimes.

Thycotic Launches High-Velocity Vault for Securing Access to DevOps Environments (Yahoo) New Product Centrally Stores and Controls Passwords and Secrets Used to Access Applications and Code WASHINGTON , July 23, 2019 /PRNewswire/ --  Thycotic , provider of privileged access management (PAM) ...

D3 Security Creates First Proactive Response Platform by Bringing Together SOAR and the MITRE ATT&CK Framework (BusinessWire) D3 Security has released ATTACKBOT, a unique solution that utilizes the MITRE ATT&CK framework to identify and address the entire kill chain.

Exabeam Security Management Platform Products Approved for Phase IV of the Department of Homeland Security’s Continuous Diagnostics and Mitigation Program (BusinessWire) Exabeam, the Smarter SIEM™ company, today announced that multiple Exabeam Security Management Platform (SMP) products have been approved for Data Prot

Built Like a TANK! Aertight Systems, Inc. Releases a Revolutionary New Wall-Mount, Rugged, Modular, Microsoft Windows Server That Replaces Rack and Tower Servers. (PR Newswire) Aertight Systems, Inc. announces the AERTIGHT™ Server Platform, its new line of rugged, all-in-one Microsoft...

Technologies, Techniques, and Standards

Europe seeks to harmonise smart grid security requirements (Smart Cities World) Baseline cyber-security requirements for smart meters and data concentrators have been announced which aim to raise standards across the industry.

‘Golden Age Of SIGINT May Be Over’: New Encryption Foils IC Eavesdropping (Breaking Defense) "End-to-end encryption of all communications and data, differential privacy, and secure communications for all users are likely to be the new reality," says a new DARPA-funded study.

A Shift in Mindset: 7 Practical Ideas Every CISO Should Know About Threat Hunting (Bricata) As CISOs and security leaders build out enterprise threat hunting programs, we put together a list of practical ideas we've seen around the concept.

Overcoming the Dangers of Virtual Private Networks (DH2i) Most consumers regard Virtual Private Networks (VPNs) as a credible means of securing their data transmissions and overall privacy. Few realize VPNs were initially designed to provide these benefits for on-premise settings, offering only limited efficacy on the assortment of mobile, hybrid cloud, and multi-cloud technologies commonly used today. In fact, in these environments it’s Read More...

Security or compliance? Stop choosing between them (Help Net Security) The difference between security and compliance is more than just process. It’s philosophy and practice. Compliance can be one tactical execution of a

Tricking attackers through the art of deception (Help Net Security) In cybersecurity, deception is redundant if it cannot fulfill its critical aim – to misdirect, confuse, and lure attackers into traps and dead-ends. It is

Thwart the pressing threat of RDP password attacks (Help Net Security) How long does it takes for Internet-facing, RDP-enabled computers to come under attack? In some cases, a few minutes. In most, less than 24 hours.

Report: CFPB should assess risks to cloud systems before their deployment (FedScoop) The Consumer Financial Protection Bureau hasn’t comprehensively assessed risks prior to deploying new cloud systems, according to a recent report. As a result, CFPB hasn’t issued a Federal Risk and Authorization Management Program provisional authority to operate (P-ATO) for a cloud system supporting its Consumer Response Call Center. The system itself wasn’t identified in the Federal …

Research and Development

UTSA launches open source software to secure the cloud for users (UTSA Today) UTSA has launched Galahad, an open source revolutionary user computer environment (UCE) for the Amazon Cloud.

Academia

DHS Announces $10.5M Funding Opportunity to Establish MBA in Security Technology Transition (Newswise) DHS is seeking proposals from accredited U.S. universities to educate and build the capabilities of DHS employees. The DHS S&T today announced a $10.5 million funding opportunity for a new DHS Center of Excellence (COE) to develop an Executive Master of Business Administration (EMBA) program focused on security technology transition from federal research and development to operational use.

Legislation, Policy, and Regulation

China to Release New White Paper on National Defense: What to Expect (The Diplomat) China’s strategic environment and capabilities have transformed considerably in the four years since the last document.

China's Huawei Faces New Allegations Over Cyber Security (Forbes) The Czech media have published new evidence about Huawei's dealings in the Czech Republic.

Here’s the clearest evidence yet of why Huawei can’t be trusted, and it involves North Korea (Yahoo News) Up to this point, Huawei has made a valiant effort at defending its reputation against a US-led opposition campaign that's stoked fears the company is basically a proxy for the Chinese central government and security apparatus. Pressed to defend its actions and ban of the company's products,

UK govt delays Huawei security decision, tightens cyber-guards (SC Magazine) UK government delays decision on allowing Huawei to set up 5G network, but pledges to tighten up cyber-security in telecoms sector

Tech firms “can and must” put backdoors in encryption, AG Barr says (Ars Technica) He's tired of "dogmatic announcements that lawful access simply cannot be done."

Barr Says Police Need Encryption Backdoors, Doesn’t Mention Hacking Tools They Use All the Time (Vice) Barr reignited demands for tech companies to find a technical solution to the ‘Going Dark’ issue, but neglected to mention in his keynote speech that law enforcement agencies use hacking techniques to bypass encryption.

Analysis | The Cybersecurity 202: Attorney General Barr fires up the encryption debate (Washington Post) Security and privacy experts pounced on his remarks.

Attorney General Delivers Address on Encryption at Cybersecurity Conference (Lawfare) Attorney General William Barr delivered a keynote address at the International Conference on Cyber Security. The speech can be read here.

NSA Forms Cybersecurity Directorate Under More Assertive U.S. Effort (Wall Street Journal) The National Security Agency will create a cybersecurity directorate later this year as part of an effort to align the agency’s offensive and defensive operations more closely, as it aims at “persistent engagement” in cyberspace against foreign adversaries like Russia, China and Iran.

NSA to establish a defense-minded division named the Cybersecurity Directorate (ZDNet) The NSA's new Cybersecurity Directorate to become operational in October.

NSA to establish new Cybersecurity Directorate to boost defense - CyberScoop (CyberScoop) The National Security Agency is creating a Cybersecurity Directorate to better protect the country against cyberthreats from foreign adversaries, NSA Director Gen. Paul Nakasone said Tuesday. Anne Neuberger will be the intelligence agency’s first director for cybersecurity.

NSA creates new cybersecurity arm to combat foreign threats (CNN) The National Security Agency announced Tuesday it is creating a new Cybersecurity Directorate, which will "unify NSA's foreign intelligence and cyberdefense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base."

U.S. Elections Are Still Not Safe From Attack (Foreign Affairs) Congress can change that if it acts fast.

The challenge (and benefit) to a more open intelligence community (C4ISRNET) Principal Deputy Director of National Intelligence Sue Gordon says that as foreign powers increasingly target the private sector and general public, the intelligence community needs to be more open and share more information publicly. That could be a net positive for business relations.

Esper confirmed as new defense secretary, ending Pentagon leadership uncertainty (Defense News) The Pentagon had gone more than 200 days without a permanent leader.

Litigation, Investigation, and Law Enforcement

Justice Department to Open Broad, New Antitrust Review of Big Tech Companies (Wall Street Journal) The Justice Department is opening a broad antitrust review into whether dominant technology firms are unlawfully stifling competition, according to department officials.

US announces antitrust review of Big Tech firms (AFP.com) The United States on Tuesday announced it would begin an antitrust review of major online platforms to determine if they have "stifled" innovation or reduced competition.

Justice Department Reviewing the Practices of Market-Leading Online Platforms (US Department of Justice) The Department’s review will consider the widespread concerns that consumers, businesses, and entrepreneurs have expressed about search, social media, and some retail services online. The Department’s Antitrust Division is conferring with and seeking information from the public, including industry participants who have direct insight into competition in online platforms, as well as others. 

Analysis | The names you’ll hear in the Mueller hearing (Washington Post) The Mueller report relied on the testimony of some not-household names in President Trump’s orbit.

Justice Department tells Mueller not to answer a wide swath of questions (Washington Post) “You can expect him to stick pretty close to the four walls of the report come Wednesday,” a spokesman said.

FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook (Federal Trade Commission) NOTE: The FTC will host an IN-PERSON press conference at FTC Headquarters, 600 Pennsylvania Ave, NW, Washington D.

U.S. government issues stunning rebuke, historic $5 billion fine against Facebook for repeated privacy violations (Washington Post) The U.S. government on Wednesday issued an unprecedented rebuke of Facebook after a year of massive privacy mishaps, charging the company deceived its users and "undermined" choices they made to protect their data as part of a settlement that requires the tech giant to pay $5 billion and submit to significant federal oversight of its business practices.

Facebook Settlement Requires Mark Zuckerberg to Certify Privacy Protections (Wall Street Journal) Facebook CEO Mark Zuckerberg will have to personally certify that the company is taking steps to protect consumer privacy under a settlement expected to be announced with the Federal Trade Commission Wednesday.

Facebook deceived users about the way it used phone numbers, facial recognition, FTC to allege in complaint (Washington Post) The FTC will allege Facebook was not clear that advertisers could target users who submitted their numbers as part of a security feature and will contend that Facebook gave some people inadequate information about ways to opt out of some facial recognition features. It will not, however, require Facebook to admit guilt, the sources said.

Bulgarian tax office hacker accused of looking for data on the country's prime minister and other VIPs (Computing) Police in Bulgaria claim the results of the search were found on the hackers' PC

IRS missing basic IT security measures (Fifth Domain) The federal government's watchdog recommends the Internal Revenue Service implement over 100 old and new recommendations to address a significant deficiency in the agency's control over its reporting systems.

3 Romanian men sentenced for hacking US servers (Washington Post) Federal prosecutors in Georgia say three men who hacked U.S. computers from Romania have been sentenced to U.S. federal prison for a fraud scheme totaling more than $21 million

Federal judge refuses to dismiss $224M lawsuit against AT&T for SIM-swap bungle (Hard Fork | The Next Web) AT&T must answer to a $224 million lawsuit related to a devastating SIM-swapping incident in 2017, which saw $24 million in cryptocurrency stolen.

Utah awarded $1.4 million as part of ‘largest data breach enforcement action in history’ (St. George News) The Utah Attorney General’s Office has announced its part in a sweeping settlement action against credit monitoring giant Equifax after a 2017 security breach left the data of nearly half of all Americans vulnerable.

Man arrested over UK's Lancaster University data breach hack allegations (Register) 25-year-old Bradfordian cuffed by NCA over '20k' records breach

Two police officers fired for Facebook post that suggested Ocasio-Cortez should be shot (Washington Post) Gretna Police Chief Arthur Lawson called the officer's comment "disturbing" and said "we are not going to tolerate that.”

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, July 24 - 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

Smoky Mountain Bigfoot Conference (Gaitlinsburg, Tennessee, USA, July 27, 2019) Join us for the first ever Smoky Mountain Bigfoot Conference. We have some of America's most experienced Bigfoot researchers and investigators including Cliff Barackman, Bigfoot Field Researcher and co-host...

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.