skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Capital One's reputation and stock price have taken a hit from the data breach the financial services company disclosed this week, the Wall Street Journal reports. Another Journal headline calls the incident an example of the "insider threat," but it seems instead to be a familiar case of misconfiguration allowing unauthorized access to data in the cloud. The accused hacker, Paige Thompson, seems to have had the technical wherewithal to pull the caper off, but in other respects seems to struggle with problems with living (again, as reported by the Wall Street Journal). And as WIRED notes she didn't cover her tracks particularly effectively. Forbes says that Thompson may be under investigation in connection with other incidents.

Capital One is now the subject of at least one class-action suit, Reuters reports. New York's attorney general has opened an investigation.

SecurityWeek has an account of Google's discovery of five iOS vulnerabilities.

CISA has distributed a warning about vulnerabilities in small aircraft CAN buses. "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment." It would be possible to deliver false instrument readings to the pilot, and that could cause the pilot to lose control of the aircraft. The immediate recommendation for mitigation is to restrict physical access to aircraft. The warning is based on research by Rapid7; their report includes a lucid overview of what the CAN bus is.

Notes.

Today's issue includes events affecting Australia, Bulgaria, China, Estonia, European Union, France, Germany, India, Israel, Italy, Japan, Republic of Korea, NATO/OTAN, Netherlands, Russia, Singapore, United Kingdom, United States.

Bring your own context.

An observation on the range wars between free-wheeling innovation and efforts to control fraudulent apps.

"A lot of apps that we've come across don't have a known website... It could be, you know, "Marcelle at Marcelle dot com" has created some app. So basically, they just join the Google Developer network, and most of the exchange between the developer and the Google Play Store is done via API access. But the barrier to entry is pretty low. And Google, of course, does monitor for bad activity, but like everything else in this field, it's whack-a-mole. It's almost impossible to keep up with everything that's being placed in the Play Store."

—Marcelle Lee, principal threat intel researcher at White Ops, on the CyberWire's Research Saturday for 7.27.19.

Some walled gardens are walled with chain link. And sure, there's a gate, but the latch isn't that hard to operate. Still, Google Play is a better bet than some dodgy third-party store..."Mad John's House of Apps and Smoke-damaged Furniture"....

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland, as Jonathan Katz speculates about what a quantum internet might involve. Our guest is Jessica Gulick from Katzcy Consulting, and she gives us a preview of the Wicked6 eSports-style cyber competition coming to Las Vegas during Black Hat & Defcon. 

XM Cyber is coming to Black Hat (Las Vegas, Nevada, United States, August 3 - 8, 2019) Visit XM Cyber at our booth 875, to experience the first fully automated APT simulation platform to Simulate, validate and remediate hackers’ path to organizational critical assets.

Codenomicon August 6 Skyfall Lounge Las Vegas (Las Vegas, Nevada, United States, August 6, 2019) Black Hat is just around the corner! Join Synopsys at our exclusive cyber security professional event—codenomi-con. We’ll kick off a night of entertainment, networking, and leadership Aug. 6 at 6 p.m. Register today!

Courageous Women CISO Brunch with Synack and CyberWire at Black Hat (Las Vegas, Nevada, United States, August 7, 2019) Connect and Collaborate with Fellow CISO Security Leaders at Black Hat. As always, you can expect an intimate environment with delicious food, refreshing drinks, and great company. Join us Wednesday, August 7, 10:00 AM at Delano Las Vegas, Suite TBD.

Wicked6 Cyber Games (Las Vegas, Nevada, United States, August 8, 2019) Wicked6 is a fundraiser and cybersecurity exhibition in a thrilling esports arena in Las Vegas on August 8, 2019. It’s a week when cybersecurity leaders from around the world come to Las Vegas, and all are welcome to come by to experience this exciting and unique cyber competition as a player, sponsor, or avid fan. Wicked6 will raise funds for the Women’s Society of Cyberjutsu, a national 501(c)(3) nonprofit that promotes training, mentoring and more to advance women and girls in cybersecurity careers.

Cyber Attacks, Threats, and Vulnerabilities

Sephora in damage control after Aussies' data leaked (SmartCompany) Cosmetics retailer Sephora has become the latest business to fail in its responsibility to safeguard the personal data of its customers.

Q&A: What to Know About the Capital One Data Breach (SecurityWeek) A hacker obtained Social Security and bank account numbers in some instances, as well other information such as names, birthdates, credit scores and self-reported income from Capital One.

Capital One Breach Highlights Dangers of Insider Threats (Wall Street Journal) The breach disclosed by Capital One this week highlights an uncomfortable truth: It’s almost impossible to stop a determined hacker with inside knowledge of a firm’s systems.

Capital One Hacking Suspect Showed Strange Online Behavior (Wall Street Journal) The 33-year-old woman accused of executing one of the largest-ever data thefts at a bank showed strange behavior online in recent months, at times bragging about her exploits and discussing deep struggles in her personal life.

The Alleged Capital One Hacker Didn't Cover Her Tracks (WIRED) In a criminal complaint, the FBI detailed how a hacker allegedly stole data from 100 million people—and how she got caught.

Capital One Hack Hits the Reputation of a Tech-Savvy Bank (Wall Street Journal) Capital One has been known as a bank that plowed into new technology. But a recent hack could shift the lender’s approach from advantage to liability.

Capital One looked to the cloud for security. But its own firewall couldn’t stop a hacker. (Washington Post) On Monday, the company disclosed a data breach affecting 100 million credit card applications.

Capital One Breach Casts Shadow Over Cloud Security (Wall Street Journal) The recent high-profile data breach at a top proponent of cloud computing could reignite debate among financial institutions about using such outside vendors.

AWS says it wasn't breached in Capital One hack (CRN Australia) Former AWS employee obtained personal info of about 100 million Americans.

'I live in constant fear' Bulgaria data breach victim says (Reuters) Mariana Krasteva, a 55-year old engineer, is one of more than four million Bulga...

U.S. Issues Hacking Security Alert for Small Planes (SecurityWeek) The Department of Homeland Security issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.

Hackers can take control of the flight computers on newer small aircraft, according to a Department of Homeland Security alert (Business Insider) The Department of Homeland Security plans to issue a security alert for small planes, warning that modern flight systems are vulnerable to hacking.

CAN Bus Network Implementation in Avionics (CISA) 1    EXECUTIVE SUMMARY CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft. CISA is issuing this alert to provide early notice of the report.

[Security Research] CAN Bus Network Integrity in Avionic Systems (Rapid7 Blog) Rapid7's recently released research report examines the security (or lack thereof) of CAN bus networks in small aircraft.

[Security Research] CAN Bus Network Integrity in Avionics Systems (Rapid7) Modern aircraft use CAN bus systems to communicate, display information, and control systems for pilots. How secure are these avionics systems? Learn more.

New Loader Variant Behind Widespread Malware Attacks (Threatpost) Malware infection technique called TxHollower gets updated with stealthy features.

Windows 10 Warning: 250M Account Takeover Trojan Disables Windows Defender (Forbes) Windows 10 users are fortunate in having pretty good malware protection in the form of Windows Defender, right out of the box. Until, that is, malware figures out a way to not only evade detection but disable Defender altogether.

Cyber attacks pioneered by North Korea now spreading to other threat actors, F-Secure warns (Computing) Financial companies are increasingly being targeted by organised crime and state-sponsored actors

Finance sector: A one-stop shop for attackers (Fintech Finance) Thieves have been stealing money from banks since the 18th century. And while today’s thieves use cyber attacks to steal money from financial institutions, a new report from cyber security provider…

Google Researchers Find Remotely Exploitable Vulnerabilities in iOS (SecurityWeek) Security researchers working with Google’s Project Zero have discovered a series of five vulnerabilities in Apple’s iOS platform, some of which can be exploited without user interaction.

Apple iMessage Flaw Lets Remote Attackers Read Files on iPhones (BleepingComputer) An iMessage vulnerability patched by Apple as part of the 12.4 iOS update allows potential attackers to read contents of files stored on iOS devices remotely with no user interaction, as user mobile with no sandbox.

Wind River VxWorks (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection or Modification 2.

Many control system vulnerabilities are not “new”, they are often just rediscovered (Control Global) New control system vulnerabilities often are not “new”, just rediscovered and not adequately disclosed or addressed. Examples are the VxWorks operating system vulnerabilities and the ABB MicroSCADA.

BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack (Dark Reading) The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.

Hackers target Telegram accounts through voicemail backdoor (Naked Security) As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.

Truecaller bug covertly signs up Indians for UPI account amid hacking fears (ETCIO.com) In a nightmare for thousands of Truecaller users in India, a so-called bug automatecally created their Unified Payments Interface (UPI) accounts with ..

Prima Systems FlexAir (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities: OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site Scripting, Exposure of Backup file to Unauthorized Control Sphere, Improper Authentication, Use of Hard-coded Credentials 2.

Cyberattackers strike fourth Louisiana school district, Tangipahoa Parish, others taking precautions (The Advocate) Tangipahoa Parish has become the latest victim in a series of cybersecurity attacks on Louisiana schools that prompted an emergency declaration and has officials scrambling to mitigate damage ahead of

Louisiana governor updates cyber summit on threat to his state’s school districts (KSLA) In wake of attacks in 4 parishes, thousands of computers must be re-imaged before classes start

Our View: Luzerne County cyber attack a matter of national security (Times Leader) Making the rounds on social media in recent months has been a quote about national strife widely attributed to President Abraham Lincoln. “America will never be destroyed from the outside,” the Great…

Cyber attack of a historic coast attraction raises awareness of digital security (WLOX) The Instagram account of Beauvoir, the Presidential home of Jefferson Davis, was the target of an online attack Monday morning.

Security Patches, Mitigations, and Software Updates

Telegram rolls out fix for voicemail hack used against Brazilian politicians (ZDNet) Telegram reacts after hackers have hijacked more than 1,000 accounts in Brazil.

Comodo releases hotfix for antivirus security vulnerabilities (The Daily Swig | Web security digest) Update addresses numerous bugs disclosed by Tenable last week

Cyber Trends

Most Security Pros Think Recent GDPR Fines Won’t Affect Policies (The State of Security) Are the GDPR fines high enough to produce meaningful change in organizations’ security policies and procedures? Most security professionals think not.

The State of Digital Lifestyles 2019 (Limelight) Consumers in France, Germany, India, Italy, Japan, Singapore, South Korea, the United Kingdom, and the United States age 18 and older who had downloaded software or streamed online video or music during the last month were asked questions about how digital technology has impacted their lives, how they interact with digital media, and the adoption rate of digital assistants and internet-connected devices. Key findings of this report include:

Ponemon Study: 53% of IT Leaders Don’t Know if Cybersecurity is Working (AttackIQ) Read this new report sponsored by AttackIQ, Inc. which is based on Ponemon Institute research evaluating the efficacy of enterprise security strategies. Ponemon surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organization's IT security strategy, tactics and technology investments.

Boxcryptor Customer Survey 2019 - Results (Boxcryptor) We learned: Recommendation plays an increasing role when it comes to encryption and Dropbox still is the most popular cloud drive. Read the full evaluation now.

N.J. cyber firm dials up online security study (ROI-NJ) How many phishing attacks were attempted in 2018? Try 482.5 million. Over twice as many attempts as the prior year. Roseland-based computer security company, Sectigo — formerly Comodo CA — sponsored a study conducted by the Georgia Institute of Technology Cyber Forensics Innovation Laboratory to determine correlation between online crime and sites with extended validation. …

Security trends to follow at Black Hat USA 2019 (Help Net Security) Here's a list of the most engaging content and identify the most compelling cybersecurity trends highlighted in the agenda for Black Hat USA 2019.

Ireland is at international crossroads and in the crosshairs for cyber attack (Irish Examiner) In the real world, our defences are adequate for about as long as we are lucky enough to be left alone, writes Gerard Howlin

Marketplace

Jamie Dimon's worst fears for the banking industry realized with Capital One data hack (CNBC) Bank CEOs including Jamie Dimon have been highlighting the risks of a cyberattack for years.

Capital One sees billions in lost value after hack — and its headaches are likely to continue (Washington Business Journal) Capital One Financial Corp. (NYSE: COF) might expect to pay only up to $150 million as it deals with the fallout of a data hack that exposed the information of 106 million people — but its shareholders collectively paid much more.

More Tech Improvements Ahead, Equifax Says (Wall Street Journal) The credit-reporting firm says it has made substantial improvements in technology under new leadership since revealing its data breach in 2017, and it plans to continue upgrading its cybersecurity defenses.

Jamf Acquires Digita Security, Creators of Enterprise Endpoint Protection Built Exclusively for Mac (Jamf) Jamf announced today its acquisition of Digita Security, creators of enterprise-grade, purpose-built endpoint protection solutions designed to protect Mac users from malicious activities

Confluera Raises $9M, Unveils 'Real-time Attack Interception and Defense' Platform (SecurityWeek) Palo Alto, California-based start-up Confluera has simultaneously announced a Series A funding round of $9 million and the launch of its new Real-time Attack Interception and Defense (RAID) platform.

Multicoin Leads $20 Million Round for Speed-Focused Solana Blockchain (CoinDesk) Claiming it can handle many more transactions per second than existing blockchains, Solana has raised capital to ramp up development.

Truework raises $12 million to verify people’s identity automatically (VentureBeat) Truework, a San Francisco-based developer of cloud-hosted identity verification solutions, has raised $12 million in venture capital.

VMware to acquire AI startup Uhana to boost telco portfolio (CRN Australia) Uhana's platform virtualises network operations for mobile carriers and apps.

CenturyLink is working to increase cybersecurity (AZ Big Media) Black Lotus Labs, the threat research and operations arm of internet service provider (ISP) CenturyLink, is working to combat cyberattacks.

Capgemini hails 'remarkable' UK performance (CRN) French system integrator praised UK region for growth in public sector business

Mocana Expands Executive Team to Lead Rapid Company Growth (West) Internet of Things (IoT) Cyber Protection Leader Names New Chief Marketing Officer, Chief Revenue Officer, VP of Customer Success and Chief Finance Officer, Following Influx of Company Momentum

Products, Services, and Solutions

Perimeter 81 Partners with SentinelOne to Deliver Fully Automated, Zero Trust Network Security and Endpoint Protection (PR Newswire) Perimeter 81, a pioneer in zero trust software-defined network access, has partnered with SentinelOne, the...

Asigra Unveils OpEX Backup Appliance Integrated with Zadara's Enterprise Storage-as-a-Service (Benzinga) New Solution Combines Cybersecurity-Powered Asigra Cloud Backup with the Zadara Enterprise Storage-as-a-Service to Protect Business Data.

Gurucul Behavior Based Network Traffic Analysis Detects Unknown Threats (Yahoo) Network Traffic Analysis Solution Identifies Compromised Devices Using ML/AI on Contextual NetFlow and Packet Inspection Data

Glasswall Solutions’ FileTrust Now Available in the Cloud (BusinessWire) Glasswall Solutions is adding an up-to-date offering of its Glasswall FileTrust, which will be managed 100% in the cloud.

Aqua Security Introduces Native Runtime Protection for Pivotal Cloud Foundry (Aqua) Expansion of the Aqua-Pivotal collaboration delivers comprehensive security for application development and production environments on PCF BOSTON

Attivo Networks Tightens Detection Net on Attacker Lateral Movement (Dark Reading) Innovations in deception technology aim to lock down endpoints so attackers can't advance.

New Net Technologies Adds Vulnerability Management to its Portfolio in New Partnership with Greenbone Networks (PR Newswire) Greenbone Networks, a leading provider of vulnerability management, today announced it is partnering with US and...

Microsoft Makes Azure Security Center for IoT Generally Available (SecurityWeek) Azure Security Center for IoT helps secure IoT projects within corporate environments (such as Azure Sentinel, OPC Twin, OPC Vault, and more).

Meet NordLynx – the new solution for a fast and secure VPN connection (NordVPN) Being forever-curious and imaginative geeks, we at NordVPN are always open to innovation. Today we are excited to announce our latest project: the NordLynx technology built around the WireGuard® protocol.

Technologies, Techniques, and Standards

How the Army is strengthening cyber cities (Fifth Domain) An upcoming exercise will test how cities in South Carolina and Georgia respond to cyber incidents, as well as how those local incidents can affect overseas military deployments.

95% of Pen Test Problems Can Be Easily Resolved (Infosecurity Magazine) Problems found in the majority of penetration tests can be resolved with straight-forward fixes

Breaches Highlight Why Password Protecting Systems Alone Falls Short (Nucleus Cyber) Several recent high profile breaches had a common single point of failure – location based security. Data-centric security is necessary to properly protect sensitive data.

Research and Development

Scientists in Japan claim laser-based quantum internet breakthrough (Computing) Quantum internet technology would make 100 per cent secure internet communications possible

Identity Threat and Assessment Prediction (ITAP) (University of Texas at Austin Center for Identity) Identity Threat Assessment and Prediction (ITAP) is a risk assessment tool that increases fundamental understanding of identity theft processes and patterns of criminal behavior. ITAP aggregates data on identity theft to analyze and describe identity vulnerabilities, the value of identity attributes, and their risk of exposure.

Academia

Brooklyn program aims to hack diversity in cybersecurity (Brooklyn Eagle) NYU Tandon School of Engineering is looking to diversify tech.

Legislation, Policy, and Regulation

Russia Solidifies Grip on its Cyberspace, via the Sovereign Internet Law (International Policy Digest) The Internet created open-ended cyberspace, but recent legislation by the Kremlin brings into question the correlation between citizen freedom and national interest.

'Five Eyes' alliance calls for backdoor access to WhatsApp and other encrypted communications (Computing) GCHQ has suggested that tech firms' communication services should be able to surreptitiously add intelligence agents to conversations or group chats

Netherlands' government: Staff shouldn't use Office due to privacy problems over telemetry (Computing) Report recommends against using Office Online or Office mobile apps over exfiltration of data

Estonia debuts first-ever cyber diplomacy training (CyberScoop) Dozens of NATO and EU diplomats who focus on cybersecurity issues descended upon Estonia last week for their first-ever “summer school” training on cyber diplomacy.

Senate to consider US-Israel Cybersecurity Center (The Jerusalem Post) The act, presented before Senate on Wednesday, is a bipartisan legislation meant to promote joint US-Israeli hi-tech security cooperation.

New bill would ban autoplay videos and endless scrolling (The Verge) Taking aim at "features that are designed to be addictive."

Democrats take another stab at preventing foreign election interference (TheHill) House Democrats introduced legislation Tuesday that would require campaigns to report any foreign contacts to federal authorities, the latest push for election security following last week's warnings from former special counsel Robert Mu

Analysis | The Cybersecurity 202: Liberal and moderate Democratic candidates disagree on election security, too (Washington Post) Here's what candidates could have said.

Analysis | The Cybersecurity 202: Mitch McConnell just made sure election security will be key Senate campaign issue (Washington Post) The dispute over legislation is spreading on the campaign trail.

The next cybersecurity concern for NATO? Space (Fifth Domain) A new report warns that the cybersecurity vulnerabilities related to military space systems, specifically terminals and command-and-control systems, deserves renewed attention from NATO countries.

How Leon Panetta’s ‘Cyber Pearl Harbor’ warning shaped Cyber Command (Fifth Domain) In 2012, then-Defense Secretary Leon Panetta warned that a cyber attack on critical infrastructure could have catastrophic consequences rivaling Pearl Harbor.

Head of SEC Enforcement Dept. for Cryptocurrency, Cyber Security Resigns (Cointelegraph) The chief of the SEC Division of Enforcement's Cyber Unit has resigned, after around two years of leading investigations involving crypto and cyber security.

Robert A. Cohen, Cyber Unit Chief, to Leave SEC After 15 Years of Service (US Securities and Exchange Commission) The Securities and Exchange Commission today announced that Robert A. Cohen, Chief of the Division of Enforcement's Cyber Unit, will be leaving the agency in August after 15 years of service.

Litigation, Investigation, and Law Enforcement

DOJ Says Capital One Mega Breach Suspect Could Face More Charges—Did She Hack Multiple Companies? (Forbes) Accused Capital One hacker appears to have posted Slack references to other breaches. Other victims may include a major international telecoms company and an Ohio government department.

New York Attorney General's Office opens probe into Capital One data breach (Computing) Personal details of more than 100 million people in the US and Canada were compromised in the data breach - linked to a misconfigured firewall

Capital One is sued over data breach in proposed class action (Reuters) Capital One Financial Corp was sued on Tuesday after the bank said a hacker who ...

U.S. judge tosses Democratic Party lawsuit against Trump campaign,... (Reuters) A U.S. judge on Tuesday dismissed a Democratic Party lawsuit arguing that the Ru...

NY Federal Judge Throws Out Democratic National Committee's Suit Over Russian Hacking (New York Law Journal) Koeltl said the Foreign Sovereign Immunities Act shielded the Russian Federation from being sued in federal court, and 'second-level participants' were protected under the First Amendment for their roles in sharing information that had been illegally obtained.

Chinese President’s Cousin Draws Scrutiny of Australian Authorities (Wall Street Journal) Ming Chai, who is a cousin of Chinese President Xi Jinping and has been a high-stakes gambler, is on the radar of Australian authorities investigating organized crime, money laundering and alleged Chinese influence-peddling.

Why did the Pentagon spend $32.8M on risky tech? (Fifth Domain) The Defense Department spent at least $32.8 billion on technology in 2018 that threatens national security, according to an inspector general’s report.

US chases fraudulent bitcoin exchange BTC-e for $100m (Naked Security) Two years ago, the US government fined an international cybercriminal and his fraudulent bitcoin exchange over $100m. Now, it’s going after them for the money.

German prosecutors charge former Audi boss with fraud over 'dieselgate' (France 24) German prosecutors charge former Audi boss with fraud over 'dieselgate'

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber:Secured Forum 2019 (Dallas, Texas, USA, July 29 - 31, 2019) Cyber:Secured Forum delivers two days of in-depth content on cybersecurity trends and best practices related to the delivery of physical security systems and other integrated systems. Collaboratively developed...

Community College Cyber Summit (3CS) (Bossier City, Louisiana, USA, July 30 - August 1, 2019) The 2019 Community College Cyber Summit (3CS) at Bossier Parish Community College in Louisiana marks the sixth annual edition of 3CS. 3CS is the only national academic conference focused on cybersecurity...

New York City Cybersecurity Conference (New York, New York, USA, August 1, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

IT & Cyber Day at Aberdeen Proving Ground (Aberdeen, Maryland, USA, August 1, 2019) Aberdeen Proving Grounds (APG) provides technology life cycle management for the US Army and the various commands involved in the fielding and closeout of their technologies. The Cyber and IT Day expo...

Sacramento Cybersecurity Conference (Sacramento, California, USA, August 8, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.