skip navigation

More signal. Less noise.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

Daily briefing.

Like the CyberWire? Share it with a friend or colleague.

If you find the CyberWire adds value to your day, why not share it with colleagues who might also benefit? Send them an invitation to subscribe. (After all, the price--free--is right.) And, as always, thanks for reading.

Sucuri has a proof-of-concept exploit for an SQL-injection vulnerability in the core of the widely-used Magento e-commerce platform. As Ars Technica points out, the vulnerability is so potentially lucrative that criminals can be expected to exploit it in the wild as soon as they have the means to do so. About three-hundred-thousand e-commerce sites use Magneto.

Trend Micro has found that Emotet is being used to distribute a ransomware loader.

Digital Shadows outlines a criminal typosquatting campaign targeting other criminals on the dark web.

Huawei, bellwether of China's tech sector, continues to receive a mixed reception abroad. The EU has finessed security concerns about the company's participation in 5G networks, Australia and the US are unrepentant in their wish to keep Huawei out, and the UK has harshly criticized the company's failure to remediate security issues. The Register characterizes Huawei's efforts to address known router vulnerabilities as "half-arsed" (it's an industry term). WIRED expresses the current mood about risks surrounding the company's products as a feeling that it's not the backdoors, but the bugs that matter.

Correctional authorities in Finland have an idea for training artificial intelligence: have prisoners answer questions and use their answers to make the AI smarter. The country's Criminal Sanctions Agency has contracted with AI firm Vainu to provide the inmates' labor to the project. It's seen as a win-win-win: the jailers keep their charges busily on the road to rehabilitation, the prisoners get learning and self-improvement, and the machines get smarter. Or at least street-smarter.

Notes.

Today's issue includes events affecting Australia, Canada, China, Estonia, European Union, Finland, Iran, Republic of Korea, Latvia, Lithuania, NATO/OTAN, Russia, Ukraine, United Kingdom, United States.

The spelling of "Magento" has been corrected in the summary.

Global Threat Report: Year of the Next-Gen Cyberattack

Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.

In today's podcast, out later this afternoon, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses news that law enforcement agencies are encrypting their radio communications. Our guest is Lorrie Cranor, director of CyLab at Carnegie Mellon University.

Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th (Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

In Ukraine, Russia Tests a New Facebook Tactic in Election Tampering (New York Times) With Facebook focused on weeding out fake pages, Russian agents are spreading propaganda on the pages of real people willing to sell or rent them out.

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (CSO Online) Iran-linked hacker group switches techniques from Shamoon wiper attacks to WinRAR exploits.

Lazarus Group Widens Tactics in Cryptocurrency Attacks (Threatpost) macOS users as well as Windows are in the cross-hairs, especially those based in South Korea.

Emotet-Distributed Ransomware Loader for Nozelesn Found via Managed Detection and Response (TrendLabs Security Intelligence Blog) We discovered the modular Emotet malware distributing the Nozelesn ransomware through our managed detection and response (MDR) monitoring.

The Huawei Threat Isn't Backdoors. It's Bugs (WIRED) A British report finds that Huawei equipment, suspected of including backdoors for China's government, suffers from a lack of "basic engineering competence."

Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole (TrendLabs Security Intelligence Blog) We discovered a phishing campaign that compromised at least four South Korean websites by injecting fake login forms to steal user credentials. While we’ve previously seen cybercriminals inject a malicious JavaScript code in the websites to load browser exploits or financial information skimmers, using the watering hole technique for a phishing campaign is unusual.

LockerGoga: The Newest Industrial Ransomware Threat (Threatpost) Researchers are still looking for answers when it comes to LockerGoga's initial infection method – and what the attackers behind the ransomware really want.

Thirty-six new security flaws found in 4G mobile networks (Computing) South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'

Pydio 8 Multiple Vulnerabilities (SecureAuth) 1. Advisory Information. Title: Pydio 8 Multiple VulnerabilitiesAdvisory ID: SAUTH-2019-0002Advisory URL: https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities  Date published: 2019-03-28Date of last update: 2019-03-28Vendors contacted: PydioRelease mode: Coordinated release

Rockwell Automation PowerFlex 525 AC Drives (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.5ATTENTION: Exploitable remotely/low skill level to exploitVendor: Rockwell AutomationEquipment: PowerFlex 525 AC DrivesVulnerability: Resource Exhaustion2. RISK EVALUATIONSuccessful exploitation of this vulnerability could result in resource exhaustion, denial of service, and/or memory corruption.

Spyware app exposes private photos, hosting provider steps in (Naked Security) A hosting company has taken down a database owned by a mobile spying app after it was found displaying phone owners’ intimate images online.

HTTPS Isn't Always As Secure As It Seems (WIRED) A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear.

SECURITY: Hackers force water utilities to sink or swim (E&E News) Digital threats could turn off America's water taps. Nearly 70,000 drinking water and wastewater utilities already strapped for cash and expertise are turning their attention to fast-moving online threats.

Systems Used to Track US Debt Vulnerable - Report (GovInfo Security) The computer systems the U.S. Department of the Treasury uses to track the nation's debt have serious security flaws that could allow unauthorized access to a

Hacker Claims to Have Stolen 200 Bitcoins From Dark Net Sites via 'TypoSquatting' (Crowdfund Insider) A hacker has been bragging on the Dark Net that he or she siphoned 200 bitcoins ($760 000 USD) from Dark Net websites by using an impersonation scam known as 'typo-squatting,' cybersecurity firm Digital Shadows reports. On the Dark Net, 'Typo-squatting' involves subtle alphanumeric bait-and-switch

Dark web typosquatting: Scammers v. Tor (Digital Shadows) One day while using our Shadow Search investigation tool, I stumbled upon a network of typosquat domains. We see squats all the time, but what caught my eye was that these weren't for legitimate businesses, they were for criminal dark web sites, specifically on the Tor network.

SQL Injection in Magento Core (Sucuri Blog) We disclose an SQL Injection vulnerability in Magento core which can be exploited without any form of privilege or authentication.

Serious Magento bug will likely be exploited in the wild by card skimmers (Ars Technica) Magento admins: beware of SQL flaw that requires no authentication.

300,000 online retailers at risk from Magento security flaw enabling attackers to take control of ecommerce sites (Computing) Magento rushes out patch for critical vulnerability to protect open source and commercial versions of its ecommerce software

Is your e-commerce site being used to test stolen card data? (Naked Security) If you’re running Magento you should be on the look out for hackers testing stolen card data – it could get your PayPal account suspended.

One third of connected homes in Australia at risk of cyber attack, Avast reveals (PRWire) Printers are the most vulnerable home devices in Australia. 33.4 percent of connected homes in Australia have one or more vulnerable device. 59.7 percent of household routers worldwide are vulnerable

“Twitter 2007 multicolor” hoax – debunk it, don’t spread it! (Naked Security) Hoaxers are saying you can unlock colorful new “features” in Twitter, but you’ll probably lock yourself out instead.

The Haunting of Hacker House (WIRED) How tales of Edward Snowden and Albert Gonzalez possess an old Victorian in the Catskills.

Security Patches, Mitigations, and Software Updates

Windows security: Microsoft Defender AV can now stop malware from disabling it (ZDNet) Microsoft adds new tamper-protection feature that stops malware from switching off key security features.

Boeing announces fixes for 737 Max planes (BBC News) The US planemaker is making cockpit alterations in the plane model involved in two fatal crashes.

Microsoft Tackles IoT Security with New Azure Updates (Dark Reading) The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.

Ghidra update squashes serious bugs in NSA reverse-engineering tool (SearchSecurity) The first Ghidra update since the NSA made the software open source has patched a few serious bugs and proved to the community that the NSA will actively support the tool.

Cisco Small Business RV320 and RV325 Routers Information Disclosure VulnerabilityCisco Security - CiscoTest Application (Cisco Security Advisory) The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.

Cisco botched patches for its RV320/RV325 routers (Help Net Security) Cisco RV320 and RV325 WAN VPN routers are still vulnerable to attack through two flaws that Cisco had supposedly patched.

Cyber Trends

Venafi Survey: The Negative Impact of Government Mandated Encryption Backdoors (Venafi) According to Venafi Survey, Countries with Government-Mandated Encryption Backdoors More Susceptible to Nation-State Attacks.

Crowdsourced Security Poised for Breakthrough in 2019 (PR Newswire) Bugcrowd, the #1 crowdsourced security company, today released Security Leadership Study - Trends in Application...

nCipher: New Digital Initiatives, IoT and Cloud Adoption Driving the Use of Trusted Cryptography Revealed by 2019 Global Encryption Trends Study (Financial Post) nCipher Security, the provider of trust, integrity and control for business critical information and applications, announces that as organizations em…

American Consumers Distrust Social Media Privacy Capabilities (eWEEK) eWEEK DATA POINTS: According to the latest Norton LifeLock Cyber Safety Insights Report, Americans are worried about privacy but are still willing to accept certain risks.

Cyber attacks on non-standard ports tripled in 2018 (TechHQ) As more and more devices become networked— no longer just our desktops, laptop, and mobile phones— cybercriminals are quickly exploiting a wealth of new

Vulnerability management woes continue, but there is hope (CSO Online) Prioritizing fixes, workflows, and timely patching are just some of the challenges organizations face, but advanced data analytics may help with vulnerability management.

Enterprise Data Encryption Hits All-time High (Dark Reading) A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.

CyberGRX Study Finds Current Third-Party Cyber Risk Management Practices and Technologies Fall Short Despite Significant Investment (BusinessWire) CyberGRX today announced the results of their inaugural Cost of Third-Party Cybersecurity; Risk Management study executed by Ponemon Institute.

Report: Visibility problems may result in undetected security threat (Back End News) “The State of Cloud Monitoring Report” sponsored by Ixia, a Keysight Business, highlights the security and monitoring challenges faced by enterprise IT (information technology) staff in…

Security industry 'Spakfilla' doesn’t really work, says Nine Publishing CTO (iTnews) As Telstra weighs in with message to focus on the core.

Marketplace

You Need To Know How Cybersecurity Affects Mergers and Acquisitions (Security Boulevard) Time to Learn More Anytime you plan to get involved with something, whether it be a person, place, or thing, you need information —sometimes a lot of information. In the world of M&A, this process involves taking reasonable steps to learn as much as possible about another company’s strengths and assets, as well as their weaknesses and liabilities. For a time, those liabilities often came in the form of financial debt, messy legal obligations, or poor revenue — but these days, this accountability analysis also includes all data related to a company’s cybersecurity posture.

Crypto’s Merger Problem and What Can Be Done When M&As Go Wrong (Cointelegraph) Mergers are becoming more common in crypto, but what happens when things go wrong?

Huawei's half-arsed router patching left kit open to botnets: Chinese giant was warned years ago – then bungled it (Register) ISP alerted biz to UPnP flaw in 2013. Years later, same flaw kept cropping up

Huawei defends security record as annual sales top $100B (Washington Post) Huawei says its sales topped $100 billion last year despite U.S. pressure on allies to shun the Chinese tech giant as a security threat

Huawei's reputation receives another damaging blow from UK security report (TechSpot) An investigation into Huawei's security on networking products performed by UK officials with ties to GCHQ has revealed a bevy of problems. Known issues have not been fixed, leaving opportunity for third-party surveillance to occur on critical infrastructure.

Huawei under pressure to urgently fix 'significant issues' that threaten UK national security (The Telegraph) Huawei is under mounting pressure to accelerate a $2bn overhaul of its technology, after British security officials issued a withering assessment of the cyber-security risks posed by the Chinese telecom giant.

Apple is making itself the anti-Facebook (CRN Australia) Comment: Your world can be pricey and private, or free with endless apologies.

Darktrace founders on data security – Director magazine (Director Magazine) Darktrace uses advanced AI to shield a wide range of clients from online attack. They explain why data security is a board-level concern

Tesserent puts $3.8 million Asta acquisition on hold (CRN Australia) Pushed back by other potential acquisitions.

Palo Alto Networks Completes Acquisition of Demisto (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today announced it has completed its...

Success of Thales Offer for Gemalto Shares (AP NEWS) Reference is made to the joint press release by Thales (Euronext Paris: HO) and Gemalto (Euronext Amsterdam and Paris: GTO) dated 27 March 2018 in relation to the launch of the recommended all-cash offer by Thales for all the issued and outstanding shares of Gemalto (the Offer ), the publication of the Offer Document, and the joint press release of Thales and Gemalto dated 14 March 2019 in relation to the Acceptance Closing Time.

PayPal laying off nearly 400 Hunt Valley employees (Maryland Daily Record) PayPal is firing nearly 400 employees at its Hunt Valley offices, according to filings the company has made with the state. PayPal in a statement said it was terminating the jobs as part of a previous agreement with Synchrony, which will now handle servicing and collections for the company.

Akamai to set up 'scrubbing centre' in Melbourne (iTWire) Global cloud security and content delivery network provider Akamai will set up a "scrubbing centre" in Melbourne later this year, to handle the increa...

SailPoint Announces Tracey Newell Has Joined Its Board of Directors (AP NEWS) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity governance, today announced the appointment of Tracey Newell to its Board of Directors and as a member of the Compensation Committee and the Nominating and Corporate Governance Committee, effective March 27, 2019.

Products, Services, and Solutions

Portnox Sphere MSP/MSSP Channel Program Enables Partners to Deliver NAC-as-a-Service (Sys-Con Media) SYS-CON Media, NJ, a leading technology and computing media company on breaking news in the Cloud.

Firefox brings Lockbox password manager to Android’s autofill (Naked Security) All your saved Firefox passwords, now happily inserting themselves into your Android-verse!

New product versions for R&S Web Application Firewall: Business and Enterprise Edition (Rhode & Schwarz) The latest version of the R&S®Web Application Firewall provides even more comprehensive protection against threats for business-critical web applications. With two product versions, Business and Enterprise Edition, different use cases can be addressed.

Dissect Cyber wins major DHS S&T Award for their BEC Work (Security Boulevard) Congratulations to our great friends at Dissect Cyber for receiving the DHS S&T Global Award for their work on BEC scams!

ADVA Plays Key Role in Development of UK’s Quantum-secured Transport Network (NewsWire) FSP 3000 technology enables 120km link with classical and quantum channels on the same fiber

Technologies, Techniques, and Standards

Task Force Update: From First to Second… (Ukrainian Election Task Force) In the homestretch of Ukraine’s presidential race, we should know in just a few days which two candidates will face off in the second round on April 21. That assumes, of course, that no candidate gets a majority of the vote in the first round on March 31, that there will be no problems in the vote tabulation, that the candidates who fail to advance to the second round accept the results of the first, and that there will be no hacking of the Central Election Commission, as happened in 2014, and so on.

Estonia is winning the cyber war against election meddling (Quartz) Other countries should take note.

Finland Is Using Inmates to Help a Start-Up Train Its A.I. Algorithms (Fortune) The inmates are answering questions that help classify data.

Prisoners to train artificial intelligence as part of developing work activities (Criminal Sanctions Agency) Training artificial intelligence is the most recent form of prison work. The Criminal Sanctions Agency and Vainu company have signed a cooperation agreement according to which Vainu will purchase prison work for training artificial intelligence.

Machines Shouldn’t Have to Spy On Us to Learn (WIRED) We need a breakthrough that allows us to reap the benefits of AI without savaging data privacy.

Father of Cryptography: I believe in writing passwords down on paper (ECNS) Whitfield Diffie, know as 'Father of Cryptography', said he believes in writing passwords down on paper so nobody could figure them out.

Threat Hunting 101: Not Mission Impossible for the Resource-Challenged (Dark Reading) How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.

Design and Innovation

Facebook tightens up rules for political advertisers (the Guardian) Verifiable contact details will be required to run campaigns on site ahead of EU elections

Facebook’s handling of Alex Jones is a microcosm of its content policy problem (TechCrunch) A revealing cluster of emails reviewed by Business Insider and Channel 4 News offers a glimpse at the fairly chaotic process of how Facebook decides what content crosses the line. In this instance, a group of executives at Facebook went hands-on in determining if an Instagram post by the conspiracy…

Will Facebook’s New Ban on White Nationalist Content Work? (WIRED) Depends on Facebook.

Google pulls controversial anti-gay religious app from the Play Store (TechCrunch) The same day the Human Rights Campaign downranked the company in its index of the best LGBTQ-friendly employers, Google decided to yank a controversial app accused of promoting conversion therapy from the Play Store. On that list, known as the Corporate Equality Index, the HRC, a prominent LGBTQ ri…

Research and Development

Analysis | The Cybersecurity 202: Trump wants a ‘cybersecurity moonshot’ but cuts research (Washington Post) Almost every cybersecurity research budget will face cuts under Trump proposal.

Can "Internet-of-Body" Thwart Cyber Attacks on Implanted Medical Devices? (IEEE Spectrum: Technology, Engineering, and Science News) Medtronic discloses medical device vulnerabilities, while Purdue University scientists propose countermeasure to block attacks

Legislation, Policy, and Regulation

Why Russia Might Shut Off the Internet (Foreign Affairs) The new legislation is the latest in a long campaign.

Is the Russian Internet a Lost Cause? (Slate Magazine) What happens in Russia could hasten the fragmentation of the global internet.

NATO at 70: Lessons From The Cold War (Atlantic Council) On April 4, NATO will mark the 70 th anniversary of the signing of the Washington Treaty, which laid the foundation for arguably the most successful alliance the world has ever seen. Yet despite all of its successes, many forget that NATO never had...

Pompeo wants NATO to take ‘actions’ to help Ukraine (Stars and Stripes) The U.S. and its allies in Europe could agree at an upcoming NATO meeting to provide more support to Ukraine in its efforts to resist Russian aggression in the region, America’s top diplomat said Wednesday.

The Army wants to know how to deploy cyber teams during peacetime (Fifth Domain) The Army wants to use cyber and information capabilities to compete with adversaries below the threshold of conflict.

Asia Times | Huawei phones a ‘threat to national security’ (Asia Times) Taiwanese cybersecurity expert claims to have found mystery firmware in Huawei smartphones

Director-General ASD speech to the Lowy Institute, March 2019: ASD Australian Signals Directorate (Australian Signals Directorate) Director-General ASD speech to the Lowy Institute, Offensive cyber and the people who do it

Committee pushes 'cyber taskforce' for security of Australia's election system (ZDNet) The taskforce is expected to combat election 'cyber-manipulation' and keep social media sites in-check during election campaigns.

Chief of Ottawa’s new cybersecurity agency makes pitch to hackers’ favourite targets — banks (Financial Post) Head of Canadian Centre for Cyber Security asking lenders to work with the organization to make the country an unappealing target for digital attackers

Feds Seek To Up Their Cybersecurity Game (Forbes) The U.S. government doesn't have.a great track record when it comes to cybersecurity. But several pending initiatives are aimed at improving it, for both the public and private sector.

New Bill to Protect U.S. Senate Personal Devices, Accounts from Hackers (BleepingComputer) U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.

Lawmakers Call for Termination of NSA Domestic Surveillance Program (Wall Street Journal) A bipartisan group of lawmakers introduced legislation to end the National Security Agency’s practice of collecting records of Americans’ phone calls and text messages.

MI5 and the Met sharpen fight on terror (Times) Britain is one of the safest and most prosperous countries in the world. Nonetheless, the complex challenges we and other countries face from terrorism and malign acts by foreign states are all too...

Litigation, Investigation, and Law Enforcement

Harold Martin pleads guilty to vast classified data leak, faces up to 9 years in prison - CyberScoop (CyberScoop) Harold Martin, who worked as an intelligence contractor for multiple firms for over two decades, allegedly stole some 50 terabytes of data from the NSA.

N.S.A. Contractor Arrested in Biggest Breach of U.S. Secrets Pleads Guilty (New York Times) The contractor, Harold Martin, was arrested in 2016, but investigators never found evidence that he had shared stolen classified information with anyone.

Attorney general expected to miss deadline for giving Mueller report to Congress, will not commit to releasing it in full (Washington Post) William P. Barr tells House Judiciary Committee chairman it will be ‘weeks, not months’ before lawmakers can have a redacted copy.

‘COLLUSION DELUSION IS OVER’: Triumphant Trump Takes Victory Lap In Michigan (Daily Caller) President Donald Trump trumpeted special counsel Robert Mueller's finding of "no collusion" between his 2016 campaign and the Russian government.

Broadband providers told to explain how they handle consumer data (Naked Security) The FTC launched a broad inquiry to find out what data they collect, why, who they share it with, and how consumers can change or delete it.

Office Depot rigged PC malware scans to sell unneeded $300 tech support (Ars Technica) Office Depot and its software supplier have to pay $35 million toward refunds.

Office Depot computer scans gave fake results (Federal Trade Commission) Many of us would gladly take advantage of a free computer tune-up from a big-name retailer.

Security researcher pleads guilty to hacking into Microsoft and Nintendo (The Verge) He hacked Microsoft, was arrested, then hacked Nintendo while out on bail.

ICO Fines Pensions Firm for Sending Millions of Spam Emails (Infosecurity Magazine) Kent-based Grove Pensions Solutions received inaccurate legal advice

FCC “fined” robocallers $208 million since 2015 but collected only $6,790 (Ars Technica) Both FCC and FTC fail to collect vast majority of robocall fines, WSJ reports.

Suspected hacker charged over cyber attack on Cheshire Police website (Chester and District Standard) A suspected hacker has been charged after a cyber attack on Cheshire Police’s website.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Infiltrate 2019 (Miami Beach, Florida, USA, May 2 - 3, 2019) INFILTRATE is a deeply technical conference that focuses entirely on offensive security issues. Groundbreaking researchers demonstrate techniques that you cannot find elsewhere. Learn computer and network...

Upcoming Events

Symposium on Securing the IoT (San Francisco, California, USA, March 27 - 29, 2019) Want to share your passion and knowledge for Securing the 25 Billion devices connected to the Internet? Topics currently being selected for tracks include: Authenticating Blockchain, Secure Medical & Healthcare,...

Women in CyberSecurity (WiCyS) Conference (Pittsburgh, Pennsylvania, USA, March 28 - 30, 2019) The WiCyS Conference brings together women in cybersecurity from academia, research, government, and industry to share knowledge, experience, networking, and mentoring. The event's goal is to broaden participation...

Mid-Atlantic Collegiate Cyber Defense Competition (Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...

Suits and Spooks AI Summit (Washington, DC, USA, March 29, 2019) The Suits and Spooks AI Summit will examine how Artificial Intelligence is changing the tactics of offense and defense conducted by companies and nation states in networks as well as on the battlefield.

InfoSec World 2019 (Lake Buena Vista, Florida, USA, April 1 - 3, 2019) Cybersecurity has come a long way in 25 years, and InfoSec World has been there through it all. That's right, InfoSec World 2019 Conference & Expo is returning to Disney's Contemporary Resort on April...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.