skip navigation

More signal. Less noise.

Get a Backstage Pass to LookingGlass’ Digital Business Risk Roadshow

When it comes to digital business risk, you don’t want a general admission perspective. Get a backstage pass for the LookingGlass Digital Business Risk Roadshow to learn the industry-latest on effective third party risk management, taking a proactive security approach, and get a cybercriminal mastermind's insights on manipulating your organization’s cyber strengths and weaknesses. Come see us in a city near you. The next stop is Houston, TX!

Daily briefing.

FireEye has identified extensive coordinated information operations in support of Iranian interests during US midterm elections. Inauthentic accounts tended to express opposition to President Trump, but their ideological slant, in American terms, was opportunistic. Some of the lines pushed represented themselves as progressive, others as conservative, but their common goal was to advance Iranian policy. Both Twitter and Facebook, tipped off by FireEye, have removed the accounts in question.

Politico observes that the Iranian activity indicates that other governments are cribbing from Russia’s information ops playbook. Exposing that playbook can be dangerous, as the Times explains in a profile of troll-hunting Finnish journalist Jessikka Aro, who’s drawn death-threats for her work.

Errata Security thinks that roughly a million machines are susceptible to exploitation of the BlueKeep Remote Desktop Protocol vulnerability. Trend Micro has looked at the risk BlueKeep poses and concludes that, while it may seem easy to trigger, actually achieving code execution on a target would be “incredibly challenging.” A more realistic danger, they think, is inducing DHCP (Dynamic Host Configuration Protocol) server service crashes, a denial-of-service condition that could enable attacks via a rogue DHCP server.

Forbes reports that other Saudi dissidents were affected with Pegasus spyware before the apparently Pegasus-connected, perhaps enabled, murder of Jamal Khashoggi.

An essay in the National Interest argues that Abu Bakr Al-Baghdadi is reorganizing ISIS to survive as a virtual community, with local “franchises” operating on the ground.

Huawei alleges that US sanctions amount to an unconstitutional bill of attainder, Computing reports.

Notes.

Today's issue includes events affecting Austalia, Canada, China, European Union, Iran, Ireland, Israel, NATO/OTAN, New Zealand, Russia, Saudi Arabia, United Kingdom, United States, and Vietnam.

Bring your own context.

When threat phenomenology becomes threat metaphysics.

"I think we make one big ontological reorganization, or - I won't say discovery, but we essentially decided that what GOSSIPGIRL would mean to us was what we would begin to call a 'Supra Threat Actor.' Not to get too in the weeds of threat intelligence methodology and things that people might find to be too inside baseball, [but] essentially, in threat intelligence we tend to focus on threat actors - the idea that there is a cluster of activity that we can associate with a single entity, whether that's a criminal organization, or maybe an intelligence institution, or a group of mercenaries. Just a single organization. There's a deficiency there as we start to do more complex research, which is, what happens when we start to find different threat actors playing together? What happens when you see several independent threat actors with their own storied past, and their own malware platforms, and their own TTPs, their own ways of acting, clearly coming together for a common goal? We're not talking about somebody stealing somebody else's source code, or reusing open-source tools, or things like that that might get folks confused. We're talking about very complex platforms obviously being leveraged to play along."

—Juan Andres Guerrero-Saade, of Chronicle, discussing his team's work on the CyberWire's Research Saturday, 5.25.19.

Because the name of the threat can be "Legion," and because what they do is arguably more interesting than who they are.

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, we speak with our partners at the University of Maryland's Center for Health and Homeland Security, as Ben Yelin reacts to allegations that NSA may have some culpability in the Baltimore ransomware incident. Our guests are Julie Bernard from Deloitte and John Carlson from the FS-ISAC on the recent report, “Pursuing cybersecurity maturity at financial institutions.”

National Cyber Summit Job Fair, June 5, Huntsville. (Huntsville, Alabama, United States, June 5, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free National Cyber Summit Job Fair, June 5 in Huntsville. Meet face-to-face with 22 leading cyber employers. Visit our site for more details.

Cyber Howard Conference (Columbia, Maryland, United States, June 19, 2019) Join us for our 10th annual cyber conference in Howard County. We will tackle the topic of Cyber Sensemaking which is a fluid and continuous approach for establishing better defenses and best practices as a cyber community.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, Maryland, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Attacks, Threats, and Vulnerabilities

Not RIP: How ISIS Is Going Virtual (The National Interest) Baghdadi has plans to ensure relevancy and reform in the face of territorial loss.

Exclusive: Saudi Dissidents Hit With Stealth iPhone Spyware Before Khashoggi's Murder (Forbes) At least four Saudis have now been targeted with hyper-sophisticated iPhone spyware from an Israeli firm, after Forbes finds a Saudi satirist in London who's been hit.

Iran-linked campaign impersonated GOP midterm candidates online (POLITICO) Other governments are taking a page from the Russian playbook.

Network of Social Media Accounts Impersonates U.S. Political Candidates,Leverages U.S. and Israeli Media in Support of Iranian Interests (FireEye) A network of social media accounts engaging in inauthentic behavior that may support Iranian political interests.

Removing More Coordinated Inauthentic Behavior From Iran (Facebook Newsroom) We removed accounts, Pages and Groups originating in Iran for misrepresenting themselves on Facebook and Instagram.

Yoel Roth on Twitter (Twitter) “Earlier this month, we removed more than 2,800 inauthentic accounts originating in Iran. These are the accounts that FireEye, a private security firm, reported on today. We were not provided with this report or its findings.”

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts (WIRED) Outside researchers tipped Facebook off that a social media network was pushing Iranian interests, posing as journalists, and even impersonating politicians.

Research Shows Twitter Manipulation in Weeks Before EU Elections (SecurityWeek) Researchers with the Sherpa project analyzed the use of social media as a recommendation system -- specifically Twitter -- ahead of the European elections in May 2019.

Jessikka Aro, the journalist who took on Russian trolls (Times) You might classify a good day at work as your boss not being actively horrible. For Jessikka Aro, a good day at work is one without death threats. Aro is the Finnish journalist who exposed the...

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders (Threatpost) New campaigns also show modified versions of known payloads.

New Zealand Treasury chief says website attacked 2,000 times (Reuters) New Zealand's Treasury chief said on Wednesday that the Treasury website wa...

DuckDuckGo Android Browser Vulnerable to URL Spoofing Attacks (BleepingComputer) The open source DuckDuckGo Privacy Browser for Android version 5.26.0 with more than 5 million installs makes it possible for potential attackers to launch URL spoofing attacks targeting the app's users by exploiting an address bar spoofing vulnerability.

One Million Devices Vulnerable to BlueKeep as Hackers Scan for Targets (SecurityWeek) Nearly one million devices are vulnerable to attacks involving the Windows RDS vulnerability dubbed BlueKeep and it appears that hackers have already started scanning the web in search of potential targets.

Almost one million Windows systems vulnerable to BlueKeep (CVE-2019-0708) (ZDNet) New research puts an initial estimation of 7.6 million vulnerable systems into more context.

One million Windows systems still vulnerable to 'wormable' BlueKeep RDP security flaw (Computing) Microsoft deemed BlueKeep RDP flaw so serious it even supplied a patch for Windows XP.

CVE-2019-0725: An Analysis of Its Exploitability (TrendLabs Security Intelligence Blog) We analyze the exploitability of CVE-2019-0725, a remote code execution (RCE) vulnerability in Windows Dynamic Host Configuration Protocol (DHCP) Server.

New APT10 Activity Detected in Southeast Asia (SecurityWeek) Researchers have detected what they believe to be new activity from Chinese cyber espionage group, APT10. The activity surfaced in the Philippines and shares similar tactics, techniques, and procedures (TTPs) and code associated with APT10.

Emerson Ovation OCR400 Controller (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: EmersonEquipment: Ovation OCR400 ControllerVulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow2. RISK EVALUATIONSuccessful exploitation of these vulnerabilities may allow privilege escalation or remote code execution, or it may halt the controller.

Flipboard Breached in Nine-Month Raid (Infosecurity Magazine) Hacker accessed user databases, although passwords were encrypted

Google-protected mobile browsers were open to phishing for over a year (Naked Security) Researchers revealed a massive hole in Google Safe Browsing’s mobile browser protection that existed for over a year.

City of Laredo still recovering from cyber-attack (KGNS) The City of Laredo continues to work to connect its departments after a cyber-attack last week left them in the dark.

Baltimore says it will not pay ransom after cyberattack (Phys.org) The US city of Baltimore, a victim this month of a cyberattack that paralyzed part of its computer network, will not pay a ransom to undo the damage, Mayor Bernard Young said Tuesday.

Baltimore's Suffering, The National Security Agency's Role And The Cost To Your Career (Forbes) The hijacking of Baltimore and other cities represents a direct threat to your career. Here's what you can do about that.

Opinion | The Baltimore ransomware attack could be coming to your city — or hospital (Washington Post) These attacks tend to select victims that have weak cybersecurity practices and the means to pay substantial ransoms.

Eternally Blue: Baltimore City leaders blame NSA for ransomware attack (Ars Technica) Mayor and council president ask for federal disaster dollars to clean up IT toxic waste.

Feds owe Baltimore more than an explanation if NSA weapons were trained on the city's computers (Baltimore Sun) The federal government should help cover the costs incurred by Baltimore and other cities if NSA-developed hacking tools were used in ransomware attacks.

Stolen NSA Tool Wreaks Cyber Havoc on US Cities (Ride The Lightning) As the New York Times reported on May 25th, for nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts...

Interns and Social Media: A Goldmine for Hackers (Security Intelligence) A social media post from one of a company's interns was all this people hacker needed to enter a secure area with a counterfeit employee badge. Learn tips for welcoming new employees securely.

Perspective | It’s the middle of the night. Do you know who your iPhone is talking to? (Washington Post) We ran a privacy experiment to see how many hidden trackers are running from the apps on our iPhone. The tally is astounding.

Privilege Escalation Flaw Present In Slick Popup Plugin (Wordfence) In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, we ...Read More

Hackers breach US license plate scanning company (Naked Security) One of the US’s most widely used vehicle license plate reader (LPR) companies, Perceptics, is reportedly investigating a data breach.

Security Patches, Mitigations, and Software Updates

Windows 10 May 2019 update breaks Sandbox security feature for some Insiders (Computing) Windows Sandbox is intended to help Windows 10 Pro and Enterprise users test untrusted code and websites in a secure environment.

Amazon adds ‘Alexa, delete what I said today’ command – TechCrunch (TechCrunch) Buried in the this morning’s Echo Show 5 announcement are a couple of new security features worth highlighting. In addition to the inclusion of a built-in camera shutter on the new smart display are a pair of Echo commands that let users delete voice recordings with an Alexa command. “A…

Cyber Trends

Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns (Proofpoint) Proofpoint researchers describe the threat landscape in the first quarter of 2019.

The Changing Face of Cybersecurity: Protecting Consumers and SMEs (Infosecurity Magazine) Small businesses leak information that criminals can freely obtain and abuse

Most global workers noticed stricter policies at work as a result of GDPR (Help Net Security) When enforcement of the GDPR went into effect on May 25, 2018, it had worldwide implications on data protection and privacy legislation. One year later,

How many adults trust companies with their personal data? (Help Net Security) More than one third (36%) of adults aged 16–75 trust companies and organizations with their personal data more since GDPR came into effect one year ago.

Marketplace

Analysis | The Cybersecurity 202: China’s big weapon in the Huawei fight: Money (Washington Post) U.S. allies may prioritize below-market rates over concerns about spying.

FireEye snags security effectiveness testing startup Verodin for $250M (TechCrunch) When FireEye reported its earnings last month, the outlook was a little light, so the security vendor decided to be proactive and make a big purchase. Today, the company announced it has acquired Verodin for $250 million. The deal closed today. The startup had raised over $33 million since it opene…

Palo Alto Networks to Acquire Cloud Security Company Twistlock (CTECH) Twistlock develops cybersecurity software for serverless, cloud, and container-based applications

Data Security Company AlgoSec to Lay Off Dozens of Employees (CTECH) AlgoSec develops data security management software used for enterprises and lists Microsoft, General Motors, Unilever, British Petroleum, and Sony as clients

Perspecta Awarded Funds for Background Check System (SIGNAL Magazine) Artificial intelligence and machine learning will aid efficiency.

Terbium Labs Named to Inc. Magazine's Best Workplaces 2019 (PRWeb) Terbium Labs has been named one of Inc. magazine’s Best Workplaces for 2019. The fourth annual ranking is a comprehensive measurement of private American compa

Cyber:Secured Forum 2019 to Feature Keynote Presentation From the NSA’s David Hogue (Cyber:Secured Forum) Hogue will address fostering innovation and public-private partnerships in cyber defense at this cybersecurity educational summit July 29-31 in Dallas.

Wells Fargo Names Industry Leaders to Technology Organization | Wells Fargo Online Newsroom (Wells Fargo) Today, Wells Fargo & Company (NYSE: WFC) named Gary Owen as chief information security officer and head of Information Security, and Steve Hagerman as head of Consumer Lending Technology. Both will join the company’s Technology organization reporting directly to Saul Van Beurden, head of Technology.

Products, Services, and Solutions

Tripwire Joins Amazon Web Services Partner Network Enabling Cloud-Delivered Cybersecurity Solutions (Tripwire) Vulnerability management solution Tripwire IP360 released on AWS Marketplace

Squirrel Compliancy Solutions Awarded Contract to Provide CCRI Support by the US Army's Military Entrance Process Command (MEPCOM) (Markets Insider) Squirrel Compliancy Solutions, a provider of network infrastructure security management, is announcing the Unite...

Radiflow iSID Industrial Cybersecurity App Now Available on Cortex by Palo Alto Networks (Yahoo) Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today announced the availability of its iSID Industrial ...

ImmuniWeb launches free website security and GDPR compliance test (Immuniweb) The non-intrusive online test quickly verifies relevant GDPR and PCI DSS requirements, checks CMS security and runs a privacy check.

HP Collaborates with Deep Instinct to Roll Out AI-Powered Malware Protection for Next Generation HP EliteBook and ZBook PCs (BusinessWire) To provide customers with the best in next-generation cybersecurity protection, HP is working with Deep Instinct, the first company to apply an end-to

GitHub introduces Dependabot-powered automated security fixes (Help Net Security) GitHub has announced new and improved security tools for open source developers, including automated security fixes powered by Dependabot.

LIFARS, eSentire Deliver Incident Response-as-a-Service (MSSP Alert) LIFARS & eSentire introduce Incident Response as a Service. Together, the two companies offer managed security (MSSP), managed detection & response (MDR) & digital forensics services.

Polymath and CrowdEngine Team Up to Offer Complete Token Issuance Solution (PR Newswire) Polymath, the leading security token platform, has teamed up with CrowdEngine, a white-label issuance platform, to ...

PageFreezer Achieves ISO 27001 Certification (Yahoo) PageFreezer, a leading web and social media compliance archiving and data loss prevention provider, announces companywide ISO 27001 certification of in-house processes. PageFreezer Software is today announcing that it has earned ISO 27001 certification

Security Current Releases CISO-Authored Research Report on Vulnerability Management (PR Newswire) Security Current today announced the release of its CISO-authored report, CISOs Investigate: Vulnerability Management....

VinaPhone Selects KoolSpan to Power ProCall Secure Communications Solution (AP NEWS) VinaPhone ( http://vinaphone.com.vn ), the leading provider of advanced telecommunications technologies and services to government, enterprise, small & medium-sized business, and consumers in Vietnam announces its partnership with KoolSpan to power VinaPhone ProCallTM, the secure mobile communications solution for Vietnam.

OPAQ and Equinix to Present Session on Protecting Modern Networks with Next Generation Firewall-as-a-Service at Palo Alto Ignite ‘19 (BusinessWire) Session will explore how digital/cloud transformation introduces a security gap that is not addressed by on-premise firewalls and what can be done.

28 DevSecOps tools for baking security into the development process (CSO Online) Catch and remediate application vulnerabilities earlier and help integrate security in the the development process with these five categories of DevSecOps tools.

Technologies, Techniques, and Standards

Russia's Would-Be Windows Replacement Gets a Security Upgrade (Defense One) For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country's growing IT independence.

()

6 Common Flaws that Can Emerge in a Network Security Strategy Over Time (Bricata) As networks grow and evolve the change introduces new security flaws in the defenses. Here are six of the common flaws we see in our day-to-day work.

How to diminish the great threat of legacy apps (Help Net Security) Mitigating the risk that legacy apps represent requires planning. The following are a few best practices for ensuring a sound application security posture.

Volume and quality of training data are the largest barriers to applying machine learning (Help Net Security) Nearly eight out of 10 enterprise organizations currently engaged in AI and machine learning (ML) report that projects have stalled.

Handle personal data: What we forget is as important as what we remember (Help Net Security) Knowing the location of all personal data is also necessary to comply with a right to erasure request, but that's not all.

Don’t Mistake Compliance for Security (WhiteHat Security) Is your organization compliant with the security standards and regulations implemented by your industry, state, or country that are applicable to your organization? If you answered yes, congratulations. Now, a follow-up question. Is your organization actually secure? These are two distinct considerations.

Disrupting an Attacker from Exploiting Domain Credentials (Preempt) Disrupting an Attacker from Exploiting Domain Credentials - let’s review some zero-day attack patterns and discuss how to disrupt an attacker’s plan.

Act before a cyber-attack happens to you (Accounting Today) Don't wait for a breach to shore up your defenses -- and to help your clients protect themselves.

Big Ocean Cargo Carriers Join Blockchain Initiative (Wall Street Journal) Two major European ship operators have joined a blockchain platform, in a significant boost for the adoption of the technology across the logistics industry.

Embracing Your Legacy: Protecting Legacy Systems in a Modern World (Infosecurity Magazine) Legacy infrastructure is still a crucial part of enterprises across many industries

What I Learned Trying To Secure Congressional Campaigns (Idle Words) You know how it happens. You try to secure one Congressional campaign, and then another, and pretty soon you can't stop. You'll fly across the country just to brief a Green Party candidate in a district the Republicans carried by 60 points. You want more, more, always looking for that next fix.

()

Design and Innovation

We Need to Build Up ‘Digital Trust’ in Tech (WIRED) Opinion: Framing our concerns with tech as issues of privacy or responsibility focuses narrowly on symptoms, not on the systemic issue—we need digital trust.

Research and Development

This AI Uses Echolocation to Identify What You're Doing (WIRED) A research team built a device that can emit an ultrasonic pitch and pick up its echoes to tell if a person is sitting, standing, or walking.

To Fight Deepfakes, Researchers Built a Smarter Camera (WIRED) One way to tell if an image has been faked? Bake the tamper-proofing into the camera itself.

Academia

WNC Recognized in Top Tier in Governors’ Cybersecurity Talent Discovery Program - Western Nevada College (Western Nevada College) WNC ranked No. 4 in Nevada and No. 135 out of 5,200 colleges across the nation in the number of students discovering their aptitude for cybersecurity careers. 

Sheridan College Student Selected For Prestigious Cybersecurity Internship (Wyoming Public Media) A student from Sheridan College was one of ten students from across the country chosen for a highly competitive cyber-security internship this summer.

Legislation, Policy, and Regulation

US Sanctions on Huawei May Fuel China's Plan for Its Own Tech (WIRED) China's government has to plan to wean itself from reliance on Western technology. Blacklisting Huawei will only accentuate that impulse.

U.S. pushes hard for a ban on Huawei in Europe, but the firm’s 5G prices are nearly irresistible (Washington Post) The company can afford to provide such steep discounts in part because it has a silent partner: the Chinese government. And European officials, uncertain of Washington’s true intent, fear that recent security moves might be used as leverage in trade talks with Beijing.

Iranian guard talks tough, says it has no fear of US (Military Times) “The enemy is not more powerful than before,” said the Guard spokesman, Gen. Ramazan Sharif.

NATO to integrate offensive cyber capabilities of individual members (Fifth Domain) The head of the alliance has said NATO members must be willing to use cyber capabilities.

Cyber Command’s Strategy Risks Friction With Allies (Lawfare) The U.S. may have to operate in allied networks to adequately check its adversaries. Allies may not be so keen.

DHS assessment of foreign VPN apps finds security risk real, data lacking (CyberScoop) The risk posed by foreign-made VP applications must be accounted for, according to senior DHS official Christopher Krebs.

Former Unit 8200 Directors Among Tech Leaders Protesting Planned Legislation in Israel (CTECH - www.calcalistech.com) Pinhas Buchris and Ehud Schneorson, both former directors of Unit 8200, the Israeli military's equivalent of the NSA, are among the key figures signed on a letter of protest sent to Israeli lawmakers

DOJ Outlines Strategic IT Plan, Focuses on Innovation and Security (FedTech) The Justice Department plans to make cloud migration and efficient technology investment key elements of its agenda.

US Senate passes anti-robocalling bill (Naked Security) The TRACED Act was a slam dunk in the Senate, where it passed with an overwhelming 97-1 vote.

The Air Force names a new boss for ‘cyber effects’ (Fifth Domain) The Air Force's recently created deputy chief of staff for intelligence, surveillance, reconnaissance and cyber effects operations is getting a new leader.

Litigation, Investigation, and Law Enforcement

Huawei asks courts to overturn US ban claiming it is unconstitutional (Computing) Section 889 of the National Defense Authorization Act 2019 declares Huawei guilty without trial, the company claims.

Huawei Revs Up Its U.S. Lawsuit, With the Media in Mind (New York Times) The Chinese telecommunications giant has filed for summary judgment against the White House as it challenges limits against it via the courts and public opinion.

Redditor can stay anonymous, court rules (Naked Security) The Watch Tower sought to unmask a Jehovah’s Witness who posted its content to show what data the organization collects and processes.

Motion filed to dismiss lead prosecutor and possibly judge in SEAL war crime trial (Navy Times) “If the Military Judge authorized an investigation with such little knowledge, that is, at the very least, quite unnerving,” the motion reads.

She's serving 5 years in jail for leaking one document. Her mother says she's being silenced (CNN) The mother of the first whistle-blower arrested in the Trump era says her daughter is being held under an unjust media blackout to stop the American public learning who she really is.

Ireland Gets About Double the Average Breach Reports Under GDPR (BleepingComputer) The Irish data .watchdog says that it received almost double the number of valid data security breach notifications when compared to the European Union average, with 5,818 reports being filed in Ireland since May 25, 2018, while other EU member states received around 3,188 notifications during the last year.

How Barr's investigation will alienate our allies and harm national security (Washington Monthly) It is one more way that Trump is doing Putin's bidding.

CrowdStrike settles lawsuit as it preps for IPO (PitchBook) After two years, software developer CrowdStrike has settled a lawsuit with NSS Labs related to product testing. The settlement comes not long after the cybersecurity unicorn filed to go public.

Social Media Monitoring (Brennan Center for Justice) How the Department of Homeland Security Uses Digital Data in the Name of National Security

Cryptopia Fights to Keep Data Held by Arizona Firm (Infosecurity Magazine) The exchange, which was hacked and went into liquidation in May, has filed for U.S. bankruptcy protection.

Password Spraying Fells Citrix. Are We Next? (Infosecurity Magazine) The Citrix breach could turn out to be one of the most important in recent years

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Banking Cyber Security Forum London (London, England, United Kingdom, June 18, 2019) The Banking Cyber Security Forum is an exclusive, top flight event exclusively for senior banking executives, set to address each of these challenges and opportunities and encourages peer-to-peer conversation...

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry...

Louisville Cybersecurity Conference (Louisville, Kentucky, USA, May 30, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

National Cyber Summit (Huntsville, Alabama, USA, June 4 - 6, 2019) National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising...

Infosecurity Europe (London, England, USA, June 4 - 6, 2019) Europe’s Leading Event for Information and Cyber Security Bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals. Join in to find ‘everyone...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.