skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

Google's Project Zero has determined that at least eighteen widely used Android devices are vulnerable to exploitation of a use-after-free condition, and that this vulnerability is being exploited in the wild. Ars Technica cites Google as pointing to either Herzliya-based NSO Group or some of its customers as the actors behind the attacks. The October Android update is expected to address the issue.

Check Point has linked a domestic surveillance effort to Egyptian intelligence services. The campaign used spyware embedded in security apps made available in Google's Play Store. Victims were targeted through 0Auth phishing.

Palo Alto Networks has published an "Adversary Playbook" for PKPLUG, a recently identified Chinese state espionage actor that's concerned itself with domestic surveillance of Uyghurs and international espionage directed against countries opposed to Belt and Road. The group is behind the HenBox Android malware distributed through third-party app stores.

Cabinet members in the US, the UK, and Australia will jointly ask Facebook to hold off on plans to implement end-to-end encryption. Buzzfeed yesterday obtained a copy of a letter US Attorney General Barr, UK Home Secretary Patel, Australian Home Affairs Minister Dutton, and acting US Homeland Security Secretary McAleenan intend to publish today. The open letter, which ZDNet says will be issued in conjunction with announcement of a new data-sharing agreement among the three countries, specifically asks that the social network not make it impossible for authorities to legally access content relating to child sexual exploitation and abuse, terrorism, and foreign interference in democratic institutions.

Notes.

Today's issue includes events affecting Australia, China, Egypt, European Union, Israel, Russia, Saudi Arabia, United Arab Emirates, United Kingdom, United States, and Uzbekistan.

Bring your own context.

A discussion of legal discovery. What is it?

"It's about the discovery of the responsive information relevant to that incident. Now, sometimes, discovery can also involve third parties, so a lot of vendors that collect logs or have cloud-based services or whatever will get third-party subpoenas in connection with discovery involving another case. Like, for example, they may want the endpoint log files that are hosted by a third party. The part involved in a data breach - one of the lawyers will - may have to subpoena that company, and there'll be discovery. So it's the process of getting information as it's connected to a dispute. Now, there's also discovery in arbitration. There's also discovery in government investigations, and certainly in criminal cases as well. Those tend to be a little more draconian and arcane sometimes, or one-way, or, you know, better or worse, depending on the regulator.

—Daniel Garrie, co-founder of Law & Forensics, a global legal engineering firm, and editor-in-chief of the Journal of Law & Cyber Warfare, on the CyberWire Daily Podcast, 10.2.19.

It can be difficult to know what information is important, to recognize it when you've found it, and to present it to a judge who is, after all, a generalist.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Accenture as Justin Harvey talks to us about threat hunting. Our guest is Paige Schaffer, CEO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit, discussing the University of Texas ITAP report.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

Texas Cyber Summit Job Fair, October 10, San Antonio. (San Antonio, Texas, United States, October 10, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free Texas Cyber Summit Job Fair, October 10 in San Antonio. Meet face-to-face with leading cyber employers. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

Evidence tying Cobalt Group to Magecart Group 4 unveiled (SC Magazine) Security firms Malwarebytes and HYAS string together several pieces of evidence that they believe tie Magecart Group 4 to the Cobalt Group

Lessons from the ANU cyberattack | The Strategist (The Strategist) Australian National University Vice Chancellor Brian Schmidt’s public release of a detailed report on the damaging cyberattack on ANU systems and data marks a refreshing shift in behaviour on cybersecurity for Australian public institutions. The ...

Uzbekistan's SandCat APT exposed itself by testing malware against commercial anti-virus software (Computing) SandCat developed malware on PCs running antivirus software - which transmitted binaries of dodgy files back to Kaspersky researchers

Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV (Ars Technica) SandCat revealed because Uzbek intelligence agency is bad at OPSEC.

How Uzbekistan's security service (allegedly) began developing its own malware (CyberScoop) Uzbekistan's security service appears to be shedding its hacking training wheels and making a lot of noise in the process.

Meet Candiru — The Mysterious Mercenaries Hacking Apple And Microsoft PCs For Profit (Forbes) Candiru, one of Israel's most secretive hacker-for-hire businesses, has done a fine job of staying under the radar for its four years of existence. But now it's being exposed thanks to a sloppy customer, a researcher claims.

Warning over Reductor malware that manipulates browsers' random number generator to hijack HTTPS traffic (Computing) Reductor malware can also replace legitimate installers from third-party websites with infected ones on-the-fly, claims Kaspersky.

'Lost Files' Data Wiper Poses as a Windows Security Scanner (BleepingComputer) A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files. 

Minerva attack can recover private keys from smart cards, cryptographic libraries (ZDNet) Older Athena IDProtect smart cards are impacted, along with the WolfSSL, MatrixSSL, Crypto++, Oracle SunEC, and Libgcrypt crypto libraries.

Egyptian government caught tracking opponents and activists through phone apps (Register) Intelligence services developed system, says security outfit

This new hacking group is using 'island hopping' to target victims (ZDNet) This year's series of cyber attacks against the aerospace and defense industries has been attributed to China's APT10 and JSSD. But it appears that the real culprit is a previously unknown organisation

Cyber-Spy Group Active Since 2013 Now Tied to Chinese State Actor (BleepingComputer) Multiple cyber-espionage campaigns that remained unattributed over the years have now been linked to a single threat actor that researchers named PKPLUG, attacking targets across Asia.

Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools (CSO Online) A previously unknown group or collective associated with China is targeting victims in Asia, possibly for geopolitical gain.

Bank of Ireland warns customers about new phishing text scam (Extra.ie) Bank of Ireland is warning customers to be vigilant after it emerged that a new phishing text scam is doing the rounds.

PDF encryption standard weaknesses uncovered (Naked Security) Researchers have discovered weaknesses in PDF encryption which could be exploited to reveal the plaintext contents of a file to an attacker.

The Internet’s Horrifying Way to Get Google Apps on Huawei Phones (Wired) Just make a Chinese website your device's remote administrator. It'll be fine!

Attackers exploit 0day vulnerability that gives full control of Android phones (Ars Technica) Vulnerable phones include 4 Pixel models, devices from Samsung, Motorola, and others.

Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices (ZDNet) Vulnerability was patched in older Android OS versions, but resurfaced in newer releases.

Four U.S. Food Chains Disclose Payment Card Theft via PoS Malware (BleepingComputer) Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information.

Sberbank Hit by Huge Data Breach (The Moscow Times) Millions of customers’ data found on black market in Russian banking’s largest ever cybersecurity leak.

Zendesk announces data breach impacting years-old accounts (CyberScoop) Up to 10,000 Zendesk support and chat accounts may be impacted by a 2016 data breach, the San Francisco-based company announced Wednesday.

Security Flaw Discovered That Could've Wiped Out $7 Million in Dai Collateral (CryptoGlobe) A security flaw discovered in the upcoming Multi-Collateral Dai system being developed by stablecoin organization MakerDAO could have resulted in the loss of assets that back the digital token.

Ransomware attacks paralyze, and sometimes crush, hospitals (Naked Security) New attacks on the perennially besieged sector have crippled hospitals in the US and Australia and caused one health clinic to shut down.

Hospitals in US, Australia hobbled by ransomware (WeLiveSecurity) Several hospitals in the US and Australia have been struck by ransomware attacks, forcing them to cancel all but the most urgent appointments and surgeries.

3 Ontario hospitals hit with ransomware attack: Could more be at risk? (CBC) Hackers have crippled the computer systems of three Ontario hospitals in recent weeks, prompting concern about the type of malicious software used and whether more facilities may be at risk.

EA website balls-up exposes personal details of FIFA 20 players (Inquirer) Gaming giant EA has suffered a security major balls-up after its website leaked the personal details of gamers signing up for its FIFA 20 Global Series competition.

NC State Bar says it was target of ransomware attack (WSOC) The North Carolina State Bar says it was the target of a ransomware attack this week.

The checkm8 Exploit Can't Be Patched, and It Affects Millions of iPhones ( How to, Technology and PC Security Forum | SensorsTechForum.com) The worst part of checkm8 is that once a jailbreak is performed, there’s no way for Apple to fix or patch the device with a future software update.

Interpeak IPnet TCP/IP Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference

Northshore cyber attack effects continue (Bothell-Kenmore Reporter) The district’s phone system operational; food services and StudentVue/ParentVue are still down.

Security Patches, Mitigations, and Software Updates

Microsoft Releases Windows Security Updates to Fix Printing Issue (BleepingComputer) Microsoft today released out of band security updates, cumulative updates, and monthly rollup updates to address a printing issue plaguing all Windows client and server versions acknowledged on September 30.

October 2019 Patch Tuesday forecast: Be sure to apply service stack updates (Help Net Security) Chris Goettl from Ivanti talks about service stack updates and offers his October 2019 Patch Tuesday forecast. Read more to learn what's in store.

Microsoft will continue providing Windows 7 security updates for SMBs (Help Net Security) SMBs that don't want or can't upgrade from Windows 7 will be able to get extended security updates (ESU) through January 2023 - for a price, of course.

HackerOne User Reveals Critical Bug Through MakerDAO Bounty Program (Cointelegraph) HackerOne user reveals critical bug in MakerDAO’s planned Multi-Collateral Dai upgrade that could have resulted in a complete loss of funds for all Dai users.

Cyber Trends

Code42 2019 Global Data Exposure Report Finds 69% of Security Leaders Say Data Loss Prevention Cannot Stop Insider Threat (BusinessWire) Code42 releases its 2019 Global Data Exposure Report, which finds 69% of security leaders say data loss prevention cannot stop insider threat.

2019 Data Exposure Report (Code 42) Most organizations have some kind of data loss prevention strategy in place. However, that strategy typically ignores one of the greatest threats to data: the threat posed by employees.

Microsoft: MFA bypass attacks are so rare we don't have good statistics on them (ZDNet) Microsoft security expert also ranks authentication factors based on their ability to fend off attackers.

Good cybersecurity comes from focusing on the right things, but what are they? (Help Net Security) "There is no wrong way into the security field and it's never too late to make a career switch that will take you there," says Mark Orlando, CTO at

Survey Suggests Ransomware Broadening Perceptions of Cyber Risks (Claims Journal) Corporate risk managers are increasingly focusing on protecting their enterprises from business interruption after a series of ransomware attacks on

Marketplace

How security programs and breach history influence company valuations (Help Net Security) Cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation, according to (ISC)2.

How cyber-security is demonstrated to result in more valuable companies (SC Magazine) Cyber-security readiness can have both positive and negative affects on company valuations when assessing acquisition targets. So how do you assess cyber-capability for M&A purposes?

Executives have to make cybersecurity a priority in order to secure their business (Help Net Security) Optiv releases a report to help increase the understanding of the cyber threat landscape and offer best practices for organizations facing these threats.

What FireEye Might Fetch in a Buyout, and a Reality Check (247wallst.com) Reports this week suggest that FireEye is working with Goldman Sachs to explore a potential sale of the cybersecurity company.

HP to Cut Up to 9,000 Jobs in New CEO’s Restructuring Plan (Wall Street Journal) Incoming HP Chief Executive Enrique Lores is moving quickly to imprint changes on the computer hardware maker with plans to shrink the company’s ranks by as much as 16% in a restructuring plan that also aims to revive lagging printer sales.

Thales details plans for integrating Gemalto biometrics and digital identity business (Biometric Update) The integration of Gemalto into Thales “Digital Identity and Security” (DIS) will result in average organic sales growth of four percent to six percent between 2020 and 2023, according to an update…

Cybersecurity firm Acronis investing major growth in Arizona (Chamber Business News) Internet security firm F-Secure recently published a report covering the current landscape of cybersecurity attacks and data hygiene in the United States. The report, “Attack Landscape H1 2019,” revealed nearly three billion separate attacks had hit individual Internet of Things (IoT) devices in the first half of the year alone, a surge of 300 percent. …

Texas cyber firm opening office in Howard County (Baltimore Business Journal) CNF Technologies already has about 10 employees in Maryland, and plans to bring on another 15 by the end of 2020.

Products, Services, and Solutions

StackRox Extends Its Security Controls Across Container Operating Systems, Cloud Marketplaces, and Ecosystem Partners (PR Newswire) StackRox, the leader in container and Kubernetes security, announced several new product features to the...

Threat Intelligence: Symantec partners with Anomali (CISO MAG) Threat intelligence platform provider Anomali announced a strategic partnership with Symantec Corp. for threat intelligence-driven solutions.

Kaspersky updates decryption tool to fight ransomware (ITP.net) Kaspersky has updated its RakhniDecryptor tool to allow users whose files were encrypted by Yatron and FortuneCrypt ransomware to retrieve their data without paying a ransom.

Technologies, Techniques, and Standards

Emsisoft releases free decryptor for GalactiCrypter ransomware (Emsisoft | Security Blog) We just released a free decryptor for the GalactiCrypter ransomware strain. Download it here.

Bank of England cyber resilience exercise (Data Protection Report) BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise.

Australian Govt Issues Android and iOS Security Hardening Guides (BleepingComputer) The Australian Signals Directorate (ASD)'s Australian Cyber Security Centre (ACSC) has published a set of two guides designed to help Australian government, commercial organizations, and enterprises harden the security of iOS and Android devices in their fleets.

Tips for Avoiding Remote Connectivity Hacking (National Cyber Security) For the better part of the past decade, online tech support scams have been on the rise as hackers find new ways to trick consumers into providing remote access to their computers in order to steal information.

Security and compliance gaps of ineffective employee onboarding and offboarding (Help Net Security) Ivanti's survey results find significant gaps in the compliant management of employee resources throughout the employment lifecycle.

Face the fax: CIA phasing out hardware for secure email (Fifth Domain) The CIA wants a new way to communicate with industry.

Design and Innovation

Data61 releases dataset that could predict cyber attacks | The Mandarin (The Mandarin) Researchers at CSIRO’s Data61 have developed a public dataset that could help cybersecurity specialists predict future cyberattacks. It comes days after numerous hospitals across Victoria were victims of security attacks.

Australian researchers leading the way in cyber security analysis (Defence Connect) Australian researchers have developed a dataset of global cybersecurity threats, from previous incidents, which they believe could help researchers predict future malicious online activity. The dat

TikTok explains its ban on political advertising (TechCrunch) Already under fire for advancing Chinese foreign policy by censoring topics like Hong Kong’s protests and pro-LGBT content, the Beijing-based video app TikTok is now further distancing itself from U.S. social media platforms, like Facebook, Twitter and Instagram, with a ban on political ads o…

Research and Development

Raytheon developing final phase of Electronic Warfare Planning and Management Tool (PR Newswire) Raytheon (NYSE: RTN) is developing Capability Drop 4 of the Electronic Warfare Planning and Management Tool,...

Quantum computers will change all our lives (Times) In 1970 a British mathematician called James Ellis had one of those lightbulb moments. Ellis, who worked for GCHQ, was trying to find a way of sending messages securely even when someone else is...

Legislation, Policy, and Regulation

The EU wants to bind Facebook to its will again – but this time it may have gone too far (The Telegraph) I write a lot about how Facebook is like a government.

Putin jokes that Russia will meddle in 2020 US elections (CNN) Russian President Vladimir Putin poked fun at the ongoing political crisis in the US by joking about election meddling Wednesday.

Why Washington won’t be buying Huawei’s offer to build a US rival (South China Morning Post) The offer to license 5G technology to an American company does not address Washington’s concerns, analysts say, since telecommunications have increasingly been seen as a strategic national security domain and a geopolitical issue.

Analysis | The Cybersecurity 202: Even impeachment isn’t slowing the Trump administration’s Huawei push (Washington Post) Trump pushed a European Huawei ban during a fiery press conference with Finland’s president.

US, UK, and Australia jointly request for Facebook to stop end-to-end encryption plans (ZDNet) Trio call for Facebook to allow law enforcement to obtain lawful access to content in a readable and usable format.

Barr Presses Facebook on Encryption, Setting Up Clash Over Privacy (Wall Street Journal) U.S. Attorney General Bill Barr, citing public safety, is asking Facebook to hold off on plans to add end-to-end encryption throughout its messaging services.

Attorney General Bill Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption Across Facebook's Apps (BuzzFeed News) "We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."

Facebook Encryption Eyed in Fight Against Online Child Sex Abuse (New York Times) The debate over privacy in the digital age increasingly pits tech companies against law enforcement agencies as explicit imagery explodes.

No federal privacy law will make it in the US this year, sources say (Naked Security) Without one, the companies that collect our data will likely face compliance with California’s take-no-prisoners law, in effect 1 January 2020.

Defense Department to tighten data security after settlement with veterans group (Military Times) A web site used to verify military status was open to potential identity thieves and scammers, advocates charge.

Top U.S. counterintelligence official praises whistleblower protections as espionage threats intensify (CBS News) National Counterintelligence and Security Center director Bill Evanina praised the Whistleblower Protection Act as he unveiled a new "Wall of Spies" experience museum

Cyberspace Solarium leader says private sector's under-investment in security is biggest challenge (Inside Cybersecurity) Leaders of the “Moonshot” initiative and the congressional Cyberspace Solarium Commission are struggling with how to secure the appropriate levels of investment -- and commitments to security -- necessary from both government and the private companies controlling the vast majority of critical infrastructure, they said, and are turning instead to politically

Former officials flag disinformation as top threat to U.S. elections (FCW) Three years after Russia waged a covert propaganda campaign against U.S. voters, the federal government has done little to address the problem through legislation or executive action.

Sir Brian Leveson appointed the second Investigatory Powers Commissioner (SC Magazine) Sir Brian Leveson to lead the IPCO, providing independent oversight and authorisation of the use of investigatory powers by intelligence agencies, police forces and other public authorities.

Litigation, Investigation, and Law Enforcement

Facebook criticises ECJ ruling on taking down illegal content (Telegraph) Facebook can be forced to remove hateful content worldwide by national courts in the European Union, EU judges ruled on Thursday.

European Court Ruling on Facebook Sets Harmful Precedent (Center for Data Innovation) In response to a European Court of Justice ruling that member states may order hosting providers to remove content worldwide, the Center for Data Innovation released the following statement from Senior Policy Analyst Eline Chivot.

The EU wants to bind Facebook to its will again – but this time it may have gone too far (The Telegraph) I write a lot about how Facebook is like a government.

Trump wanted Ukraine’s president to launch investigations before face-to-face meeting, State Dept. texts show (Washington Post) The messages between State Department officials, an aide to Ukraine’s president and Rudy Giuliani were released by House Democrats as part of their impeachment investigation.

Official: Pentagon didn't listen in on Trump Ukraine call (TheHill) No Defense Department (DOD) officials listened in on the July call between President Trump and the Ukrainian president now at the center of House Democrats’ impeachment inquiry, the P

FBI's new ransomware warning: Don't pay up, but if you do, tell us about it (ZDNet) The FBI is urging all ransomware victims to tell it about the attack whether they choose to pay or not.

Akron hacker sentenced to six years in prison for cyber attack (WEWS) An Akron man will spend the next six years behind bars for hacking the city of Akron and Akron Police Department websites in 2017.

Boeing 737 Max Safety System Was Vetoed, Engineer Says (New York Times) The company passed on the concerns to the Department of Justice as part of a criminal investigation into the engineering of the plane after two fatal crashes.

Boeing rejected 737 MAX safety upgrades before fatal crashes, whistleblower says (Seattle Times) The details revealed in the ethics complaint raise new questions about the culture at Boeing and whether the long-held imperative that safety must be the overarching priority was compromised on the MAX by business considerations and management's focus on schedule and cost.

Accused ringleader faces more charges in GoFundMe ruse involving Marine veteran (Marine Corps Times) A man already charged in state court with scamming donors out of more than $400,000 with a fake feel-good story about a homeless veteran is facing federal charges.

Former U.S. Army interpreter from Iraq gets 30 years for dealing fentanyl on dark web (Reuters) An Iraqi immigrant who worked as a U.S. Army interpreter was sentenced to 30 yea...

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Hygiene: Why the Fundamentals Matter (Online, Software Engineering Institute at Carnegie Mellon University, October 16, 2019) In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical...

Upcoming Events

Australian Cyber Conference 2019 (Melbourne, Victoria, Australia, October 7 - 9, 2019) The Australian Information Security Association (AISA) is the premier industry body for information security professionals in Australia. As a nationally recognised not-for-profit organisation, AISA champions...

CyberNext Summit (Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington...

Borderless Cyber (Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous...

SecureWorld Dallas (Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Jacksonville Cybersecurity Conference (Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.