skip navigation

More signal. Less noise.

Free ICS Webinar: Threat Intelligence Explained, Examined & Exposed

Join Dragos and the CyberWire on October 22 to hear how threat intelligence can help your organization reduce risk by improving detection, response and prevention of critical infrastructure. We’ll share real world insights from hunting some of the most sophisticated threats and cover vulnerable assets that need protection. Register today.

Daily briefing.

Cozy Bear, Fancy's quieter cousin, is back, or, as ESET puts it in a study released this morning, Cozy never really left. "Operation Ghost" was discretely successful in penetrating and collecting against a number of European diplomatic targets, including at least one country's Washington embassy. Cozy Bear, which ESET calls "the Dukes," and others "APT29," is probably a unit of Russia's SVR foreign intelligence service, although the FSB is also sometimes associated with the group. Operation Ghost was characterized by patient determination and careful use of steganography. Cozy Bear came to widespread attention when its tracks were detected in the US Democratic National Committee during 2016. (Fancy Bear noisily blew the gaffe for both groups.)

Nothing new on that US cyberattack against Iranian propaganda capabilities, beyond a response from Iran's Iran Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi, which Ars Technica dutifully records: it never happened, "[the Americans] must have dreamed it."

Palo Alto Networks yesterday described the Graboid worm, a cryptojacker that infests unsecured Docker hosts, about two-thousand of which the researchers came across in the course of their work. Palo Alto sniffs that Graboid (whose name is a well-chosen homage to the horror classic Tremors) may be capable of short bursts of speed, but overall is "relatively inept." Unsurprisingly, Graboid exploits improperly configured hosts.

BlackBerry Cylance has discovered malicious code that evades detection by hiding in WAV audio files. The payload is often an XMRig Monero miner.

An international dragnet took down hundreds of online pornographers.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, Czech Republic, European Union, Germany, Iran, Ireland, Republic of Korea, Russia, Saudi Arabia, Spain, Syria, Turkey, United Arab Emirates, United Kingdom, United States.

Bring your own context.

A recent look at 2,300 systems that store medical images using the DICOM protocol found that 590 of them, about a quarter of those checked, were unprotected and connected to the internet. Were there personal data exposed?

"Yes, there were. We've seen names, date of birth, date of examination, reasons for examinations. We have had access to images related to that exam. Sometimes the patient data was sort of identified by Social Security numbers. There was lots of personal identifiable information in it, yes."

—Dirk Schrader, cyber resilience architect at Greenbone Networks, on the CyberWire Daily Podcast, 10.15.19.

Not a healthy state of affairs, but one that should be correctable.

Try cloud-native network detection and response for free!

ExtraHop Reveal(x) Cloud is SaaS-based NDR for AWS, giving you complete visibility, real-time detection, and automated threat response in the cloud. Request your free 30-day trial today.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses their contribution to the Splunk Boss of the SOC (BOTS) capture-the-flag competition. Our guest is Chris Hickman from Keyfactor, talking about Public Key Infrastructure.

And, of course, Hacking Humans is up, too. In this episode, "The fallacy of futility," Dave describes a Ponzi scheme that bought up legitimate investment firms. Joe shares research into deep fakes. The catch of the day includes an invitation to join the Illuminati. (Because, who wouldn't want to do that?) Ray [REDACTED] returns with follow-up from his prior visit, along with new information to share.

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, United States, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Cyber Attacks, Threats, and Vulnerabilities

ISIS Is Already Rising From the Ashes (Foreign Affairs) Turkey’s invasion of Syria will fuel a jihadi resurgence.

How One Tweet Turned Pro-China Trolls Against the NBA (Wall Street Journal) After his tweet supporting Hong Kong’s protesters, Houston Rockets general manager Daryl Morey was the subject of a pro-China campaign.

“Debug mode” in popular webdev tool exposes credentials for hundreds of websites, including Donald Trump’s - Comparitech (Comparitech) Donald Trump's campaign website and hundreds of others failed to disable debug mode in Laravel, a popular PHP framework, exposing secret credentials on the web.

Ransomware: These are the most common attacks targeting you right now (ZDNet) An analysis of ransomware reporting over the past six months shows that while there's a big focus on big targets, going after individual users is still very popular.

New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns (BleepingComputer) Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot.

US 'carried out secret cyber attack' on Iran after Saudi oil attack (The Independent) Official says cyber operation affects 'physical hardware' as Tehran denies impact

Warning: Russian Hackers Break Into European Embassy In Washington (Forbes) Hackers who'd carried out the infamous breach of the Democratic National Committee have breached a European embassy in Washington, according to research released Thursday.

Russia’s Cozy Bear Hackers Resurface With Clever New Tricks (Wired) Largely out of the spotlight since 2016, Cozy Bear hackers have been caught perpetrating a years-long campaign.

WAV audio files are now being used to hide malicious code (ZDNet) Steganography malware trend moving from PNG and JPG to WAV files.

WAV files spotted delivering malicious code (Help Net Security) Attackers are embedding crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions, researchers have found.

Malicious Payloads - Hiding Beneath the WAV (ThreatVector) BlackBerry Cylance Threat Researchers recently discovered obfuscated malicious code embedded within WAV audio files. Each WAV file was coupled with a loader component for decoding and executing malicious content secretly woven throughout the file’s audio data.

'Graboid' Crypto-Jacking Worm Targets Docker Hosts (SecurityWeek) Researchers have identified what appears to be the first crypto-jacking worm that spreads using Docker containers.

Cryptojacking Worm Targets and Infects 2,000 Docker Hosts (Dark Reading) Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection (BleepingComputer) Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Symantec Endpoint Protection Update Causes Many Devices to Crash (SecurityWeek) An intrusion prevention signature update delivered by Symantec to Endpoint Protection customers has caused many devices to crash and display a BSOD.

Intelligence Gathering on U.S. Critical Infrastructure (Industrial Control Systems (ICS) Cyber Security Conference) How Open Source Intelligence can be applied to reconnaissance on critical infrastructure.

Security Patches, Mitigations, and Software Updates

Adobe splats bucketful of bugs in Acrobat and Reader (Help Net Security) A week after Patch Tuesday, Adobe dropped security updates for several of its products, including Acrobat and Reader and the Download Manager.

WordPress 5.2.4 Patches Six Vulnerabilities (SecurityWeek) WordPress 5.2.4 patches six vulnerabilities, including XSS, unauthorized access, SSRF, and cache poisoning issues.

Oracle's October 2019 Critical Patch Update Includes 219 Fixes (SecurityWeek) Oracle this week announced the release of its last Critical Patch Update of 2019, which includes a total of 219 new security fixes across various product families.

Instagram’s latest security feature lets you better manage third-party app permissions (The Verge) See who has your data at a glance.

Instagram will give you more control over your third-party apps…in about six months (TechCrunch) Instagram is slowly rolling out a new feature that will help better protect your personal data from being accessed by your long-discarded, third-party applications — that is, any app you had once authorized to access your Instagram profile over the years. This may include websites you used fo…

Cyber Trends

Cost of Ransomware Related Downtime Increased More Than 200 Percent, an Amount 23 Times Greater Than the Ransom Request (BusinessWire) Datto, Inc., the leading global provider of IT solutions delivered through managed service providers (MSPs), today announced findings from its fourth

New Survey Finds Security Pros Concerned About PKI (Keyfactor) At SecTor, Canada’s premier IT security education conference, we conducted a survey to learn more about the challenges facing IT professionals working to manage their organization’s PKI.

 IT Pros Believe Shadow IT Could Become a Competitive Advantage, Study Shows (BusinessWire) The new Entrust Datacard report, “The Upside of Shadow IT,” helps business and IT leaders balance enterprise security with employee productivity.

Fake mobile app fraud tripled in first half of 2019 (Help Net Security) In Q2 2019, RSA Security identified 57,406 total fraud attacks worldwide. Phishing attacks were the most prevalent (37%), followed by fake mobile apps.

APT actors up their game; is it only a government concern or do enterprises need to pay more attention? (SC Magazine) CISOs roll their eyes when they hear 'APT', or say they're not a real threat to most organisations, but they are on the rise, and their hacking techniques do pose a threat as they get weaponised by cyber-criminals.

Social Media OpSec Concerns Overstated, Army General Says (Military.com) A general, a lieutenant, a cartoonist and the administrator of a controversial community Facebook page walk onto a stage.

Marketplace

Corporate America's Second War With the Rule of Law (Wired) Opinion: Uber, Facebook, and Google are increasingly behaving like the law-flouting financial empires of the 1920s. We know how that turned out.

SailPoint Buys Two Cloud Security Startups For $37.5 Million (CRN) Identity governance provider SailPoint has purchased emerging vendors Orkus and OverWatchID to help customers better control access to applications in public cloud environments.

Austin's SailPoint poised to improve cybersecurity services for cloud-based systems (Austin American-Statesman) Austin-based SailPoint Technologies has acquired two startups — for a total of $37.5 million — in a bid to to improve its cybersecurity

DigiCert Acquisition by Clearlake Capital Group and TA Associates Closes (PR Newswire) DigiCert, Inc., the world's leading provider of TLS/SSL, IoT and PKI solutions, announced today that leading private...

Facebook Expands, Enhances Bug Bounty Programs (SecurityWeek) Facebook announces an expansion to its bug bounty program for third-party apps, as well as a series of bonuses for bugs in native products.

F-Secure weighs in on prpl Foundation security standards (Global Security Mag Online) F-Secure has joined the prpl Foundation to provide a more secure consumer experience when customers use their home Wi-Fi network and Internet of Things (IoT) devices.

Cybersecurity firm joins Microsoft Intelligent Security Association (The Hindu) Cybersecurity firm Ensurity Technologies has joined Microsoft Intelligent Security Association (MISA), a group of technology providers who integrated their solutions with Microsoft products to provide

7 Top Cybersecurity Stocks to Buy (The Motley Fool) Keeping digital data safe is a big business and getting bigger all the time.

How AI Battles Security Threats without Humans (WIRED) Housed in the historic city of Cambridge, the R&D facility of international cybersecurity firm Darktrace is unmistakably modern. Its stylish headquarters is all clean lines and gleaming glass, opening last year in honor of Cambridge-educated computer pioneer Maurice Wilkes—who helped design the electronic delay storage calculator, one of the world’s first computers, in the 1940s.…

Siemens moves its head office to Manchester (PES MEDIA) Siemens flagship building at Didsbury, Manchester has been designated the company’s new UK head office, replacing Frimley in Surrey.

TrueFort Unveils Board of Advisors Featuring Top Executives from Cyber Security, Financial and Telco (BusinessWire) Advisory Board comprised of C-level executives from AT&T, Bank of America Merrill Lynch, LPL Financial, Palo Alto Networks, Trend Micro and Zscaler.

Guidehouse hires NSA executive Marianne Bailey (Consulting) Management and technology consultancy Guidehouse has hired cyber expert Marianne Bailey to lead the firm’s cybersecurity practice.

Products, Services, and Solutions

Baltimore Cyber Range Shaping the Future (BaltimoreCyberRange) Baltimore Cyber Range (BCR) provides real world, hands-on Cyber security training. The BCR ultra-realistic threat training environment enables Cyber Security practitioners a secure environment for working with real world threats.

Global breakthrough, Pradeo launches a Private Secure Store solution to facilitate and expand safe BYOD usages for companies (Pradeo) After being awarded by Frost & Sullivan for best mobile security, Pradeo adds a new offer to its product line to address a strong mobile security need so far unanswered.

Denim Group Announces Integration with Snyk to Deliver Broad Vulnerability Management to Developers Leveraging Open Source (BusinessWire) Denim Group Announces Integration with Snyk to Deliver Broad Vulnerability Management to Developers Leveraging Open Source

CounterFlow AI Introduces ThreatEye – First-Ever AIOps Platform for Network Forensics (CounterFlow) Security analysts can now leverage AI for network intelligence and intelligent packet capture

Carousel Graduates Inaugural Class of Certified Ethical Hackers, Further Strengthening its Cybersecurity Expertise and Delivering More Value to Carousel Customers (Carousel Industries) Carousel Industries, a leading national IT, managed services, and cloud provider with

Lattice MachXO3D Secure Control FPGA Receives Security Certification from NIST (BusinessWire) Lattice Semiconductor (NASDAQ: LSCC), the low power programmable leader, today announced its MachXO3D™ FPGAs for secure system control received the Na

Podcast Recommendations (Medium) The number of podcast listeners in the U.S. increased sharply in 2019, with nearly one out of three people listening to at least one…

Akamai's got Comcast's back for small and mid-size businesses' cybersecurity (FierceTelecom) Comcast Business is the first service provider to boot up Akamai's new cloud-based Security and Personalization Services Secure Business solution. Comcast Business is using Akamai’s SPS Secure Business as part of its new Comcast Business SecurityEdge cloud-based internet cybersecurity solution for small businesses.

BlackBerry Cylance Announces Integration with Chronicle's Backstory (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced integration of CylancePROTECT ® and CylanceOPTICS® with...

Cybereason and SecureLink Partner to Deliver New Security Services (AiThority) Cybereason, creators of the leading Cyber Defense Platform and SecureLink, one of Europe's most respected managed security service providers

Logicalis Ireland becomes first partner in Ireland to achieve new cloud security specialisation from Check Point Software Technologies (Irish Tech News) Logicalis Ireland, the Hybrid IT solutions and managed services provider, today announces that it is the first partner in Ireland to achieve the CloudGuard

Symantec Boosts Endpoint Security Portfolio With New Upgrade (Yahoo) Symantec's (SYMC) Endpoint Security solution features capabilities like new attack surface reduction, threat hunting, and breach analysis and prevention, to cater to the growing need for comprehensive enterprise security.

Tehama and Bitnobi Partner to Lay Foundation for a Data Trust Platform (West) Tehama, the leading SaaS solution to secure mission critical and data sensitive systems when granting access to global employees and third-party contractors, and Bitnobi, a startup that has created a privacy-protected data-sharing platform, are pleased to announce the signing of a contract with the Department of National Defence to demonstrate the workings of an innovative, integrated human resources data management platform.

Technologies, Techniques, and Standards

A Review of Cybersecurity Incidents in the Water Sector – a good start but with technical issues (Control Global) The report, “A Review of Cybersecurity Incidents in the Water Sector”, was published in the September 2019 issue of the Journal of Environmental Engineering. There are many technical gaps in the report. My concerns with these water cases are similar to gaps in other industries such as electric, oil/gas, and manufacturing. As these industries use the same or similar equipment from the same vendors, the information sharing gap is still very wide.

Congressional Panel Praises Illinois Election Upgrades (Government Technology) Lake County, Ill., received high marks from panelists and the chair of the Committee on Homeland Security, which talked to local, state and federal officials about potential threats to the Illinois elections system.

Analysis | The Cybersecurity 202: Cyber Command hacking contest aims to prep Election Day first responders (Washington Post) The conference marks a rare cooperation between Cybercom and ethical hackers.

CrowdStrike CEO: There's a 'real awakening' about the threat of 2020 election hacking (Yahoo) CrowdStrike co-founder and CEO George Kurtz weighs in on cybe threats pertaining to the 2020 presidential election.

Baltimore City now prepared in case of another cyber attack (WBAL) Baltimore City said it's now prepared in case of another cyber attack.

What Cyber Resilience is Not About … (Business2Community) Cyber resilience must not be used to legitimise window-dressing practices around cyber security Read more at https://www.business2community.com/cybersecurity/what-cyber-resilience-is-not-about-02249622

Cyber Command wants to work more closely with the energy sector (Fifth Domain) Cyber Command worked with the Department of Energy during a recent exercise to help bolster understanding and ensure greater defense of critical assets.

Design and Innovation

Introducing the New Advanced Credit Cards, where the CVVs will change every hour, a huge blow for the cyber-criminals. (LinkedIn) Imagine a world without credit card fraud. Impossible, you might say.

Research and Development

Cryptography without using secret keys (Phys.org) Most security applications, for instance, access to buildings or digital signatures, use cryptographic keys that must at all costs be kept secret. That also is the weak link: Who will guarantee that the key doesn't get stolen or hacked? Using a physical unclonable key (PUK), which can be a stroke of white paint on a surface, and the quantum properties of light, researchers of the University of Twente and Eindhoven University of Technology have presented a new type of data security that does away with secret keys.

DISA Wants a Pentagon-Wide Identity Management System (Nextgov.com) The Enterprise Identity Service would let Pentagon officials oversee the access credentials and online activity of every user who touches its networks.

Academia

Cyber security experts, colleges work together to encourage next generation of analysts (Route Bay City) With the growing use of technology in day-to-day business operations, more and more businesses are finding themselves in need of protection against cyber threats.

Registration open for new UMW cybersecurity certification program (Fredericksburg.com) The University of Mary Washington announced Wednesday that registration is now open for a new cybersecurity certification program.

Legislation, Policy, and Regulation

People’s privacy must be completely protected in cyberspace: Rouhani (Mehr News Agency) Iranian President Hassan Rouhani has stressed protecting people’s security while ensuring cyberspace security, adding that People’s privacy must be completely protected.

China slams ‘arrogant and dangerous’ U.S. over Hong Kong democracy bill as city’s dysfunction deepens (Washington Post) Lawmakers disrupted a speech by Hong Kong’s leader, while Beijing said it rejects any foreign interference and accused Washington of harboring sinister intentions.

Government drops ‘porn block’ plan to stop children watching sex videos online (The Independent) The long-delayed measure – one of the first of its kind in any democratic country – had been plagued by legal and technical difficulties

Australian intelligence agency wants more resources to counter foreign interference (Reuters) Australia's national intelligence agency said in a report this week that it...

Australia shows small businesses how to protect themselves in cyberspace (Tech Wire Asia) Small businesses in Australia struggle with cybersecurity — but the good news is that the country's regulators are keen to offer support.

When it comes to cyber authorizations, plagiarism is just fine for DHS (Federal News Network) DHS CIO Dr. John Zangardi said he is streamlining the authority to operate (ATO) process to help components move applications to the cloud faster.

Senator proposes data privacy bill with serious punishments (CNET) If the bill were a law during Facebook’s privacy scandals, Mark Zuckerberg would face jail time, Sen. Ron Wyden says.

Mark Zuckerberg will stream a speech on ‘free expression’ Thursday (Engadget) You can watch what the Facebook CEO has to say at 1PM ET.

Army Cyber lobbies for name change this year, as information warfare grows in importance (Army Times) Army Cyber says the fight below the level of actual violence is already happening, and it needs greater authorities to combat threats,

Litigation, Investigation, and Law Enforcement

South Korean National and Hundreds of Others Charged Worldwide in the Takedown of the Largest Darknet Child Pornography Website, Which was Funded by Bitcoin (US Department of Justice) Jong Woo Son, 23, a South Korean national, was indicted by a federal grand jury in the District of Columbia for his operation of Welcome To Video, the largest child sexual exploitation market by volume of content. The nine-count indictment was unsealed today along with a parallel civil forfeiture action. Son has also been charged and convicted in South Korea and is currently in custody serving his sentence in South Korea. An additional 337 site users residing in Alabama, Arkansas, California, Connecticut, Florida, Georgia, Kansas, Louisiana, Maryland, Massachusetts, Nebraska, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Virginia, Washington State and Washington, D.C. as well as the United Kingdom, South Korea, Germany, Saudi Arabia, the United Arab Emirates, the Czech Republic, Canada, Ireland, Spain, Brazil and Australia have been arrested and charged.

Inside the shutdown of the ‘world’s largest’ child sex abuse website (TechCrunch) Hackers found the dark web site just weeks after the U.S. government did.

MSPs turn to data watchdog over Sturgeon’s private emails (Times) Scotland’s information commissioner has been urged help MSPs who want to investigate Nicola Sturgeon for using a private email account for state business. Labour wrote to the first minister and...

Senate Intel chair: Whistleblower hasn't agreed to testify before panel (TheHill) Senate Intelligence Committee Chairman Richard Burr (R-N.C.) on Wednesday told reporters that a whistleblower at the center of the House impeachment inquiry hasn't yet agreed to meet with his Senate panel.

'Nothing similar': Ukraine whistleblower lawyer rejects Edward Snowden comparison (Washington Examiner) Edward Snowden, who leaked highly classified information and fled the United States in 2013, compared himself to the Ukraine whistleblower while promoting his new book.

Leading K-pop organization vow to wipe out 'cyber violence' after Sulli's death linked to online bullying (Newsweek) South Korean officials are taking a stronger stance to tackle the growing threat of "cyber terrorism" against K-pop culture celebrities, claiming "nothing will be forgiven, and strong action will be taken."

Accused Capital One hacker had as much as 30 terabytes of stolen data, feds say - CyberScoop (CyberScoop) Investigators probing the Capital One data breach say they have between 20 and 30 terabytes of data in their possession as they prepare for trial against the alleged hacker, Paige Thompson, according to court documents obtained by CyberScoop. The government now is parsing through millions of individual files, prosecutors said, as well as a spreadsheet agents say they found recently on Thompson’s computer, which contains aggregated information apparently stolen from Capital One.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

AdvaMed Cybersecurity Summit (Arlington, Virginia, USA, November 6, 2019) The AdvaMed Cybersecurity Summit brings together experts across the device security spectrum. Experts will provide in-depth and timely updates on the state of medical device cybersecurity, including issues...

Health Data Stewardship & Privacy Summit (Arlington, Virginia, USA, November 7, 2019) AdvaMed’s inaugural Health Data Stewardship & Privacy Summit will bring together leading experts and health care industry stakeholders to explore the current data privacy landscape and forecast what may...

Cybersecurity for Small Businesses (Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...

Upcoming Events

EXCHANGE 2-19 (New York, New York, USA, October 16 - 17, 2019) BitSight presents EXCHANGE 2019, The Intersection of Business and Cyber Risk, an event for security and risk professionals to navigate the demands of today's dynamic cyber risk landscape. During this two-day...

6th Annual Cyber Warfare Symposium (New York, New York, USA, October 17, 2019) This unique, one-day event will bring together distinguished thought leaders and cybersecurity and cyber warefare experts from across the industry for a day of collaboration and education. The Symposium...

Toronto Cybersecurity Conference (Toronto, Ontario, Canada, October 17, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Security Leaders Summit Atlanta (Atlanta, Georgia, USA, October 17, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.