skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.

Daily briefing.

"Caveat:" a new podcast on cybersecurity law and policy

The CyberWire is pleased to announce the launch today of “Caveat,” a new weekly podcast addressing cybersecurity law and policy, with a particular focus on surveillance and digital privacy. Caveat is available at our website.

This latest addition to the CyberWire’s popular lineup of programs is hosted by Dave Bittner and Ben Yelin, the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security. Each week, Dave and Ben break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digital age will find the discussions accessible, relevant, and thought provoking.

We happily thank KnowBe4, the sponsor of Caveat, for their indispensable support.

SecurityWeek's 2019 ICS Cyber Security Conference

SecurityWeek's 2019 ICS Cyber Security Conference began its final day this morning with a discussion of the convergence of safety and cybersecurity. Dale Malony, OT Leader of Honda of America brought a manufacturer's perspective; Ben Stirling, Vistra Energy's Lead, Generation Cyber Security, contributed a view from the energy sector. It's a developing system, and, as Malony pointed out, we still tend to rely on "dragon slayers." He asked the community to think through education that can take personnel "from zero to hero." Stirling thinks education has to approach cybersecurity from both sides, bringing control engineers to an understanding of IT security, and IT personnel to an understanding of controls. "You have to approach the problem from both sides of the coin." Senior leaders in manufacturing companies are interested in consistent plant stability and a reliable product, and that's how they need to be approached on matters involving cybersecurity.

Four interesting side observations were made on safety and cybersecurity. First, the panelists have found it useful to get their control engineers certifications, because those were important to establishing credibility with the IT side. Second, they find it more difficult to get the IT types oriented to, and familiar with, control engineering than they do familiarizing the control engineers with IT because, "The IT types don't like it. They're used to air conditioning." (Much laughter at this second observation.) Third, the IT types need to find your stuff "cool" (apart from any air conditioning issues). If they can be induced to take an "innate interest" in the control engineering space, you've got a much better chance of working together effectively. And fourth, thinking in terms of safety as driving defensive priorities can be foreign to cybersecurity personnel who came up through the IT ranks. Bear this in mind when familiarizing them with plant controls.

A presentation on smart cities, and specifically on how IT and OT join forces to defend them, drew attention to another cultural gap the speaker perceived between the two communities. Trend Micro's William J. Malik sees the communities as having very different assumptions about the longevity of systems. Architectural decisions we take today can have significant consequences decades hence, and in Malik's view the IT community is not yet comfortable thinking in these terms.

We'll wrap up our coverage of SecurityWeek's 2019 ICS Cyber Security Conference tomorrow. In the meantime, you'll find an account of a presentation by Dragos on process integrity here.

Amazon Web Services sustained a distributed denial-of-service attack yesterday that affected AWS for some eight hours. Google Cloud also encountered difficulties on Tuesday. Computer Business Review says there are no indications the two incidents were connected. Both AWS and Google Cloud services report they've now returned to normal operation.

Pilz Gmbh, an automation tool manufacturer with headquarters in Ostfildern, Baden-Württemberg, and operations globally, has disclosed that it continues to recover from a ransomware incident that began on October 13th. ZDNet says the ransomware was Bitpaymer, with business but not production systems affected.

BlackBerry Cylance's ThreatVector has an account of how mobile malware has assumed an important position in the cyber espionage space. Several nation states actively engage in this form of spying, and the researchers emphasize that this is neither a novelty nor a niche effort, "but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere." Beijing, Hanoi, Pyongyang, and Tehran have been particularly active against both Android and iOS targets, and they all show a troubling degree of sophistication. Many of these efforts have their origins in highly targeted work against specific targets, and many of those targets are domestic.

The US FBI has given Congress an overview of election-security preparation.

In what's presumably not an admission against interest, Huawei's global cybersecurity and privacy officer tells ZDNet that, you know, it's probably easier to bribe a telco executive than it is to backdoor equipment. (So don't sweat those backdoors?)

Notes.

Today's issue includes events affecting Australia, Austria, China, European Union, Germany, Iran, Democratic Peoples Republic of Korea, NATO/OTAN, Russia, Sri Lanka, United States, and Vietnam.

Bring your own context.

Much of the concern over deep fakes has centered on their potential for harassment, embarrassment, or political disinformation. But this family of techniques has other security implications as well.

"And also in the cybersecurity space, we're seeing growing concern about the ability of synthetic voice audio in particular right now to enhance social engineering attacks, such as fraud and kind of impersonation attacks, where someone could use synthetic voice audio to impersonate a CEO or another kind of C-suite executive or something like this to move money or to make key business decisions. So, you know, there are multiple vectors. I think it's general level, whereas deepfakes threats any process where audio visual media is used to inform key decision-making or key communications."

—Henry Ajder, from Deeptrace Labs, on Hacking Humans, 10.24.19.

Thus, new possibilities in impersonation.

Zero-Trust in the Modern Workplace

The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.

In today's Daily Podcast, out later this afternoon, we speak with our partners at Cisco Talos, as Craig Williams provides an update on Emotet. Our guest, Dave Weinstein from Claroty, discusses threats to critical infrastructure.

Hacking Humans is up. In this episode, "The ability to fundamentally deceive someone," Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of doing so. The catch of the day requests help in an investment scam (but lacks punctuation). Our guest is Henry Ajder from Deeptrace Labs discussing their research on deep fakes.

And, finally, the CyberWire's new weekly podcast Caveat is also up. In this inaugural episode, "Crowdsourced private surveillance," Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.

Georgetown University Programs in Cybersecurity Webinar (Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

Cyber Security Summits: November 6 in Boston and November 21 in Houston (Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Dateline SecurityWeek's 2019 ICS Cyber Security Conference

Process integrity as central to ICS security (The CyberWire) "The past and future of integrity-based attacks in ICS environments." Industrial control systems aren't smart buildings, still less the whole Internet of Things. When we talk about ICS, we should be clear that we're talking about control of industrial processes.

Old Windows and bad passwords: Utility cyber vulnerabilities grow despite comparative strengths (Utility Dive) Utilities have increased cybersecurity but they remain "soft targets for adversaries" due to outdated operating systems and unencrypted passwords, security firm CyberX said.

Radiflow and Asset Guardian Introduce Joint Solution to Enrich Industrial Asset Monitoring and Risk Assessment (Yahoo) Radiflow, a leading provider of cybersecurity solutions for industrial automation networks, and Asset Guardian, a dedicated provider of leading edge protection for process control and industrial software, today jointly announced

Cyber Attacks, Threats, and Vulnerabilities

What will be the effect of the latest US cyberattack on Iran? (Fifth Domain) Recent research on the nature of international cyber conflict questions whether responding to kinetic attacks with cyber operations will create the outcome White House officials and military leaders want.

Discord Turned Into an Info-Stealing Backdoor by New Malware (BleepingComputer) A new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan.

15 Years Later, Metasploit Still Manages to be a Menace (Threatpost) A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves even against modern defenses.

Unveiling the Stealthworker Campaign (Fortinet) Earlier this year, FortiGuard Labs shared their findings about a malware that was linked to a compromised e-commerce website serving a malicious JavaScript skimmer. The malware forms a botnet called Stealthworker or GoBrut. It can infect both Windows and Linux machines and perform brute force attacks on targets sent by the botmaster.

Cybereason’s Nocturnus Researchers Go Hunting for Raccoons; The New Ma (PRWeb) Cybereason, creators of the leading Cyber Defense Platform, today released an investigative research report from its Nocturnus Research Group titled “Hunting Raccoon...

Malwarebytes Connects Magecart Group to Carbanak (Decipher) Researchers have linked the Magecart group known for its supply-chain attacks to Cabanak, an advanced threat group.

Hackers hover near online shopping carts, too. It's called e-skimming (Detroit Free Press) Holiday shoppers warned to watch out for e-skimming threats. Any business accepting online payments on their website is at risk, FBI says.

Cyberattack Causes Serious Disruptions at German Automation Firm Pilz (SecurityWeek) German automation firm Pilz took many systems offline after it was hit by what it described as a targeted cyberattack, with reports claiming it was a ransomware attack.

Maxthon Browser Vulnerability Can Help Attackers in Post-Exploitation Phase (SecurityWeek) Researchers have discovered a vulnerability in the Maxthon 5 browser that can be highly useful to hackers in the post-exploitation phase of an attack.

AWS Customers Hit by Eight-Hour DDoS (Infosecurity Magazine) US East Coast region particularly badly affected

AWS hit by DDoS attack dragging half of web down (CRN Australia) Confirms reports of intermittent DNS resolution errors.

Major German manufacturer still down a week after getting hit by ransomware (ZDNet) Pilz, a German company making automation tool, was infected with the BitPaymer ransomware on October 13.

Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform (Threat Vector) This report examines the pervasive mobile malware dimension in APT campaigns and surveys the prevalent use of mobile malware in cross-platform surveillance and espionage campaigns by Chinese, Iranian, Vietnamese and other APT Groups.

MedusaLocker Ransomware Wants Its Share of Your Money (BleepingComputer) A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware.

New Variant of Remcos RAT Observed In the Wild (Fortinet) Recently, our LoneWolf Spampot Monitoring System captured several new spam samples. After a quick analysis, we identified it is a Remcos RAT campaign.

Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack (CCS '19) Web caching enables the reuse of HTTP responses with the aim to reduce the number of requests that reach the origin server, the volume of network traffic resulting from resource requests, and the user-perceived latency of resource access.

Exclusive: White House cyber memo warns of new network risks (Axios) The "White House is posturing itself to be electronically compromised once again."

Data Breach at KRH May Have Affected 129,000 Patients' Personal Information (Flathead Beacon) Beginning today, Kalispell Regional Healthcare is mailing out letters to nearly 130,000 patients whose personal information may have been involved in a data breach over the summer. Patients’ personal information... more

Dodgy mobile apps found to be on the increase: RiskIQ (ITWIre) The number of blacklisted mobile apps in the 120-odd mobile stores, examined by security firm RiskIQ on a regular basis, grew from 44,850 to 53,955, a rise of 20%, the company said in its mobile threat report for the second quarter of the year.

Huawei: Easier to bribe telco staff than build backdoors (ZDNet) It requires so much effort to build backdoors into networking equipment that work across different global communications networks and system configurations that it likely is easier and more effective to bribe a telco executive, says Huawei's chief cybersecurity officer.

Report: Billtrust Recovering From Ransomware Attack (BankInfo Security) Billtrust, a cloud-based, business-to-business payment provider, reportedly is continuing to recover from a ransomware attack that crippled its computer systems.

Hackers target schools with ransomware (KGTV) Schools and school districts have become a new target for hackers, who target computer systems with ransomware.

Analysis | When Will Boeing 737 Max Fly Again and More Questions (Washington Post) Two crashes within five months -- Lion Air Flight 610 in October 2018 off the coast of Indonesia and Ethiopian Airlines Flight 302 in March outside Addis Ababa -- killed 346 people and led to a global grounding of Boeing Co.’s 737 Max jets, the fourth generation of a venerable brand first flown in 1967. Uncertainty over when it will fly again is rippling through the airline industry and Boeing’s finances. The U.S. manufacturer’s bill is $9.2 billion and rising, as it faces questions about the pl

Cyber Trends

2019 Consumer Survey: Trust and Accountability in the Era of Data Misuse (Ping Identity) Data privacy and security are becoming central to the modern online experience.

The Underrated Risks of Data Exposure (Terbium Labs®) We surveyed over 300 information technology (IT) professionals in the United States and Canada to better understand how businesses currently monitor and detect incidents of exposed data on the Internet, their current and future risks and the potential negative outcomes.

A data breach could be game over for a brand (Help Net Security) There is a lack of confidence consumers around the world have in a brand’s ability to safeguard personal information, according to Ping Identity.

Risk Management And Black Swan Events (Forbes) Black Swans bring challenges to risk management, especially in our rapidly transforming technological landscape. However, those transformative changes in emerging technology add to the ability to analytically forecast and try to mitigate Black Swan events.

Smart cities must be cyber‑smart cities (WeLiveSecurity) As cities turn to IoT to address long-standing urban problems, what are the risks of leaving cybersecurity behind at the planning phase?

Marketplace

Spotlight: China's ZTE helps Austrian partner build "dream network" (Xinhua) Chinese telecommunications equipment maker ZTE has been helping its Austrian partner build a "dream network," the CEO of a leading Austrian telecommunications provider said Wednesday.

Attila Security raising $4 million, planning move to Columbia (Baltimore Business Journal) Attila is led by CEO Gregg Smith, who formerly headed two other Maryland-based cyber firms, Optio Labs Inc. and Silent Circle.

CyberSeek™ Workforce Analytics Partnership Renewed Through 2022 (PR Newswire) CompTIA, The National Initiative for Cybersecurity Education (NICE) led by the National Institute of Standards and...

Booz Allen wins two AI-related contracts with Army and DoD (Consulting) Management and tech consultancy Booz Allen Hamilton was recently awarded two technology-powered defense projects.

‘It’s A Sad Day For Human Rights’ —Washington Post Slammed For Its Latest Columnist Hire (Forbes) Washington Post hires a columnist who was employed by a surveillance company that allegedly spied on associates of another prominent WaPo writer: murdered journalist Jamal Khashoggi.

Products, Services, and Solutions

Delta Risk’s New ActiveEye 2.0 Reduces 95 Percent of False Positives to Find and Resolve Cyber Threats Faster (BusinessWire) Delta Risk, a SOC-as-a-Service provider, announced the release today of version 2.0 of its cloud-native managed security platform, ActiveEye.

Endace | Network Critical Joins Endace Fusion Partner Program (RealWire) Network Visibility Specialists Endace and Network Critical, Partner to Provide Deeper Insight into Network Traffic

Bitdefender launches one-stop marketing shop for partners (CRN Australia) Focus on lead generation and prospect tracking.

Forcepoint Web Security offering reaches for the edge (SearchSecurity) Incorporating elastic cloud gateway technology, Forcepoint Web Security provides protection for the growing number of network perimeters associated with the growing corporate multi-cloud implementations. The offering grants access to content from any edge location.

3 Cool New Network Security Features in the Bricata Platform you Might have Missed - Security Boulevard (Security Boulevard) Bricata recently released a new version of its network security product with several cool new features including metadata filters, customizable dashboards and smart alert grouping.

Racing Post bolsters endpoint security with SentinelOne (Intelligent CIO Europe) Racing Post, a specialist print and online digital publisher, has protected against a growing number of cyberthreats after deploying a next-generation endpoint

Waratek Secure Debunks Industry Misconceptions of RASP Solutions (BusinessWire) Waratek launches 30-day trial and evaluation enabling businesses to test drive RASP

Felix Payment System Security Assured with Intertrust whiteCryption® (BusinessWire) Intertrust has announced a partnership to safeguard Gentek Global's Felix payment system with its whiteCryption® application shielding technology

Technologies, Techniques, and Standards

NATO set to update security requirements to counter 5G network risks (Business Standard) The topic being addressed by NATO defence ministers comes after the United States imposed restrictions on Chinese tech giant Huawei

Russia approves annual tests for national internet system (Telecompaper) Russian prime minister Dmitry Medvedev has signed a regulation on carrying out tests to support an autonomous domestic internet, reports Cnews.ru. The regulation will enter into force from 1 November.

Information Security Forum Teams with NIST to Create Online Informative References (PRLog) Information Security Forum Teams with NIST to Create Online Informative References. The Information Security Forum (ISF) has been working with the United States National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the...

How to remove human error from the cyber risk equation (Help Net Security) In attempting to fortify the enterprise’s cyber assets, we have turned much of our attention to human error. After all, the vast majority of hackers rely

Chance that flaws will ever be dealt with diminishes the longer they stick around (Help Net Security) More than half of all security findings (56%) are fixed, but a focus on fixing new findings while neglecting aging flaws leads to increasing security debt.

Design and Innovation

Pentagon Eyes Commercial 5G Experiments on Military Bases (Bloomberg Government) The Pentagon will invite companies to experiment with 5G cellular networks on military bases as the U.S. ramps up competition with China.

Cyber everywhere: Preparing for automotive safety in the face of cyber threats (Automotive News) The success of the interconnected automotive ecosystem may hinge on cybersecurity. GM's Jeff Massimilla speaks about what the company is going to protect its operations, vehicles, and consumers from cyber threats, and how the industry is moving forward in its pursuit of cyber safety.

Research and Development

Google Claims a Quantum Breakthrough That Could Change Computing (New York Times) Scientists at a company lab said they had taken a big step toward creating a machine that would make today’s supercomputers look like toys.

If Google has achieved 'quantum supremacy' it could be a gamechanger for tech (The Telegraph) It could be the working title for the next Bond movie – or possibly the scoreline in a game played at Hogwarts.

Inside Google's quantum lab as it claims a historic computing breakthrough (The Telegraph) At first sight, the future of computing looks more like an movie villain's superweapon than the history-making machine Google claims.

Google and IBM at war over claims that quantum supremacy has been achieved  (The Telegraph) In the perplexing world of quantum physics it is quite normal for matter to inhabit two places at once.

On “Quantum Supremacy” (IBM Research Blog) Recent advances in quantum computing have resulted in two 53-qubit processors

Academia

TU Announces Enhanced Cyber Program (Tulsa Public Radio) The University of Tulsa together with venture group Team8, today announced a first-of-its-kind advanced degree program to create experts in cyber R&D,

Legislation, Policy, and Regulation

Should Europe Regulate American Tech Companies? (Wired) Four technology policy experts debate whether the EU has declared war on Silicon Valley.

In Hong Kong, Which Side Is Technology On? (Wired) Both. Yes, authoritarians have co-opted tech. But the story is far from over.

How America's Cyber Strategy Could Create an International Crisis (The National Interest) The United States needs to conduct cyber operations and collect intelligence so that it can effectively anticipate and defend itself against a cyberattack.

DHS is mulling an order that would force agencies to set up vulnerability disclosure programs (CyberScoop) DHS officials may soon issue an order that would require federal civilian agencies to establish vulnerability disclosure programs.

IAB Issues Draft CCPA Framework (Cooley) The Interactive Advertising Bureau (IAB) has released for public comment the IAB California Consumer Privacy Act Compliance (CCPA) Framework for Publishers and Technology Companies. According …

House Committee Advances Bill to Expand DHS Cyber Monitoring Program (Nextgov.com) As state and local governments face rising cyber threats, the legislation would give them free access to the tools provided under the Continuous Diagnostics and Mitigation program.

FBI Updates Initiative to Protect U.S. Elections from Cyberattacks (BleepingComputer) FBI has updated and expanded the resources and tools designed to help political campaigns, private businesses, and individuals to better understand and mitigate risks posed by foreign entities' cyber intrusions and disinformation efforts during the 2020 U.S. election season.

Securing America’s Elections: Oversight of Government Agencies (Federal Bureau of Investigation) Statement by Deputy Assistant Director Nikki Floris, Counterintelligence Division, before the House Judiciary Committee

NSC Makes Cyber Security For Space Industry ‘Top Priority’ (Breaking Defense) The National Security Council, Air Force Space Command, the Missile Defense Agency, and NASA among others will share analysis about, warnings of, and potential responses to cybersecurity threats to satellites and ground stations with industry under a new public-private partnership.

White House kicks infosec team to curb in IT office shakeup (Ars Technica) Senior staffer quits over "highly concerning" lack of security practices.

Gov. Edwards announces new La. Tech initiatives in Bossier, Ruston (Shreveport Times) Gov. John Bel Edwards and Louisiana Tech University President Les Guice on Wednesday announced two economic development initiatives.

Litigation, Investigation, and Law Enforcement

Sri Lanka spy chief blamed for failures before Easter attack (Federal News Network) A Sri Lankan parliamentary committee that investigated last April’s Easter suicide bombings has concluded that the country’s spy chief is primarily responsible for the intelligence failure that led to…

Former senior Australian intelligence official charged (Federal News Network) A former senior Australian intelligence official has appeared in a court charged with breaching secrecy laws over classified documents allegedly found at his home during an investigation into…

Europol and Palo Alto Networks agree to jointly fight cybercrime (New Europe) The European Union's law enforcement agency, Europol, and the American global cybersecurity company Palo Alto Networks have signed a Memorandum of Understanding to expand their collaboration in combating cybercrime.

Edward Snowden searched CIA networks for proof of aliens (WKMG) PSA for all the Area 51 stormers, chemtrail believers and climate change deniers: Edward Snowden has searched the depths of the US intelligence networks and can report the conspiracy theories are not true.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Industrial Control Systems (ICS) Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...

PCI SSC 2019 Europe Community Meeting (Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...

Omaha Cybersecurity Conference (Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Florida Cyber Conference 2019 (Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...

National Security Leaders Symposium (Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.