The CyberWire Daily Briefing 11.23.15

Summary

By The CyberWire Staff

Reviews of ISIS cyber capabilities (including its jihad helpdesk and cyber operations manual) continue, with derision from Wired, Krebs, and others. Reviews of ISIS information operations, however, are much less derisive: here, at least, the Caliphate is regarded as displaying considerable marketing savvy (and information operations are essentially marketing in battledress). The messaging is brutal in the extreme — do remember, in the face of the temptation to regard the Internet with the disinhibition appropriate to video games, that actual murder is committed therein — but its appeal to the target demographic seems undeniable. Much of the carnage ISIS commits is done with an eye to messaging (and many observers see rival Al Qaeda's strike in Mali last week as an attempt to regain terrorist mindshare).

It's proving difficult to move ISIS off social media accounts, pace the large claims of Anonymous, which Ars Technica sees as conducting a predictably indiscriminate campaign of account reporting.

Someone claiming to represent Anonymous warned of massive ISIS terror actions Sunday. These didn't materialize, and Anonymous says it doesn't know who issued the warnings. Other adherents of the collective claim to have attacked German media (for showing Anonymous insufficient respect) and Japan's Health Ministry (for unclear reasons). It's only fair to note the difficulty of crediting an anarchist collective with policy or programs, as distinct from shared sympathies, so criticisms of Anonymous for lack of focus may be harshly founded on unreasonably high expectations.

Cybercrime hasn't stopped: see individual stories of evolving threats to online commerce.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, France, Germany, Iraq, Japan, Morocco, Russia, Syria, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

Data Manipulation, Non-State Actor Intrusions Are Coming Cyber Threats (Eurasia Review) Two specific emerging challenges are among those that concern Navy Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency

NIST's Ron Ross: Ways to Build More Secure Networks (Washington Executive) What can organizations do to build more secure networks and systems?

Cybersecurity and the Manufacturing Mindset (Automation World) As the network infrastructure evolves to include more connected systems and smart devices, so must a company's security strategy. The move is on to a built-in vs. a bolt-on model, which requires an ecosystem of technology partners and an eye toward business

Businesses Freeze Compliance Budgets, Despite Growing Need (News Factor) Nearly half of businesses have static compliance budgets and rely on labour-intensive manual processes, despite 72% of organisations now viewing compliance as a priority

How online fraud will evolve in 2016 (Help Net Security) While 2015 is drawing to a close, the security fraud community is preparing for more battles ahead in 2016

Cyber security reports paint grim picture of holidays and upcoming year (Examiner) On Nov. 18 the FBI's Internet Crime Complaint Center (ICCC) warned law enforcement and public officials of increased cyber attack threats

Australians among world's worst malware victims — but the death of APTs signals worse times ahead (CSO) Australian users remain among the world's most likely to click on malicious links, new industry research suggests — but if you thought things were bad now, hold onto your hats: security specialists warn that 2016 is likely to make things even worse as growing desire to commercialise the spoils of data breaches drives a transformation in the way attackers launch already-insidious advanced persistent threats (APTs)

New report gives Canada a 77% grade for cybersecurity readiness (Canadian Underwriter) Canada has received an overall ranking of 77% — "C+" — for its cybersecurity readiness, according to a new report from Tenable Network Security, a continuous network monitoring company based in Columbia, Md

Legislation, Policy and Regulation

Security Council calls for eradicating ISIL safe havens in Syria and Iraq (UN News Centre) The United Nations Security Council this evening called on all countries that can do so to take the war on terrorism to Islamic State-controlled territory in Syria and Iraq and destroy its safe haven, warning that the group intends to mount further terror attacks like those that devastated Paris and Beirut last week

Obama Raises Doubts Russia Will Join Coalition Against Islamic State (Wall Street Journal) U.S. president hopes to find out whether Russia will shift focus to combat extremists in next few weeks

Pentagon pressing allies for more help against Islamic State (AP via Yahoo! News) The Pentagon is pressing European and Arab allies to provide more troops and support for the war against the Islamic State group, hoping that the horror of the Paris attacks — and the fear more are coming — will compel them to get more deeply involved

EU Officials Debate Intel Agency, Other Security Steps After Paris Attacks (Defense News) The European Commission has called for the establishment of an EU-wide intelligence agency in the wake of the Nov. 13 Paris attacks

Transnational threats demand cooperation, not spying on each other: Verizon (ZDNet) Rather than having the nations of the world spying on each other to prevent international terrorism, Verizon general counsel Craig Silliman says a new paradigm on security cooperation needs to be introduced

Ministers 'too often assume they predict security threats' (Herald Scotland) Ministers too often believe they can predict future security threats to the UK, despite the lessons of history, a powerful group of MPS warn today

Influencers: Paris attacks don't justify government access to encryption (Christian Science Monitor Passcode) Even as the Paris attacks rekindle the encryption debate between Washington and Silicon Valley, a strong majority of Passcode Influencers said tech companies should not provide law enforcement a solution to decrypt communications to pursue terrorists

Rand Paul: 'Bull– – – –' to ramp up NSA surveillance post-Paris (The Hill) Sen. Rand Paul (R-Ky.) says claims the government needs to ramp up surveillance in the wake of the Paris attacks are "bull– – – –"

Mass Surveillance Isn't the Answer to Fighting Terrorism (New York Times) It's a wretched yet predictable ritual after each new terrorist attack

Would Stronger Encryption Benefit Terrorists? (Information Security Buzz) Intelligence agencies have stepped pressure for encryption backdoors and weaker encryption in the wake of the Paris bombing

National Counterintelligence and Security Center Releases National Counterintelligence Strategy (Office of the Director of National Intelligence) The ODNI's National Counterintelligence and Security Center released the 2016 National Counterintelligence Strategy of the United States of America. The strategy, which was approved by President Obama, sets forth how the U.S. Government will identify and disrupt foreign intelligence entity threats

China 'Vulnerable' in Cyberspace, US Cyber Chief Warns (Defense News) The head of US Cyber Command said China is as vulnerable to cyber attacks as any other nation, offering a veiled suggestion that further malicious hacks by the Chinese could result in reprisals in the cyber realm

Foster specialized staff to fend off cyber-attacks (Yomiuri Shimbun via the Japan News) The government's move to strengthen its measures against cyber-attacks on municipalities was prompted by its strong desire to curb the public's uncertainty regarding the My Number system

Interstate swatting bill would jail crank callers for 5 years to life (Naked Security) About a year ago, the National Report threw social media into an uproar when it published an article about a teenager who'd been convicted on terrorism charges for swatting, and sentenced to a prison term of 25 years to life

Products, Services, and Solutions

How OpenDNS Predicts Attacks When Hacker Infrastructure Is Cheap and Plenty (Cisco Blogs) On Thursday OpenDNS announced two new data science models that detect clues to an attack, and then find the attacker's entire infrastructure

PwnBin: A script for scraping Pastebin for leaked API keys, SSH credentials (Help Net Security) Pastebins, apart from being a great help for programmers as they offer a place where one can store text online for a set period of time and share it with others, are also loved by hackers who often use them to leak stolen credentials — mostly usernames and passwords to popular online services, but also other types of sensitive credentials

Technologies, Techniques, and Standards

German Government Audits Truecrypt (Threatpost) TrueCrypt continues to fascinate even though it hasn't been updated in more than a year and has been cleared of backdoors in more than one extensive audit

Introducing 'RITA' for Real Intelligence Threat Analysis (Dark Reading) SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems

Defining a Cyber Breach Workflow Is Key, and Expensive (Financial Executives International Daily) Financial executives facing a cyber breach will find themselves in a spiral of legal, technical and public relations landmines, but a workflow can be put in place to manage even the most catastrophic events, said John Reed Stark, keynote speaker at Financial Executive International's Current Financial Reporting Issues conference in New York

Security experts: Every business should have a security and encryption policy (Tech Republic) Two experts from security firms explain the basics of why your business needs a security and encryption policy

Cyber crime: Protecting your business (Director) How can SME owners protect their company and its data from hackers, cyber crime and other cyber attacks?

Retailers: beware of pitfalls in your card payment function (Lexology) What card payment rules must a retailer operating in the United States follow?

Economic Espionage: The Global Workforce and the Insider Threat (IBM Security Intelligence) It isn't natural to think of your colleagues, be they in the next cubicle or across the globe, as a threat — and most aren't

A data breach can cost you everything (CNA Chicago) Imagine you're preparing for your second round of funding and Brian Krebs calls you asking if you were aware your company had been hacked

Does Anyone Really Care about a Data Breach? (PR Week) TalkTalk got hacked, sensitive info was stolen, customers were furious and shareholders fled to the hills. How bad will it turn out to be?

One Size Does Not Fit All in Security Threat Response (Infosecurity Magazine) Even though the security technology industry is awash with excellent products, it was not providing adequate focus on the people who use them and the companies they work in

Marketplace

Threat and vulnerability management market revenue to reach $5.3 billion (Help Net Security) Data trends show that the global threat and Vulnerability Management (VM) market is expected to grow from US$5.3 billion in 2015 to $8.6 billion in 2020, according to ABI Research

S&P: Cyber Joins Climate Change as Risk To Corporate Credit Ratings (Digital Guardian) The rating agency warned investors that cyber crime and breaches could result in unforeseen downgrades in credit ratings

Underwriters address cyber issues (Business Insurance) Industry struggles with integrating coverage

Phishing, Attacks Top Data Concerns of Law Firm CIOs (American Lawyer) Detection and deflection: It may seem like an old boxing adage, but what it really stands for, as our 20th annual technology survey finds, is law firms' re-engineered approach to security

A Look at What Security Vulnerabilities Are Worth (eWeek) Over the years, many vendors and security researchers have attempted to put a price on the value of a vulnerability

Microsoft Is Ready To Compete For Seven-Figure Cybersecurity Deals (Forbes) The worldwide cybersecurity industry is defined by market sizing estimates that range from $77 billion in 2015 to $170 billion by 2020

Cybersecurity Expert: I'd Rather Hack Amazon Than Microsoft (Venture Capital Post) It seems Amazon may be the more favored site for hackers now and no longer Microsoft

HP Post Split Quarter Another Key Barometer for Tech; M&A Strategy a Focus for the Street (FBRFlash) Tomorrow after the bell Hewlett Packard will be reporting its first quarter post split and will be a focus for tech investors to get a better sense of the IT spending environment heading into year-end/2016 and importantly a pulse of HP Enterprise's strategic plans going forward around M&A

NTT Com Security and Didata tie-up plans unveiled (ChannelWeb) NTT wants to acquire 100 per cent stake in NTT Com Security and unite its security platform with those of three other brands

CyberArk: A Growth Stock Worth Having In Your Portfolio (Seeking Alpha) CyberArk Software posted outstanding 3QFY15 earnings on November 4 evening, beating both top-line and bottom-line estimates

Forget FEYE, Buy This Value in Cybersecurity Stocks (Investor Place) Cybersecurity still has a place in your portfolio, and Cisco proves it

CME Ventures invests in cyber security firm (Crain's Chicago Business) Futures exchange operator CME Group's venture arm has made another investment, this time in a cyber security software company with roots in Israel

Cybersecurity Sector's Biggest Challenge (It's Not The Hackers) (PYMNTS) The security certification and industry body (ISC)² predicts that 6 million security professionals will be needed by both the public and private sectors by 2019. Unfortunately, only 4.5 million of those experts will have the necessary qualifications

Saudi citizens well equipped for careers in cybersecurity (MENAFN) According to a new survey commissioned by Raytheon Company and the National Cyber Security Alliance (NCSA) adults and youths in the Middle East region are more confident in their knowledge of and education in cyber-related issues than in the rest of the world and feel they have a good understanding of the elements involved in cybersecurity

Brocade names security CTO and Fellow (Network World) Nahari comes over from NVIDIA; Meyer moves up from service provider CTO

Security Patches, Mitigations, and Software Updates

Crimestoppers finally revamps weak crypto. Take your time guys (Register) Poor rating due to out-of-date SSLv2 protocol

Cyber Attacks, Threats, and Vulnerabilities

ISIS' OPSEC Manual Reveals How It Handles Cybersecurity (Techworm) After the gruesome Paris attacks, there have been various reports of varied use of Internet by ISIS for propagating its ideology as well as coordinating its deadly terrorist attacks. While some reports state that ISIS used encrypted channels of communication like the PlayStation 4 and Telegram, other reports state that they used plain vanilla unencrypted SMS to communicate with each other and coordinate the attacks

ISIS operation security guide gives insight into group's cybersecurity practices (Help Net Security) Do ISIS terrorists use encryption, and if so, what tools do they favour?

Several cyber security to protect your account in the social–networking Twitter (ISIS via Wired) When you enter the network Twitter through the browser always make sure you enter the correct site Twitter.com

ISIS Jihadi Helpdesk Customer Log, Nov. 20 (KrebsOnSecurity) From NBC News come revelations that ISIS has its very own web-savvy, 24-hour Jihadi Help Desk manned by a half-dozen senior operatives to assist foot soldiers in spreading their message far and wide. My first reaction to this story was disbelief, then envy (hey, where the heck is my 24/7 support?). But soon enough I forgot about all that, my mind racing with other possibilities

Inside the surreal world of the Islamic State's propaganda machine (Washington Post) The assignments arrive on slips of paper, each bearing the black flag of the Islamic State, the seal of the terrorist group's media emir, and the site of that day's shoot

ISIS: Terror Has Gone Social [Infographic] (ZeroFOX) ISIS has built a sophisticated and effective online propaganda engine, exploiting many mainstream networks such as Facebook, YouTube, Twitter, Telegram, WhatsApp, Diaspora and LinkedIn. Their efforts resemble a well-oiled marketing department, employing experts in PR and design to ensure a legitimate appearance

Why Facebook and Twitter Can't Just Wipe Out ISIS Online (Wired) Given that ISIS and other terrorist organizations have proven adept at using social media to disseminate propaganda and incite fear, it seems obvious that platforms like Facebook and Twitter would aggressively and mercilessly delete such content and ban those who post it

Isis loss of 'caliphate' could fuel terror attacks abroad (Guardian) Paris attacks followed a wave of setbacks and loss of territory could make the group more dangerous

ISIS Releases Another Kill List of US Military and Security Officials (Hack Read) ISIS has unveiled list of U.S. officials who are on their target — the list includes names of both current and former government officials and military personnel

Anonymous Has Shutdown 28,000+ ISIS' Twitter Accounts Since OpParis Began (Hack Read) The online hacktivist Anonymous shut down 8824 Twitter accounts of ISIS members + followers in the first phase of OpParis — In the second phase the hacktivists claim to shut down more 20,000 twitter accounts — 20,000 + 8824 = 28,824

"Who's ISIS?" Anonymous' #OpParis campaign against Islamic State goes awry (Ars Technica) Anon mass-reporting of Twitter accounts submits thousands with no ISIS connection

Anonymous Says ISIS Plans Attacks Against 'Paris And The World' Sunday (International Business Times) UPDATE 4:45 p.m. EST: Anonymous later posted a tweet saying that it did not know where rumors of the planned attacks originated

'Spying' on Islamic State instead of hacking them (BBC) In the wake of the Paris attacks, the vigilante hacker group Anonymous has declared war on so-called Islamic State using the internet and claims to have shut thousands of Twitter accounts used by IS operatives. But a much smaller online group has also emerged, with quite a different strategy — and they claim they've already thwarted at least one terror attack

France sees rise in cyberattacks surrounding Paris bombings (Daily Dot) France has suffered a sharp increase in malicious cyber activity over the past few days, but it remains unclear if the rise in cyberattacks is related to the Nov. 13 terrorist attacks in Paris

Fake terror alert emails spread malware (Graham Cluley) Researchers have uncovered malicious emails that are spoofing terror alerts from law enforcement agencies in order to trick users into downloading the Jsocket remote access troja

Japan probes possible cyber attack by Anonymous on health ministry website (Xinhua) The website of Japan's Health, Labor and Welfare Ministry remained inaccessible as of Saturday Afternoon after the government confirmed the website initially went down Friday night

CLAIM: 'Anonymous' Cyber Attack On Major German Language News Sites (Breitbart) Several major German language news websites are offline today, and 'hacktivist' collective 'Anonymous Deutschland' have claimed responsibility, stating the cyber attack was in revenge for German media being rude about them

Why "Just an XSS" Doesn't Fly on Social Media (ZeroFOX) If you have been following the security industry for a while, you are probably familiar with the "it's just a XSS" mentality of vulnerabilities and bugs

Serious Security Problem with Amazon; How Is This Even Possible? (Kirkville) This morning, I went to my Amazon account to turn on two-step verification

Uh-oh. Has an Amazon account security problem been uncovered? (Graham Cluley) Tech journalist Kirk McElhearn appears to have stumbled across a disturbing security problem on Amazon

Android adware tricks users into giving it power to secretly download other apps (Help Net Security) Earlier this month Lookout revealed the existence of three adware families — Shuanet, ShiftyBug and Shedun — that secretly root Android devices and are extremely difficult to remove

Vonteera Adware Uses Certificates to Disable Anti-Malware (Malwarebytes Unpacked) Vonteera is an adware family that has been around for years. They stand out from the rest because of their very intrusive changes to the affected systems, which is why you will see them classified as Trojan by some anti-malware solutions

Patreon users threatened by Ashley Madison scammers (CSO) DD4BC alters tactics and targets a new group of users

Starwood Hotels Warns of Credit Card Breach (KrebsOnSecurity) Starwood Hotels & Resorts Worldwide today warned that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale cash registers at some of the company's hotels in North America

Banks: Starwood Breach Not Isolated (BankInfoSecurity) Issuers suspect another large hotel chain also attacked

How close could Britain be to a cyberterrorist attack? (Telegraph) It may sound unlikely now, but novelist and security and terrorism expert Boris Starling reveals exactly how deadly cyber-threats could close in

After Paris, new worries over electrical grid attack (USA Today) The potential for a devastating attack on the U.S. electricity grid remains high on the minds of utility and government leaders, especially in light of the deadly terrorist actions in Paris on Nov. 13

Energy industry under cyber-attack (Kallanish Energy) A major high-pressure, interstate pipeline's sensors show nothing is wrong — as crude oil spews barrels of product in the middle of "nowhere"

Many embedded devices ship without adequate security tests, analysis shows (IDG via CSO) A large scale security test of firmware images for embedded devices easily found thousands of vulnerabilities

Hackers can use vulnerabilities in 'Internet of Things' devices to hit your home (IBN Live) It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market

Holiday scams that will be donning your inbox soon (CSO) Every year someone falls for something that is just too good to be true. Make sure your users are up to date on the latest social engineering scams this holiday season

Sony CEO Reflects On Immobilizing Cyberattack 1 Year Later (NPR) One year ago this month, Sony suffered a cyberattack perpetrated by North Korean hackers. NPR's Ari Shapiro talks to Sony Entertainment CEO Michael Lynton about how the company has recovered

Prototype Nation: Emerging Innovations in Cybercriminal China (TrendLabs Security Intelligence Blog) Cybercrime doesn't wait for anything or anyone

Bulletin (SB15-327) Vulnerability Summary for the Week of November 16, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

New cyber security major aims for ethics (Guilfordian) As society endures the joys and complications of technological advancement, the ethical dilemmas we face remain

Litigation, Investigation, and Enforcement

In the face of "serious and imminent" threats, the lockdown in Brussels shows no signs of abating (Quartz) Brussels, the administrative capital of the EU and home of several of the attackers who killed 130 in Paris last weekend, is on high alert for a third day

Obama to Pentagon: 'Get to the bottom' of altered Islamic State intelligence (USA Today) President Obama said Sunday he has told top military officials to "get to the bottom" of reports that intelligence assessments have been altered to give a rosier assessment of progress in turning back the Islamic State

Did the Pentagon Cook the Books on Its Afghanistan Intel? (Foreign Policy) The military has been accused of fudging the numbers in the fight against the Islamic State. Congress wants to know if it did with the Taliban too

There's a booming black market for fake Syrian passports (Washington Post) The terrorist who blew himself up outside the Stade de France had fingerprints matching that of a man who arrived on European shores Oct. 3 alongside desperate migrants who had crossed over from Turkey, according to French and Greek officials

Russian Cybergangs Stole Some $790 Million Over 3 Years (Dark Reading) More than $500 million of that is from victims located outside the borders of the former USSR, Kaspersky Lab reveals

New Pentagon Website Can Tell If You Were Hacked by China (Nextgov) This story has been updated with new details from OPM about the timeline for postal mail notification and the official launch date of the new site

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Energy Tech 2015 (Cleveland, Ohio, USA, November 30 - December 2, 2015) Now in its 5th year, EnergyTech 2015 seeks the convergence of the best minds in policy, systems engineering and applied technology to address some of the critical issues of our time. In addition to its strong systems and technology focus, this year's theme, "Securing Our Energy Future" will address broad policy issues and big picture topics related to Energy and Critical Infrastructure. Experts from Industry, Academia, and Government present a wide range of perspectives on these challenges

cybergamut Technical Tuesday: It's a Target Rich Environment: Understanding the IIoT Attack Surface (Elkridge, Maryland, USA, December 1, 2015) The Internet of Things (IoT) has received an incredible amount of press as of late. But, most of that has been associated with consumer electronics in the form of wearables and home monitoring devices like the Nest Thermostat. While those are worthwhile markets, the majority of the money will be involved with machine-to-machine communications in the Industrial Internet of Things (IIoT). What is the nature of the IIoT? How is it different from the consumer IoT? And, what makes it such a big target? In this session, Mike Anderson of The PTR Group will discuss the flow of data from the edge devices to the cloud and why the big industry players like Intel, IBM and others are so interested in this market

IoT Security Foundation Conference (London, England, UK, December 1, 2015) The is the first official conference of IoTSF. It follows on from the IoT Security Summit earlier in the year, maintaining the momentum of the theme. Delegates can expect a similar level of quality of talks as we move from illustrating problems to exploring solutions

Public Sector Cybersecurity Summit 2015 (Reston, Virginia, USA, December 1 - 2, 2015) The Raytheon|Websense 6th Annual Public Sector Cybersecurity Summit is a unique opportunity to learn about the state of cybersecurity and how to prepare for future threats from many thought provoking government and industry leaders across Defense, Intelligence, Federal, Civilian, State and Local Government, Industry and the broader Cybersecurity Community

Enterprise Security and Risk Management (London, England, UK, December 2, 2015) Whitehall Media's 4th ESRM conference will bring together hundreds of leading InfoSec, cyber security and risk management professionals to discuss the latest industry developments and identify the most pressing security risks of tomorrow. The event offers unrivalled networking opportunities and insights on how to design, implement and embed

Cargo Logistics America (San Diego, California, USA, December 2 - 3, 2015) Cargo Logistics America (CLA) connects freight owners with freight movers, fostering multimodal synergy between diverse stakeholders in import, export and domestic supply chains. This year's conference will have a heavy cyber security component

NG Security Summit US (Austin, Texas, USA, December 2 - 4, 2015) The NG Security Summit US will bring together 65 senior decision makers and business leaders from across the region. The event aims to solve key business challenges. In particular, the ability to network and learn from industry peers through essential business conversation. Working in partnership with our network of senior executives we identify the key industry themes. These form the foundation of our summit and permeate every layer of the content-rich program. These three core themes represent the business critical challenges driving your conversations at the summit: (1) Governance, Risk and Compliance, (2) Processes and Technology, and (3) Identity and Access Management

Cyber Security Opportunities for U.S. Firms in Japan, S. Korea, and Taiwan (Online, December 2, 2015) Listen to experts from Japan, S. Korea and Taiwan and learn how to position your company for success in these countries. Sponsored by the US Department of Commerce

Program on Cyber Security Studies (PCSS) (Garmisch-Partenkirchen, Germany, December 2 - 17, 2015) The Marshall Center has developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security. Our goal is to provide a comprehensive, policy-focused, non-technical cyber security program that emphasizes and teaches senior key leaders how to best make informed decisions on cyber policy, strategy and planning within the framework of whole-of-government cooperation and approaches

Cyber Security Breakdown: Washington DC (Washington, DC, USA, December 3, 2015) This half day session will provide you with the critical information you need to start formulating an effective response in the eventuality of a cyber security event. Rather than try and handle the breach during the chaos of the event, you'll understand how to build in advance, the best practices to respond effectively. Attend the Cyber Security Breakdown event that is focused on the unique issues and threats facing legal professionals

Cloud Security Alliance Summit Los Angeles 2015 (Los Angeles, California, USA, December 3, 2015) The full day Cloud Security Alliance LA Summit is a standalone event in the greater Los Angeles area. Hosted by the CSA LA/SoCal chapter, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from entertainment and other key industries. Wendy Frank, Chief Security Officer and Leader Content Security Program at Motion Picture Association of America, will deliver the keynote address

2015 Cyber Security Exchange (Orlando, Florida, USA, December 6 - 8, 2015) This dynamic, three-day event will provide Cyber Security executives with valuable insights to reach their full potential by exploring security leadership strategies, heightened data privacy concerns, the ever-changing advanced threat landscape, efficient identity access management and more

Disrupt London 2015 (London, England, UK, December 7 - 8, 2015) TechCrunch Disrupt is one of the most anticipated technology conferences of the year. Join us at this iconic startup and thought leadership event in London on December 7 and 8. What happens at Disrupt? We start each day with panels and one-on-one discussions featuring TechCrunch writers and editors, special guest speakers, leading venture capitalists and fascinating entrepreneurs addressing the most important topics facing today's tech landscape. Each afternoon, we host the Startup Battlefield competition which culminates in six finalists taking the stage at the end of the event for a shot at winning the Disrupt Cup

Passwords 2015 (University of Cambridge, England, UK, December 7 - 9, 2015) More than half a billion user passwords have been compromised over the last five years, including breaches at internet companies such as Target, Adobe, Heartland, Forbes, LinkedIn, Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar remain the most prevalent method of personal authentication. Clearly, we have a systemic problem. This conference gathers researchers, password crackers, and enthusiastic experts from around the globe, aiming to better understand the challenges surrounding the methods personal authentication and passwords, and how to adequately solve these problems. The Passwords conference series seek to provide a friendly environment for participants with plenty opportunity to communicate with the speakers before, during, and after their presentations

ACSAC (Annual Computer Security Applications Conference) (Los Angeles, California, USA, December 7 - 11, 2015) ACSAC is one of the most important cyber security conferences in the world, and the oldest information security conference held annually. Researchers, government representatives, academia and security professionals of all types gather at ACSAC to discuss the latest developments in the infosec industry. The core mission of this conference is investigating practical solutions for computer security technology. This year's edition will especially focus on security and privacy in the Internet of Things era

NSA RCTCON (Fort Meade, Maryland, USA, December 9, 2015) The NSA RCTCON industry exposition will be attended by 250-300 IC (Intelligence Community) cyber personnel working on solutions to the current cyber threats that face the U.S

SANS Institute: Information Security Training (Las Vegas, Nevada, USA, September 12 - 21, 2015) Information security training in Las Vegas from SANS Institute, the global leader in information security training. At SANS Network Security 2015, SANS offers more than 40 hands-on, immersion-style security training courses taught by real-world practitioners. The site of SANS Network Security 2015, September 12 - 21, is Caesars Palace, the majestic Las Vegas hotel

cyberSecure (New York, New York, USA, December 15 - 16, 2015) Today's business leaders recognize that a multi-disciplinary approach is critical to protecting the bottom line. What's too often missed is a vision that incorporates best practices that allow you add value to your company and shareholders DURING and POST breach. Enter ALM cyberSecure. A unique professional event providing an all-encompassing view and the relationships necessary to protect enterprises during all phases, across all departments while keeping revenue on track

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.