The CyberWire Daily Briefing 04.07.16

Summary

By The CyberWire Staff

Investigation into the recent MedStar hack continues. MedStar has hired Symantec to find and fix the problems. The hospital chain denies anonymous reports that failure to patch known JBoss web application server vulnerabilities were implicated in the attack.

Akamai reports the Bill Gates/bot family of malware is being used by criminals to facilitate distributed denial-of-service attacks. Attackers are using SSH brute forcing for root login credentials.

Azerbaijani hacktivists hijack the Twitter account of Russia's embassy to Armenia.

The entire database of the Philippines’ Commission on Elections has been leaked. Some 55 million voters' information is exposed online.

The Los Angeles Times discloses that it's been hacked, and that access to the paper's website is for sale in the black market. The attack exploited a flaw in the WordPress installation the Times uses to manage its "events" subdomain.

Mossack Fonseca, the law firm breached in the Panama Papers case, reminds the world that it's a victim here, and that the only crime known to have been committed is the crime of hacking Mossack Fonseca. The firm has filed a complaint with Panamanian prosecutors, and tells Reuters the hack was "definitely an outside job." Iceland's got a new prime minister and is calling early elections as a result of the breach; beyond that more celebrities than political leaders seem to be named in dispatches.

Cisco has issued patches fixing vulnerabilities in several products. Adobe is preparing an emergency patch for a Flash Player bug that is being actively exploited in the wild.

Notes.

Today's issue includes events affecting Argentina, Australia, Austria, Azerbaijan, Bangladesh, Bahrain, Bolivia, Brazil, British Virgin Islands, Canada, China, Chile, Colombia, Cyprus, Dominican Republic, Ecuador, Egypt, Ethiopia, European Union, France, Germany, Guatemala, Honduras, Iceland, Indonesia, India, Iran, Iraqi Kurdistan, Israel, Italy, Jordan, Japan, South Korea, Kuwait, Kazakhstan, Lebanon, Morocco, Mongolia, Mexico, Malaysia, Netherlands, Nigeria, Niue, Oman, Panama, Peru, Philippines, Paraguay, Russia, Qatar, Saudi Arabia, Serbia, Singapore, South Africa, Spain, Sweden, Switzerland, Thailand, Turkey, United Arab Emirates, United Kingdom, United States of America, Uzbekistan and Vietnam

This morning we covered the CAMI Cyber Risk Management 360 conference here in Baltimore. Watch for our notes on Twitter; an account of the conference will accompany tomorrow's Daily News Brief.

On the Podcast

Catch the CyberWire's Podcast later this afternoon, in which we'll talk with the Johns Hopkins University's Joe Carrigan—he'll share his thoughts on last weekend's WiCyS conference.

Sponsored Events

SINET IT Security Entrepreneurs Forum (ITSEF) 2016 (Mountain View, California, USA, April 19 - 20, 2016)

Selected Reading

Cyber Trends

Is PR Hype Adding to Vulnerability Vagueness? (Recorded Future) We’re becoming used to it. Another scary vulnerability, another catchy name, another flashy logo, and a slick website to go with it. At the beginning of March a team of researchers announced that they had discovered “DROWN,” a vulnerability in HTTPS and other services that rely on SSL and TLS

Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study (Register) Get patching. Stat

One in Two Children Hide Risky Online Behavior from Parents – Kaspersky Lab Research (Tempo) In a world where the Internet and connected devices play such a big role, a major part of children’s lives goes unseen by adults, presenting parents with a difficult question: How do you ensure children are raised in a secure and safe environment without intruding on their privacy? After all, a child left alone with the Internet may encounter harmful or inappropriate content

Legislation, Policy and Regulation

U.S. begins cyberwar against Islamic State (Washington Times) U.S. Secretary of Defense Ashton Carter confirmed this week that the U.S. has begun waging cyberwarfare against the tech-savvy Islamic State terrorist group

Panama Papers: Government announces creation of 'panel of experts' (BBC) Panama is creating an international panel to help improve transparency in its offshore financial industry

Edward Snowden mocks David Cameron’s call for privacy after Panama Papers leaks (Washington Post) The dramatic impact of the Panama Papers leak — involving a huge cache of documents that allegedly detail the secret offshore holdings of the world's elite — is still being measured

Security: EU strengthens response to hybrid threats (European Commission) The European Commission and the High Representative adopted today a Joint Framework to counter hybrid threats and foster the resilience of the EU, its Member States and partner countries while increasing cooperation with NATO on countering these threats

Report: “Deeply divided” White House won’t support anti-encryption legislation (Ars Technica) Obama administration offered feedback on bill but will avoid taking position

Making the nuclear point (Indian Express) The Fourth Nuclear Security Summit brought a timely focus on the link between nuclear and cyber security

Opinion: Why trade secrets bill will deter cybercrime (Christian Science Monitor Passcode) The Defend Trade Secrets Act is another sign that the US government is finally acknowledging that an active deterrence must be a key part of any successful cybersecurity plan

N.K. cyber capabilities pose serious challenges to U.S.: cyber command chief (Korea Herald) North Korea's cyber capabilities pose serious challenges to the United States, the U.S

Homeland Security Dept. Struggles to Hire Staff to Combat Cyberattacks (New York Times) At a time of increasing threats of cyberattacks on critical infrastructure, the Department of Homeland Security is having trouble recruiting much-needed computer experts because it cannot match the pay of the private sector and does not have the same allure as intelligence agencies

DIA Selects New Deputy Director (Defense Intelligence Agency) DIA Director Lieutenant General Vincent R. Stewart announced yesterday that Melissa Drisko will become the agency’s Deputy Director effective in August 2016. Drisko currently serves as DIA’s Director for Rank-in-Person Implementation

Products, Services, and Solutions

Imperva Incapsula Security and Performance Service Now Included in the Symantec Complete Website Security Solution (Nasdaq) Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on premises, today announced that Symantec has added the Imperva Incapsula service to its Complete Website Security solution

IronScales Anti-Phishing Tech Protects Israeli Companies During #OpIsrael (Ironscales) IronScales, a leading provider of phishing mitigation technology, will be helping protect Israeli companies against ransomware and other phishing-based attacks on April 7, the day where anti-Israel foes traditionally attack the country’s businesses and government agencies

WatchGuard is Making the Internet Safer for Children Around the World (Yahoo! Finance) WatchGuard Technologies, a global leader in network security, is making the Internet safer for children around the world through its support of Friendly WiFi. Initiated by the U.K. Government and managed by the RDI Trade Organization, the Friendly WiFi initiative recognizes public places – including restaurants, shops, hotels, and transportation services – that provide secure and filtered Wi-Fi

A10 Networks' Fourth Generation of Appliances Feature the Industry's Fastest ADC in a Single Rack Unit (Marketwired) A10 Networks (NYSE: ATEN), a leader in application networking and security, today announced six new Thunder Series appliances, including the industry's fastest single rack unit ADC

XO Communications launches Site Security service to help companies protect IP connections on customer networks (BusinesWire) Offering incorporates Fortinet equipment and BAE Systems managed security services

CensorNet Launches New Unified Security Service to Provide 360 Degree Protection From Modern Threat Vectors (MarketWired) CensorNet, the complete cloud security company, today announced the availability of its Unified Security Service, CensorNet USS

Interset UTM Brings Machine Learning to Network Security Policy Best Practices (Enterprise Networking Planet) Interset's UTM platform uses machine learning to identify network security threats

Mimecast guards against whaling attacks (IT Online) Mimecast has announced general availability of Impersonation Protect, the first cloud service that directly combats the growing cybersecurity threat from whaling or CEO fraud

Verint Delivers Enhanced User Experience to Security Intelligence Solutions Portfolio (BusinessWire) Verint® Systems Inc. (Nasdaq: VRNT) today introduced strategic updates to its technology portfolio that help organizations achieve greater levels of situational awareness through the delivery of robust security and business intelligence. During this week’s ISC WEST Conference and Exhibition in Las Vegas, the company is unveiling Verint Video Tracker™, and enhancements to its Verint EdgeVMS™ solution

Time For Your Checkup: Peach Fuzzer Now Finds Security Flaws In Critical Healthcare Hardware And Software Systems (PRNewswire) World's leading enterprise fuzz-testing platform helps discover zero-day vulnerabilities in sensitive health informatics and imaging files

Nest May Offer Revolv Owners Compensation On Case-By-Case Basis (Tech Times) Alphabet-owned Nest recently revealed that it will be disabling the Revolv smart home hub on May 15, which will make the $300 device worthless

DISA approves Deep Security – Federal CISOs need to be hunters, not the hunted (Trend Micro Simply Security) Governments around the world are facing an increasing challenge to contain the threat from cyberspace

Microsoft marches forward with its security plan, releasing Cloud App Security (TechCrunch) As Microsoft works its way toward implementing the security plan that CEO Satya Nadella outlined in a talk last Fall in DC, part of that has been creating tools and part buying them. Today, it announced that Adallom, a company it bought last year was becoming generally available and renamed Microsoft Cloud App Security

Microsoft boasts that Edge is the browser to use if you want security (TechRadar) Redmond's new security stats are impressive

Singtel and Inmarsat develop cyber security solution (Marine Electronics & Communications) Inmarsat and Singapore Telecommunications (Singtel) will jointly develop a maritime cyber security solution using Trustwave’s Unified Threat Management (UTM) technology. They have entered into a strategic partnership to provide UTM services with Inmarsat hardware to ships, to protect data and reduce cyber risk for maritime companies

Technologies, Techniques, and Standards

White-Box Cryptography Gains Traction (Semiconductor Engineering) A niche obfuscation methodology is becoming more popular in cost-sensitive markets. But how good is it?

Cybersecurity Standards Tackle IoT, Evolving Cyberthreats (Legaltech News) Underwriters Laboratories launched a Cybersecurity Assurance Program aimed at providing guidance to vendors in creating safe products, and confidence in technology users

Can testing outfit Underwriters Laboratories secure the Internet of Things? (Christian Science Monitor Passcode) On Tuesday, the testing lab best known as UL – and for its stamp of approval on microwaves and TV sets – rolled out standards aimed at securing the growing number of Internet connected products

15 Experts Explain Why Software Patching is Key for Your Online Security (Heimdal Security) You’ve probably noticed this too at least once in your life: people who are passionate about their work have a way of talking about it that transmits genuine enthusiasm. When talking to these people, you get a deeper, more informed perspective on the topic under discussion

Are you failing Security Basics 101? (CIO) Patching, backups, firewall configuration … when it comes to security, make sure you take care of your infrastructure before you invest in next-level tools

How to protect your Facebook account with Two-Step Verification (2SV) (Graham Cluley) Enable Login Approvals to defend your Facebook account from hackers

Marketplace

Karamba Security raises $2.5 million to keep hackers out of connected cars (TechCrunch) GPS navigation. Entertainment systems that offer streaming music. Bluetooth door locks. As vehicles are increasingly connected to the internet, they also become vulnerable to hacker attacks

IBM (IBM) Announces Completion of Resilient Systems Acquisition (Street Insider) IBM (NYSE: IBM) Security announced it has completed the acquisition of Resilient Systems Inc., a privately held provider of incident response solutions

IBM Security targets incident response marketplace with Resilient acquisition (Business Cloud News) IBM Security has completed the acquisition of Resilient, as part of the company’s expansion in the incident response marketplace. Financial terms of the agreement have not been released

Investors Are Watching Verint as Government Spy Budgets Shrink (Bloomberg) For the past three years, Verint Systems Inc. has reaped handsome profits selling spyware to developing nations

Zscaler places strong focus on Australian market (ARN) Plans to make new hires after seeing sales and demand growth in the market

NSFOCUS Continues EMEA Expansion with Appointment of Industry Veteran (BusinessWire) Aftab Afzal will oversee new business initiatives in key markets

Cryptography Pioneer Christopher Allen Joins Blockstream (The Merkle News) Blockstream, a blockchain development firm that specializes in developing distributed ledger systems with particular use cases, announced yesterday that Christopher Allen has joined the company’s ranks

Coalfire’s Dan Fritsche Named Vice Chair of ETA’s Risk, Fraud & Security Council (BusinessWire) Council taps Fritsche’s leadership and expertise with security in payments industry

Research and Development

Turbo-charged quantum crypto? You'll need Cambridge laser boffins for that (Register) Pushing one laser beam inside another

WISeKey Granted Canadian Patent for the Digital Identification of Valuable Goods (BusinessWire) WISeKey International Holding Ltd (SIX: WIHN), announces that the Canadian Patent and Trademark Office has [on April 5, 2016], granted a new patent to WISeKey titled "Method and apparatus for digital authentication of valuable goods", that covers an invention related to the use of strong digital identification authentication provided by WISeKey which combined with OISTE.ORG allows valuable objects on the Internet to be authenticated using digital identification

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Updates (US-CERT) Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system

Emergency Adobe Flash update prepped as hackers actively exploit flaw (Graham Cluley) What's that? You're still using Flash??

Private SSH Key, Weak Default Credentials Removed From ExaGrid Appliances (Threatpost) ExaGrid has removed public-private pairings and weak, hardcoded default credentials from its disk-backup appliances

WhatsApp Encryption a Good Start, but Far from a Security Cure-All (Threatpost) WhatsApp’s addition of end-to-end encryption is a good start, but does not present users with a complete solution that protects against the prying eyes of intrusive governments and nosey third-parties

Cyber Attacks, Threats, and Vulnerabilities

Azerbaijani Hackers Hack Twitter Account of Russian Embassy in Armenia (Hack Read) A couple of days ago we reported about the ongoing cyber war between Armenian-Turkish groups while Azerbaijani hackers missing from the action. But now they are back in the news by hacking the official Twitter account of Russian Embassy in Armenia earlier this morning

Data Protection Mishap Leaves 55M Philippine Voters at Risk (TrendLabs Security Intelligence Blog) Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC)

LA Times said to be compromised, shell access offered up for sale (CSO) Based on the images released, it looks as if the person responsible has full access to the newspaper’s servers

Panama law firm says data hack was external, files complaint (Reuters via Business Insurance) The Panamanian lawyer at the center of a data leak scandal that has embarrassed a clutch of world leaders said on Tuesday his firm was a victim of a hack from outside the company, and has filed a complaint with state prosecutors

Iceland government appoints new PM, to call early elections (Reuters) Iceland's government named a new prime minister and called for early elections in the autumn on Wednesday, a day after Prime Minister Sigmundur David Gunnlaugsson quit to become the first global politician brought down by the "Panama Papers" leaks

Austrian bank's CEO quits after Panama Papers reports (Reuters) The chief executive of Hypo Landesbank Vorarlberg, an Austrian lender mentioned in the massive "Panama Papers" data leak, has become one of the first top bankers to quit over reports based on those files

Will the Panama Papers change cyber practices? (CRN) Security professionals assess the wreckage

Maryland hospital: Ransomware success wasn’t IT department’s fault (Ars Technica) MedStar denies ransom payment, denies earlier JBoss bugs played role

MedStar disputes report it ignored warnings that led to attack (Baltimore Sun) MedStar Health is disputing a report that the hospital company should have known as early as 2007 about weaknesses in its system that contributed to a massive cyberattack that encrypted its files

Android malware discovered on Google Play has infected millions of users with spyware (International Business Times) Russian security researchers have discovered a Trojan for Android that contains malware and spyware features hidden in 104 Android apps on the Google Play store. It has been downloaded over 3.2 million times already onto victims' devices

Bill Gates/bot malware family used to launch DDoS attacks (SC Magazine) The Bill Gates/bot family of malware continues to be used to facilitate distributed denial of service (DDoS) attacks, allowing bad actors to seize full control of infected systems, according to a threat advisory from Akamai's Security Intelligence Research Team (SIRT), which ranked the risk factor as “high”

Ginormous POST Flood Spells BIG Trouble for Hybrid DDoS Protection (Incapsula) To work on the Incapsula team at Imperva is to be exposed to DDoS attacks all of the time

This Is What Happens in a DDOS Cyber Attack (Fortune) [Video of a DDoS attack in progress.]

Official-sounding calls about an email hack (Division of Consumer and Business Education, FTC) There’s a new twist on tech-support scams — you know, the one where crooks try to get access to your computer or sensitive information by offering to “fix” a computer problem that doesn’t actually exist. Lately, we’ve heard reports that people are getting calls from someone claiming to be from the Global Privacy Enforcement Network

IRS Warns Washington D.C., Maryland, Virginia Residents of New Phishing Scam Targeting National Capital Area (IRS) As reports of phone scams as well as email phishing schemes continue across the country, the Internal Revenue Service warned taxpayers of a new phishing scam targeting Washington D.C., Maryland and Virginia residents

FBI: $2.3 Billion Lost to CEO Email Scams (KrebsOnSecurity) The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates these scams have cost organizations more than $2.3 billion in losses over the past three years

FBI’s Randall Coleman: Economic Espionage Part of ‘Hybrid Threat’ Picture (GovConWire) The FBI‘s number of investigations into possible economic espionage on U.S. businesses has increased by 53 percent within the past year, a top bureau official told the Potomac Officers Club Wednesday

DHS: Risk of destructive cyberattack on grid 'low' (The Hill) The risk that nation-state hackers will launch a destructive cyberattack on the U.S. grid is low, according to a Department of Homeland Security intelligence assessment leaked by the research project Public Intelligence

Kinder, gentler hacks: A bevy of low-stakes early computer breaches (CSO) Today, IT security is a deadly serious business. But in the early days of computing, the stakes were a bit lower

Academia

Cyber security growing field for University of North Georgia (Gainesville Times) Because cyber security is a growing concern for the country’s defense and for private business, the University of North Georgia is emphasizing its courses in the field and planning for more programs

Pearson and Capella University Partner to Issue Digital Badges, Demonstrating Growth of Badging and Connecting Higher Education to Employability (BusinessWire) Capella University and Pearson announced today a collaboration to issue digital badges for students completing the online university’s National Security Agency (NSA) and Department of Homeland Security designated master’s program. Capella University is one of the first online universities to leverage Pearson’s Acclaim digital badging platform to signal to employers the professional skills and competencies its students have gained through coursework and certificate programs

Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes (Dark Reading) New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course

Litigation, Investigation, and Enforcement

FBI says hack tool only works on iPhone 5c (CSO) FBI Director James Comey said the FBI bought the tool

Will recycling the San Bernardino iPhone hack put consumers at risk? (Christian Science Monitor Passcode) Now that the FBI has unlocked the San Bernardino iPhone, there's a new public debate over how to responsibly disclose vulnerabilities the government finds. Security pros say that once a technical flaw is announced, it must be patched quickly – but law enforcement may be able to reuse them in future cases

FBI, DEA and ICE are top Cellebrite customers so far in 2016 (Computerweek) Here's a list of the government customers of Cellebrite so far in 2016

HackingTeam’s global export license revoked (Help Net Security) The Italian Ministry of Economical Progress (Il Ministero dello Sviluppo Economico – MISE) has revoked HackingTeam’s licence to export their Galileo remote control software outside of the EU

Spy Tool Ruling Inches the Stingray Debate Closer to the Supreme Court (Wired) When a Maryland appeal’s court recently ruled that police were wrong to use a secretive cell-phone tracking device known as a stingray without a warrant, civil liberties groups cheered over the clear privacy message the three-judge panel sent to law enforcement

Couple hosting Tor exit node raided by cops investigating child abuse (Naked Security) Jan Bultmann and David Robinson, a married couple from Seattle and well-known privacy activists in that city, were awakened early one morning last month by police with a search warrant for their home

Design and Innovation

IBM Combines Blockchain Technology With Artificial Intelligence To Virtually Turn Back Time (International Business Times) IBM wants to combine blockchain’s distributed ledger technology with its artificial intelligence arm to make the billions of smart devices connected to the internet safer, and by doing so it would allow virtual time travel by letting regulators rewind to the point when the problem occurred and see just what happened

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing and security professionals.The Spring Conference is the leading Information Systems IT governance, control, security and assurance event for the Southern California area.

ISSA LA Eighth Annual Information Security Summit (Universal City, California, USA, May 19 - 20, 2016) The ISSA-LA Information Security Summit is the only educational forum in the great Los Angeles area specifically designed to attract an audience from all over Southern California as a means to encourage participation and interaction among all three vital information security constituencies: (1) business executives, senior business managers, and their trusted advisers; (2) technical IT personnel with responsibility for information systems and the data they contain; and (3) information security practitioners with responsibility for ensuring the security of sensitive information. Training and Reception on Thursday - Forums and Sessions on Friday.

ISS World South Africa (Johannesburg, South Africa, July 10 - 12, 2016) ISS World South Africa is the world's largest gathering of Southern Africa Law Enforcement, Intelligence and Homeland Security Analysts as well as Telecom Operators responsible for Lawful Interception, Hi-Tech Electronic Investigations and Network Intelligence Gathering. ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the Internet.

upcoming Events

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts so that you can win the battle against a wide range of cyber adversaries who want to harm your digital environment

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products. With over 1,000 exhibitors and brands, spanning hundreds of product categories, it's the Must-Attend event for the global security industry. ISC West is where the security community gathers to see new products and technologies first, to network with other security professionals, and to stay on top of emerging security risks with cutting edge education

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event designed to help keep Maryland’s businesses cyber secure and connect them with Maryland’s cybersecurity providers. Join us for an information-packed cybersecurity panel discussion followed by a business exchange and networking hour during which attendees can visit sponsor and MD cybersecurity company exhibits.

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information security officers and privacy managers to discuss current developments and best practices in cybersecurity and privacy protection. The conference is aimed at identifying innovative strategies that integrate legal, managerial and technical approaches to managing cyber and privacy risks. Join us to connect and engage with leading experts who will address cyber and privacy risk-management strategies, regulatory compliance, civil litigation following high-profile data breaches, law enforcement cooperation and information-sharing models, incident-response and cyber-risk insurance.

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based Security is the must attend symposium of its kind in 2016 on this critical new reality.

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per month, and 66% of these breaches take up to a year to be discovered. With over 200,000 new malicious programs created daily, what are agencies doing to fight off cyber attacks and keep systems secure? This interactive working breakfast panel will share best practices and solutions.

Workforce 2.0: How to Cultivate Cybersecurity Professionals (Baltimore, Maryland, USA, April 12, 2016) Please join Passcode along with White House Chief Information Officer Tony Scott and other leading figures in digital security to explore the newest ideas and approaches to close the cybersecurity skills gap. At the event, Passcode will also launch its new Security Culture section that will unpack and illustrate the far-reaching and increasingly important role that digital security plays in daily life.

Threat Hunting & Incident Response Summit 2016 (New Orleans, Louisiana, USA, April 12 - 13, 2016) The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit to learn these skills directly from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.