The CyberWire Daily Briefing 05.23.16

Summary

By The CyberWire Staff

ISIS returns to inspiration in cyberspace, calling for lone wolf attacks in Europe and the US (should you, jihadi, be unable to reach Syria) and stepping up recruiting in India (by promising vengeance for 2002’s riots in Gujarat). The US, meanwhile, is running an info ops campaign (in the form of both physical leaflets and social media image-sharing) designed to undermine ISIS’s hold on its nominal capital, Raqqa, Syria.

Palo Alto’s Unit 42 reports that Operation Ke3chang has resurfaced, now with new TidePool malware. Ke3chang’s targets are mostly Indian diplomats. No attribution, but Unit 42 does see some signs that point to China.

Last week a gang coordinated the theft of some ¥1.44 billion (about $12.7 million) from ATMs in Japan. The gang used forged payment cards. Whether necessary data were obtained from skimmers or some other hack is still unknown.

SWIFT and the banks who use it are working to ward off further attacks like those that looted the Bangladesh Bank earlier this year. Various banking authorities—notably in Hong Kong and the UK—also move to ensure that their wards increase vigilance.

In industry news, IBM plans another round of layoffs. Investors continue to wonder whether recent rough times for cyber stocks represents a buying opportunity. Many think so.

Indonesia and Japan announce plans to establish new cyber security agencies.

US and British officials receive advice from industry: UK insurers want a national database of cyber incidents. US startups tell Congress data security (read, encryption) makes us strong.

Notes.

Today's issue includes events affecting Australia, Bangladesh, China, Ecuador, India, Indonesia, Iraq, Japan, Kosovo, Syria, United Kingdom, United States and Vietnam

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the week. Today we'll get an update from the Johns Hopkins University's Joe Carrigan on his ongoing efforts to keep his Mom from being hacked. And our guest is Paul Paget, CEO of Pwnie Express, who'll describe the dangers posed by accidental rogue devices on your network. (If you enjoy the Podcast, please share your enjoyment with an iTunes review.)

Sponsored Events

Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016)

Selected Reading

Cyber Trends

No Silver Bullet Will Kill Cybersecurity Threats (Forunte) Time spent on compliance might be better spent actually doing something about security

Contactless payment market to reach $17.56 billion by 2021 (Help Net Security) The contactless payment market is expected to grow from USD 6.70 Billion in 2016 to USD 17.56 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 21.2%, according to new MarketsandMarkets researc

Middle East companies suffer more cyber-attacks than any other region (Step Feed) Companies in the Middle East are more likely to suffer from cyber-attacks than the rest of the world’s regions, according to a recent study conducted by the Middle East branch of Pricewaterhouse Coopers, one of the world’s four leading professional services firms

UK computers under Cyber criminals’ attacks (The Windows Club News) Microsoft’s News Center in UK recently reported the growing attacks on UK computers by the cyber criminals. As technology is advancing, cyber criminals too are getting smarter. As a result, the incidents of cyber crime is increasing across the globe. And now the activities of cyber criminals are increasing in the UK

Legislation, Policy and Regulation

What Europe Tells Us About The Future Of Data Privacy (Dark Reading) Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering

Japan Set to Develop Elite White Hat Agency (Infosecurity Magazine) The Japanese government is set to create a new agency tasked with recruiting a crack team of white hats and conducting cybersecurity R&D ahead of the 2020 Olympics, it has been revealed.

National Cyber Agency to Begin Operations Next Monthi (Jakarta Globe) The government will soon officiate a national body aimed at protecting all of its institutions from wiretappings, a senior minister has said

Insurers push for creation of cyber attack database (Fiancial Times) The head of the Association of British Insurers has called on the government to create a database where companies would have to record details of cyber attacks

Startups to Congress: Strong data security keeps us competitive (TechCrunch) Twilio recently had the opportunity to meet with members of Congress and their staff who have taken on the difficult task of balancing security and privacy. We were struck by the sincere desire to understand how actions proposed by those in Washington impact smaller technology businesses

Senators take aim at ‘armies of zombie computers’ (Cybersecurity Dojo) A group of senators this week introduced reworked legislation to combat botnets, which transmit computer viruses, after the measure failed to make it into the major cybersecurity bill passed late last year. The reintroduced bill, from Sens. Lindsey Graham (R-S.C.), Sheldon Whitehouse (D-R.I.) and Richard Blumenthal (D-Conn.), would expand the authority of law enforcement and the courts to crack down on botnets

Lawmakers push to make U.S. Cyber Command a top military command (Baltimore Sun) Officials and business leaders in Maryland are backing a proposal to elevate U.S. Cyber Command to a unified combatant command — one of 10 charged with carrying out missions around the world — a move they hope will bring prestige and more jobs to the state

Marine cyber warriors will mess with their enemies' heads (Marine Corps Times) Psyching out their adversaries will be one of the best ways Marines will dominate future battlefields, the general in charge of the Marine Corps’ cyber warfare command says

Dateline

Jailbreak IoT Security Summit (The CyberWire) Jailbreak Brewing hosted the latest of its security summits at its home in Laurel, Maryland on May 20, 2016. The topic this time around was Internet-of-things security, and the presenters—all industry experts—addressed automotive vulnerability research, the history of industrial control system malware (and its uses in the wild), wireless vulnerabilities, the use of OSINT to inform vulnerability research, hacking security cameras, and the way forward for testing IoT systems

The Internet of Things: IoT Security Talks and Craft Beer (Jailbreak Brewery) The world's only security summit held at a production brewery. Join some of the world's best embedded system security researchers as they talk about home automation, wireless protocols, and other IoT-related security topics at the only computer security event held at a production brewery. Attendance is limited to 100 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors

Products, Services, and Solutions

F-Secure launches service against targeted cyber attacks (First Post Tech 2) European cyber security provider F-Secure on Friday launched a new intrusion detection and incident response service to uncover cyber attack threats in the corporate network

Why people like Edward Snowden say they will boycott Google’s newest messaging app (Washington Post) Google this week announced a new messaging app with strong encryption, meaning that your communications can’t be wiretapped. But there’s a catch: You have to turn on that feature yourself

Technologies, Techniques, and Standards

Hong Kong Monetary Authority Strengthens Cybersecurity Controls on Banks (Data Protection Report) The Hong Kong Monetary Authority (HKMA) is taking action to tackle cyber security in the banking sector in Hong Kong through the Cybersecurity Fortification Initiative (CFI) – a new comprehensive initiative announced on May 18, 2016, which aims to raise the level of cybersecurity of the banks in Hong Kong. This follows the Hong Kong Securities and Futures Commission’s (SFC) similar initiative of issuing the Circular to All Licensed Corporations on Cybersecurity (see our previous post)

TheCityUK report on cyber attack (Lexology) TheCityUK has published a report on how to make the UK financial and professional services sector more resilient to cyber attack

Making the financial sector more resilient to cyber attack (Help Net Security) Firms across the financial and related professional services industry need to take urgent action on cyber risk, according to a new report from TheCityUK and Marsh

Angry advertisers hope to seal fate of online ad fraud (IDG via CSO) The Certified Against Fraud Program hopes to put an end to online ad fraud

More options to defeat ransomware (Network World via CSO) A researcher talks about ways to cut short attacks, protect files from encryption

How to negotiate when hackers are holding you to ransom (Wired) According to online-security giant Symantec, over $4 billion in ransom money was paid to hackers in 2013

Blockchain technologies: A key tool for data management? (Help Net Security) Blockchain technologies (the technical foundation for Bitcoin) hold great potential to solve government’s long-term challenge of establishing clear rules about who has control over specific types of information

Microsoft outlines new policies for dealing with terrorist content (GeekWire) The threat of terrorism has escalated the age-old battle between national security and individual rights — and technology companies are often caught in the crosshairs

HPE Exec: How to Disrupt the Business of Hacking (eWeek) A Hewlett Packard Enterprise executive details how hacking now has an organized business model and suggests steps to make it less profitable for hackers

Where Should Security Keys be Kept in the Cloud? (eSecurity Planet) The use of cryptographic keys is a linchpin of modern security. When it comes to the cloud, there is some debate as to where those keys should exist and how their placement impacts cloud security

Companies need to deal with the enemy inside the gates: EY India's Nitin Bhatt (Economic Times) Organisations today face cyber threats that are not just external, but also internal, as attackers figure out ways to compromise sensitive data, including IP and critical infrastructure, companies need to do a lot more to protect against them, Nitin Bhatt , national leader & risk advisory partner, EY India, told ET's Neha Alawadhi in an interview

Why organisations should care about security culture (IT Pro Portal) We spoke to Kai Roer, an award-winning author and CEO & Co-Founder of CLTRe, about the concept of IT security culture and why organisations should care about its impact

Blueprint: Evolving Security for Evolving Threats in Payments (Converge! Network Digest) At this point in the history of cyber security, it seems like the eternal optimism of “it couldn’t happen to me” is the only reason consumers by the millions haven’t abandoned the digital life and gone back to cash-only transactions. Huge-scale data breaches persist, snatching more and more personal data. Retailers certainly want to protect their customers and their reputation, but are they really doing all they can?

Marketplace

Will utilities will drive IoT security market growth? (ReadWrite) Utilities will be among the sectors rushing to keep their fast-growing Internet of Things (IoT) systems safe from hackers will drive growth in the IoT security market by 55% between 2016 and 2020, according to a new study

Reimagining the Cybersecurity Profession (US News and World Report) How can policymakers and industry make cybersecurity a hot profession?

IBM Starts Another Round of Job Cuts (Fortune) The layoffs are just the latest by the tech giant. IBM’s woes continue as it struggles to reinvent itself in a fast-changing technology industry

3 of the Most Undervalued Tech Stocks Today (Motley Fool) It's not often that tech shares sell on the cheap. Here are three great, and extremely undervalued, options

3 Things Palo Alto Networks Inc Needs to Do to Win Back Investors (Motley Fool) The data security provider is growing by leaps and bounds, but shareholder’s rollercoaster ride won’t end until a few areas improve

Should You Consider FireEye After Post-Earnings Selloff? (Guru Focus) Stock looks cheap despite lack of profitability and bad quarter

A year ago, General Dynamics sold its commercial cyber business. Here's where that company is now. (Washington Busines Journal) It’s been a little more than a year since Falls Church-based General Dynamics Corp. (NYSE: GD) shed its commercial cybersecurity division

'Everyone acting like an owner is a key part of our DNA,' James Chappell, Digital Shadows (Management Today) The booming cyber security start-up has raised more than $20m and is expanding into the US

Shift to cyber warfare will bring economic growth, other changes to Augusta area, experts say (Augusta Chronicle) Shifting national defenses to a cyber-warfare footing means some big changes, but what will be most obvious to Augustans is the increased economic activity, experts say

California’s tech industry is headed toward a new frontier (Sacramento Bee) California technology companies are poised to take the lead in developing new anti-drone and gun safety tools for the federal government – adding another layer of complexity to the West Coast industry’s relationship with East Coast intelligence agencies

Vendors experience disruption with growing cloud security market (IT Pro Portal) With increasing threats from hackers, cloud security providers are under immense pressure. Vendors as well as security teams are experiencing disruption

Corero Network Security Wins USD300,000 Order From US Mobile Firm (Alliance News via London South East) Corero Network Security PLC on Monday said it has won a USD300,000 order for its SmartWall Threat Defense System from an unnamed US mobile network operator

Duo Security expands into European data centres ahead of EU data regulations (Financial News) Duo Security has expanded into data centers in Frankfort, Germany and Dublin, Ireland to serve customers in European companies mitigate risk in advance of the GeneralData Protection Regulation (GDPR) set to go into effect in 2018, the company said

Cybersecurity firm opens headquarters in Eldersburg (Carroll County Times) Carroll County officials turned out Friday to welcome the county's latest entry in the high-tech government contracting arena, with the official ribbon cutting of the new corporate headquarters of Applied Technology Group in Eldersburg

Cyber Attacks, Threats, and Vulnerabilities

Islamic State group leader urges attacks in Europe and US (AP) An Islamic State group spokesman has urged sympathizers in Europe and the U.S. to launch attacks on civilians there if they are unable to travel to the group's self-declared caliphate in Syria and Iraq

The Islamic State Is Now Trying to Convince India's Muslims to Come Join the Caliphate (Vice News) In an attempt to appeal to India's Muslim minority, the Islamic State (IS) has released a video that says the group's fighters are planning to avenge the deaths of hundreds of Muslims who were killed during riots in Prime Minister Narendra Modi's home state of Gujarat in 2002

How Kosovo Was Turned Into Fertile Ground for ISIS (New York Times) Extremist clerics and secretive associations funded by Saudis and others have transformed a once-tolerant Muslim society into a font of extremism

The U.S. military is trying to psych out ISIS by letter bombing its capital in Syria (Military Times) Warning of a major attack on the Islamic State group's capital, aircraft flying over the Syrian city of Raqqa on Friday dropped thousands of leaflets urging residents to flee

Criminals stole $12.7 million from ATMs in Japan (Help Net Security) In the early morning hours of May 15, 2016, a group of over 100 people executed coordinated, fraudulent ATM withdrawals that netted them about 1.44 billion yen

Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network (Reuters) Shortly after 7 p.m. on January 12, 2015, a message from a secure computer terminal at Banco del Austro (BDA) in Ecuador instructed San Francisco-based Wells Fargo to transfer money to bank accounts in Hong Kong

Second Bank Suffers Cyber-Theft via SWIFT, Third One Counters Heist Just in Time (Softpedia) Vietnamese and Ecuadorian banks see SWIFT-based attacks

Swift Banking Network Struggles With Wave of Cyberattacks (Wall Street Journal) Gaps in security standards and poor communication about breaches have exposed vulnerabilities of the global money-transfer network

SWIFT asks its customers to help it end a string of high-profile banking frauds (IDG via CSO) The company has promised an update to its security guidelines soon, following criticism of outdated practices

Operation Ke3chang Resurfaces With New TidePool Malware (Palo Alto Networks) Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool

Over half of enterprise Android users are vulnerable to QSEE flaw (Inquirer) Security Outfit Duo Security has let off a warning about the Qualcomm Secure Execution Environment (QSEE) vulnerability and its threat to enterprise users with Android phones

SS7 Vulnerability Isn’t a Flaw — It Was Designed That Way (IBM Security Intelligence Blog) A television news magazine recently ran a segment showing how German Chaos Computer Club (CCC) members could use the telephone network to access the voice data of a mobile phone, find its location and collect other information. All involved professed shock that such a thing could happen, and Democratic Rep. Ted Lieu of California even called for a congressional investigation about it

Crooks Used SQL Injections to Hack Drupal Sites and Install Fake Ransomware EXCLUSIVE (Softpedia) Drupal sites locked with new strain of Web ransomware Unknown attackers are leveraging a two-year-old vulnerability in Drupal installations to break into sites and install Web-based ransomware that hijacks the website's main page but fails to encrypt any files

Nine Days Later, Flash Zero-Day CVE-2016-4117 Already Added to Exploit Kits (Softpedia) CVE-2016-4117 spotted in Magnitude exploit kit attacks. It took crooks less than two weeks to weaponize the most recent Flash zero-day, which they're now using as a module inside the Magnitude exploit kit

Bug Hunter Found Ways to Hack Any Instagram Accounts (Hacker News) How to hack an Instagram account? The answer to this question is difficult to find, but a bug bounty hunter just did it without too many difficulties

Audit Finds 'Hostile Probes,' Breaches of Weather Satelite System (Nextgov) The nation's weather satellite program over the course of a year suffered 10 data security incidents, including unauthorized access and probes by adversaries, according to a congressional auditor

Pavlok electric shock wristband could be security risk (IT Pro) The wristband that supposedly stops over-spending could be hacked according to Kaspersky Lab

Another college website hacked, cyber cops to inquire (New Indian Express) The website of Tulasi Women’s College in Kendrapara was hacked by Vietnam hacking team on Friday

Teacher’s Email Hacked, Distributes Porn to Staff, Students and Parents (Hack Read) Dear teachers, be careful and protect your emails because you never know what your students are capable of!

Hacktivists Shut Down Donald Trump Hotel Collections Website (Hack Read) Remember the ruthless DDoS attackers from Ghost Squad who previously shut down websites of several banks, Loyal White Knights of the Ku Klux Klan (KKK) and Black Lives Matter (BLM) movement? They are back with yet another attack and this time the target is none other than American presidential Candidate and billionaire Donald Trump

Academia

Raytheon awards Women's Cybersecurity Scholarships (PRNewswire) Partnership with Center for Cyber Safety and Education seeks to close the gender gap in cybersecurity workforce

Augusta University Cyber Institute recognized by NSA and DHD (News Channel 6) The Augusta University Cyber Institute is just shy of a year old, but it’s already gaining national attention

Litigation, Investigation, and Enforcement

It's Not ‘Malware’ When We Have a Warrant, FBI Says (Motherboard) The FBI has been in the hacking business for a long time, famously using malware to log suspects' keystrokes as early as the 1990s. But in the high-profile case surrounding a dark web child abuse site called Playpen, the Bureau is arguing that because it was authorized by a warrant, its computer intrusion code shouldn't be called “malware” at all

Snowden: NBN leaker raids a 'misuse' of Australian Federal Police (Register) NSA nemesis says Australia's surveillance state is even nastier than the USA's

Design and Innovation

Behavior is the new authentication: A look into the future (Help Net Security) In the next few years organizations will face extreme IT security challenges. Hackers are targeting humans instead of machines. All the most costly cyber attacks (APTs, ransomware) are a result of employees or third party providers’ privilege misuse, and executing a social engineering attack is easier than finding zero days

IBM Looks To Watson To Fight Online Criminals And Filter The Flood Of Security Data (Fast Company) The company will be teaching the AI tool to read security advisories and advise system administrators on keeping out hackers

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

upcoming Events

HITBSecConf2016 Amsterdam (Amsterdam, the Netherlands, May 23 - 27, 2016) The event kicks off with all new 2 and for the first time, 3-day training sessions held on the 23rd, 24th and 25th. Courses include all new IPv6 material by Marc 'van Hauser' Heuse of THC.org, an in-depth LTE and telecomms security course by Founder of Telecomm Security Task for and for the very first time in Europe, Rift Recon's The Art of Escape — a course that teaches you how to escape an attempted kidnapping, move through a city unnoticed and much more

Enfuse 2016 (Las Vegas, Nevada, USA, May 23 - 26, 2016) Enfuse is a three-day security and digital investigations conference where specialists, executives, and experts break new ground for the year ahead. It's a global event. It's a community. It's where problems get solved. Attend Enfuse to take your work—and your career—to a whole new level. Learn more about the change from CEIC to Enfuse in our FAQ.

Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) Those lawyers who ignore cyber threats are risking millions of dollars for their companies or their clients. Recent reports by Cisco and the World Economic Forum both highlight the paramount importance of cyber risk management. The Cybersecurity Law Institute will give you insights into the latest information and strategies. You have an important role to play in cybersecurity leadership, especially in keeping corporate officials and the board of directors informed. Too often, well-meaning officials don't know what they don't know! At our Institute you will receive insights on the best governance, preparedness, and resilience strategies from experienced government officials, general counsels, and cybersecurity practitioners who face these issues on a daily basis

4th Annual Cybersecurity Law Institute (Washington, DC, USA, May 25 - 26, 2016) At our 4th annual Institute, in the capital where cybersecurity regulations and enforcement decisions are made, you will be able to receive pragmatic advice from the most knowledgeable legal cybersecurity professionals in the country. These experts, from private practice, the government and corporate worlds, will share proven tips, valuable lessons learned and insightful prognostications about the year ahead. You owe it to your clients and yourself to attend the only law school-sponsored CLE program in the country that is devoted 100% to cybersecurity legal developments.

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game. The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided.

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.