The CyberWire Daily Briefing, 10.10.19

Summary

By the CyberWire staff

Europol's 2019 Internet Organized Crime Threat Assessment is out. Ransomware remains the biggest criminal problem, and organized crime continues to defraud e-commerce and financial organizations. As gangs become more "audacious" and sophisticated; Europol wants to enhance its ability to investigate crimes touching the dark web and cryptocurrencies.

US NSA Director Nakasone said yesterday that the first priority of NSA's new Cybersecurity Directorate will be to shore up the defenses of the Defense Industrial Base (DIB), with particular attention paid to securing the companies in the DIB from intellectual property theft, MeriTalk reports.

A study of code snippets available in Stack Overflow confirms that quality control is a small but real problem. But apparently developers tend to think the propagation of such vulnerabilities is an acceptable cost when balanced against the benefits of fast coding and project completion.

A US Defense Intelligence Agency analyst has been charged with two counts of willful transmission of national defense information. The Government alleges that Henry Frese gave two reporters highly classified material. The Washington Post says Mr. Frese was interested in advancing the reporters' careers. One reporter worked for CNBC, the other for MSNBC.

China is enjoying some success suppressing expressions of support for Hong Kong protesters in Western corporate circles. Apple has removed a police-tracking app used by protesters, Quartz reports, and a bipartisan group of US Senators and Representatives thinks the NBA has joined Team Beijing. CyberScoop says NSA Director Nakasone yesterday accused China of "weaponizing information" with respect to Hong Kong.

Join 300+ cyber security peers on Oct 22 in DC – Use DMV30 for 30% OFF

Notes.

Today's issue includes events affecting Australia, China, European Union, Germany, Netherlands, Russia, United Kingdom, United States and Zimbabwe

Bring your own context.

Should you be hit by ransomware (which heaven forfend) what should you do about it?

"The very first thing that is actually a little bit counterintuitive is to leave the ransomware alone, meaning don't delete the ransomware file that you double-clicked. Don't do anything with that. And the reason being is quite simple - to have a chance to get your files back, if we can't readily determine what kind of ransomware you got hit by, we will have to take a look at the actual file that you executed and that infected your system. If you deleted that file or if you got rid of it somehow, then that process becomes way, way more difficult because, in that case, we would have to try to find the ransomware file ourselves.... Now, the next step is you have to figure out kind of what kind of ransomware you got hit by. And don't trust the ransomware telling you its real name. There have been so many cases where there are copycats that try to imitate bigger and more professional campaigns. For example, like, one of the biggest ransomware campaigns was CryptoLocker, for example. There have been so many ransomware that had nothing to do with CryptoLocker that just pretended to be CryptoLocker. So don't trust anything the ransom note says. Don't trust anything the ransomware may display to you."

—Fabian Wosar of Emsisoft, on Hacking Humans, 10.10.19.

And then look for decryptors, but from security firms, not from the crooks. And, of course, take good care of your backups. You had those all along, right?

Federal cloud market projected for major growth.

According to Coalfire’s latest report on FedRAMP, U.S. agencies spent $6.5B in cloud services in FY2018, an impressive 32 percent year-over-year increase, with the vast majority of Federal cloud migration still to come. SaaS/PaaS/IaaS providers can gain access to this market with significantly less investment in both time and cost by taking advantage of automation and recent FedRAMP program updates. Learn how.

On the Podcast

In today's Daily Podcast, out later this afternoon, we speak with our partners at Dragos, as Robert M. Lee discusses the roles of regulations and incentives in securing the electrical grid. Our guest is Robb Reck from Ping Identity, sharing results from their CISO Advisory Council’s new research on securing customer identity.

See the current Hacking Humans for a discussion of ransomware, among other things. In this week's episode, "Don't trust the ransomware to tell you its real name," Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware.

And Recorded Future's Threat Intelligence podcast, produced in partnership with the CyberWire, is also up. In this episode, "Understanding Social Engineering and Maintaining Healthy Paranoia," Rosa Smothers, senior vice president of cyber operations at KnowBe4, joins the show to share her career experience, which includes over a decade in the CIA.

Sponsored Events

Cyber Security Summits: October 3 in NYC and October 17 in Scottsdale (New York City, New York, United States, October 3, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The U.S. Department of Justice, The FBI, Google, IBM, Darktrace, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com

The 6th Annual Journal of Law and Cyber Warfare Symposium (New York, NY, United States, October 17, 2019) The 6th Annual Cyber Warfare Symposium features discussions around emerging cybersecurity issues, focusing on cyber warfare and how companies can respond to cyber-attacks. Use discount code CyberWire50 for 50% off. Email info@jlcw.org for a chance to receive a complimentary ticket.

IMAGINE, A MISI salon-style bespoke dinner event (Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.

NXTWORK 2019 (Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (SecurityWeek) The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a recent campaign.

Microsoft Identifies Targeted Attacks on Presidential Campaign, Government Officials (Decipher) An attack group known as Phosphorus that is linked to the Iranian government has targeted email accounts of U.S. government officials and people associated with a presidential campaign.

Copy-and-paste sharing on Stack Overflow spreads insecure code (Naked Security) It’s the time-saving technique employed by many coders – copy and paste code from crowd-sourcing ‘Q&A’ websites. But is it always secure?

An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples (Arxiv) Software developers share programming solutions in Q&A sites like Stack Overflow. The reuse of crowd-sourced code snippets can facilitate rapid prototyping. However, recent research shows that the shared code snippets may be of low quality and can even contain vulnerabilities.

European risk report flags 5G security challenges (TechCrunch) European Union Member States have published a joint risk assessment report into 5G technology which highlights increased security risks that will require a new approach to securing telecoms infrastructure. The EU has so far resisted pressure from the U.S. to boycott Chinese tech giant Huawei as a 5…

Member States publish a report on EU coordinated risk assessment of 5G networks security (European Commission) Today, Member States, with the support of the Commission and the European Agency for Cybersecurity published a report on the EU coordinated risk assessment on

Human Rights Activist Allegedly Targeted With NSO Malware Says His Life Is ‘Hellish’ (Vice) Amnesty International details attacks against two Moroccan human rights activists allegedly carried out with NSO Group’s spyware.

Dutch website hack reveals data of 250,000 sex workers' clients: report (Netherlands Times) The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members' data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, who exchange tips, reviews and experiences in the sex industry. The problem extends beyond clients of sex workers. Sex workers themselves are also active on the website. They also may want to not be known as a sex worker with their real names.

Cookie monster eats data from Sesame Street store (BBC News) Malicious software has been stealing credit card details from thousands of online stores, say researchers.

PVH reports cyber attack (Gallipolis Daily Tribune) Pleasant Valley Hospital (PVH) recently released information regarding a reported cyber attack.The statement read as follows:

Monroe superintendent talks progress, cyber attacks at MCS Update Luncheon (KNOE) On Wednesday, Monroe City School Superintendent Dr. Brent Vidrine gave the keynote address at the district's annual update luncheon. Vidrine spoke about the district's progress in 2019, and also addressed the recent cyber attacks

DTExpo: "I know I can't hack a bank, but I can hack a person," says ethical hacker (Computing) Why hack your way in when you can simply talk your way in?,Security,Leadership ,Security,ethical hacker,DTExpo

Security Patches, Mitigations, and Software Updates

Signal immediately fixed FaceTime-style eavesdropping bug (Naked Security) Remember the FaceTime bug that allowed a caller to eavesdrop on your phone? Researchers just discovered another – this time in Signal.

Cyber Trends

2019 Healthcare Industry Report on Cyberattacks Released (Proofpoint US) Few industries can claim a mission more critical, data more sensitive, or operations more complex than healthcare. Unfortunately, these characteristics mean healthcare companies are challenging to protect. Cyberattacks expose personal health data. Ransomware shuts down emergency rooms. Fraudulent emails defraud business associates, patients, and clinical staff. These threats hurt the healthcare industry’s ability to care for patients.

Sila and Ponemon Institute Study Finds Rampant Lapses in Securing Access to Sensitive Information (Yahoo) Sila Solutions Group, a North American technology and management consulting firm, in partnership with the Ponemon Institute, a leading research organization on data protection and emerging information technologies, today released the results of The 2019 Study on Privileged Access Security. The primary

Global Survey Reveals How Cyber Security Teams Measure Success, Secure Budget and Minimize Stress (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25...

Spiceworks Study Reveals Aging Technology Infrastructure and Growing Security Concerns Will Drive IT Budget Increases in 2020 (PR Newswire) Today at SpiceWorld 2019, Spiceworks announced its annual 2020 State of IT study examining technology budget...

2020 State of IT: Tech Budgets, Trends, and Purchase Drivers (Spiceworks) Based on a survey of 1,000+ IT decision makers, the annual State of IT uncovers how businesses are spending their technology budgets. Find out what's driving budgets to increase in 2020.

Cybercrime is maturing, shifting its focus to larger and more profitable targets (Help Net Security) The Europol's annual assessment of the cybercrime threat landscape highlights the persistence and tenacity of a number of key threats.

Why CEOs Of SMBs Make Easy Cyber Targets (Forbes) Most small and midsize businesses will experience a cyberattack this year, but few CEOs have a clue what to do.

Research: SMB Cyberattacks Spike, Getting More Sophisticated (Channel Partners) Attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication, and nearly half of the survey respondents described their organization’s IT security as ineffective, with 39% reporting they have no incident response plan in place.

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey (SecurityWeek) A survey of over 1,700 individuals in the utilities sector shows that 56% have reported at least one shutdown or operational data loss, and 54% expect an attack on critical infrastructure in the next year.

The State of USB Data Protection 2019 pt. II (Apricorn) Data protection is critical across industries – but the obstacles to ensuring it are more challenging than ever.

Most Americans Fail Cybersecurity Quiz (Threatpost) Study participants fail to correctly identify core security concepts and tools to help them stay safe online.

“Disconnected” CISOs struggling to assert security’s relevance to the business (CSO) Stressed-out security practitioners feel distanced from business strategy, unsupported by executives

Marketplace

Melbourne cyber conference organisers pressured speaker to edit 'biased' talk (the Guardian) After two speakers were banned, a third says organisers tried to edit his presentation

Berlin-based EMnify snags €8 million Series A for IoT security SaaS (Tech.eu) EMnify, a German startup based in Berlin and Würzburg, announced its existing investors have funded an €8 million Series A round to help scale the company’s unique Internet of Things cloud technology. EMnify provides a SaaS product that allows users to securely operate IoT data networks around the world. In fact, the company claims to …

Akamai Technologies Accelerates Development of Solution to Protect Websites from Magecart and Credit Card Skimming with Planned Acquisition of ChameleonX (Seeking Alpha) Akamai Technologies, Inc. (AKAM), the intelligent edge platform for securing and delivering digital experiences, today announces that the company has entered into an agreement to acquire ChameleonX, an Israel-based company with a unique solution to protect websites from an increasingly publicized and insidious form of attack that entails credit card skimming and user credential theft via malicious or compromised third-party scripts.

Defence hands Data#3 $80 million for Microsoft licences (CRN Australia) New three-year deal for software licences and assurance services.

UK Specialist Insurer Acquires Texas Cyber Response Co. (Law360) Specialist cyber insurer CFC Underwriting Ltd. announced Tuesday that it has bought Texas-based Solis Security, which provides incident response services.

Artificial Intelligence Startup SparkCognition Raises $100 Million in Additional Funding (SiliconHills) SparkCognition announced Tuesday that it has raised $100 million in additional VC funding. March Capital Partners led the Series C round. To date, the Austin-based startup, founded in 2013, has raised $175 million. “In a short few years, SparkCognition has proven itself to be one of the leading industrial AI companies in the world,” Sumant …

Duo Security Founder Dug Song on Building a Unicorn (Middle Market Growth) On the podcast, Dug Song spoke about the origins of Duo, the decision to sell to Cisco, and how Duo helped draw venture capital investors to Michigan.

FireEye: Struggler (Seeking Alpha) FireEye released preliminary Q3 numbers above previously reduced guidance. The numbers aren't impressive for a slow-growing company generating limited free cash

VMware says channel can feast on Carbon Black (CRN Australia) Acquisition formally closes and creates new VMware security BU.

Zscaler: Eye-Watering Valuation Clouds Business Potential (Seeking Alpha) Zscaler recently announced several initiatives including a partnership with CrowdStrike and three new products. The company's competitive differentiation lies i

Acronis SCS Launches SCSVets Initiative as It Opens Arizona-based Headquarters (Yahoo) Acronis SCS, a leading American cyber protection and edge data security company, yesterday opened its new headquarters in Scottsdale, Arizona. The company welcomed many state and local dignitaries, partners, employees, veterans and community members for

Ascent adds cyber duo to meet rising North America demand (Insurance Day) Double underwriting hire reflects "strong demand for cyber products in North America"

Products, Services, and Solutions

Rohde & Schwarz Cybersecurity and Pradeo launch a unified application security offer (Rhode & Scwarz) Rohde & Schwarz Cybersecurity and Pradeo, leaders of IT security and mobile security respectively, are shedding the light today on a joint offer, dedicated to protecting web and mobile applications with an end-to-end approach.

Tech Data Forms Partnership with Akamai Technologies to Provide Defense-in-Depth Capabilities (BusinessWire) Tech Data Forms Partnership with Akamai Technologies to Provide Defense-in-Depth Capabilities

Accellion and FireEye Collaborate to Prevent Cyber Attacks From Crippling Critical Business Operations (Yahoo) Accellion, Inc., provider of the secure content communication platform that prevents data breaches and compliance violations from third.

Nerds on Site Launches CyberSecurity Incident Response (Yahoo) Nerds On Site Inc. ("NERDS" or the "Company") (NERD.CN) (3NS.F) (OTCQB: NOSUF), a mobile IT solutions company servicing the SME marketplace, launches its CyberSecurity Incident Response, designed to address cyberattacks with minimal damage, recovery

10 Hot New FireEye Tools Unveiled At FireEye Cyber Defense Summit (CRN) From automating attack simulations to monitoring malicious content in real-time to finally running on AWS, here’s a look at 10 of the most interesting FireEye tools debuting at FireEye Cyber Defense Summit 2019.

FireEye is partnering with a leading cloud security company (Technical.ly DC) The Reston-based cyber company is partnering with iboss to bring its network security offerings to the iboss cloud platform.

Technologies, Techniques, and Standards

Internal security operations centers in large companies halve the financial impact of data breaches (Business Review) Companies with an internal security operation center (SOC) estimate the financial damage caused by a cyber attack at USD 675,000, which represents less

If you have a security alert, I feel bad for you, son – you got 99 problems but a hack ain't one (Register) Nearly all admin warnings are false alarms, says Kaspersky, and that's not a bad thing

Stories from the front line: The secrets of the Red Team revealed (IT PRO) White hat hackers expose why firewalls and phishing-awareness aren't enough in the face of a motivated attacker

MSPAlliance Develops Cyber Risk Rating for Cloud and Managed Service Providers (PR Newswire) The International Association of Cloud & Managed Service Providers (MSPAlliance®) today announced that is has...

Think Safety When Using Social Media (Forbes) One of the biggest problems people make with social media is a desire to connect with seemingly the entire world.

Design and Innovation

How Blockchain Will Solve Some of IoT's Biggest Security Problems (SecurityWeek) Because blockchain can process millions of transactions accurately and in the right order, it can protect the data exchanges happening between IoT devices.

Research and Development

NIST is Hunting for Tech to Secure the Energy Sector’s Network (Nextgov.com) Officials want to help power companies bolster their digital defenses as renewable energy resources like solar panels and wind turbines introduce more vulnerabilities to the grid.

Academia

Kentucky Cybersecurity Program Receives National Accolade (Government Technology) Owensboro Community & Technical College's computer and IT program has been named a National Center of Academic Excellence in Cyberdefense Education by the National Security Agency and the Department of Homeland Security.

UTD-Backed Research Center Gets NSF Designation (Dallas Innovates) The Center for Hardware and Embedded Systems Security and Trust has been designated a National Science Foundation Industry-University Cooperative Research Center.

Legislation, Policy and Regulation

Apple pulls police-tracking app used by Hong Kong protesters after consulting authorities (Reuters) Apple Inc has removed an app that helped Hong Kong protesters track police movem...

Apple bowed to China by removing a Hong Kong protests map from its app store (Quartz) The real-time, crowd-sourced map was accused of being used in ways that "endanger law enforcement and residents in Hong Kong."

China lashes out at Western businesses as it tries to cut support for Hong Kong protests (Washington Post) China has long been sensitive about its image at home, controlling what it allows Western businesses and its own citizens to say or do there. Now, however, with Hong Kong in its fourth month of street protests, China is increasingly imposing the same strictures on what’s said about it beyond its borders.

NSA director rebukes Beijing for 'weaponizing' disinformation in Hong Kong protests (CyberScoop) NSA Director Gen. Paul Nakasone issued a rebuke Wednesday of China' recent efforts to spread disinformation online about protests in Hong Kong.

[Letter to NBA Commissioner Silver] (Congress of the United States) Commissioner Silver, We are writing to express our deep concern...

Russia's Disinformation War Is Just Getting Started (Wired) The Internet Research Agency specifically targeted African Americans, and has not stopped trying to influence elections, a Senate intelligence report says.

Pressure mounts in UK to take action over blacklisted Chinese CCTV firm (The Telegraph) Demands are mounting for an official inquiry into NHS and council contracts with a Chinese CCTV firm blacklisted for allegedly spying on persecuted Chinese Muslims.

Trump Green-Lights Some Sales to Huawei (New York Times) The administration plans to issue licenses allowing some American companies to sell nonsensitive products to Huawei, despite its placement on a U.S. blacklist.

Melbourne cyber conference organisers pressured speaker to edit 'biased' talk (the Guardian) After two speakers were banned, a third says organisers tried to edit his presentation

Senators Peters, Johnson, Wyden and Cotton Letter to OMB FASC (Washington Post) Dear Director Mulvaney, We are writing to urge the Federal Acquisition Security Council (FASC) to develop a strategic plan for sharing supply chain security information with Congress and the judiciary...

NSA Chief: DIB is New Cybersecurity Directorate’s First Focus (MeriTalk) Army Gen. Paul Nakasone – who heads both the National Security Agency and U.S. Cyber Command – said today that the first focus of NSA’s recently launched Cybersecurity Directorate will be to shore up protection of companies that make up the nation’s Defense Industrial Base (DIB), and specifically to prevent the theft of intellectual property from DIB companies.

Exclusive: DHS seeks subpoena powers to identify vulnerable systems (TechCrunch) Homeland Security’s cybersecurity division is pushing to change the law that would allow it to demand information from internet providers that would identify the owners of vulnerable systems, TechCrunch has learned. Sources familiar with the proposal say the Cybersecurity and Infrastructure S…

Analysis | The Cybersecurity 202: There's a fight brewing over Homeland Security's push for subpoena power (Washington Post) DHS says it wants to prevent attacks. Privacy advocates see overreach.

EDITORIAL COMMENT: Cyber criminals must be severely punished (The Chronicle) Cabinet on Tuesday approved the Cyber Crime, Security and Data Protection Bill. The proposed law will cover a whole range of issues in relation to the utilisation of cyberspace.

Litigation, Investigation, and Enforcement

EU Looks to Tweak Method for Compiling Dirty-Money Blacklist (Wall Street Journal) The European Union is working on a new approach for flagging countries with weak anti-money-laundering laws after the bloc’s previous attempt to create a blacklist failed earlier this year.

Bank of England fires warning shot at Facebook over Libra digital currency (The Telegraph) Facebook's new digital currency must meet the highest standards if it is to go ahead, the Bank of England has said in a significant hardening of its position.

Facebook CEO to Testify at House Panel About Libra (Wall Street Journal) Facebook CEO Mark Zuckerberg is slated to return to Capitol Hill this month to testify before a House panel about the company’s foray into cryptocurrency.

Mark Zuckerberg to testify in US over Libra cryptocurrency (The Telegraph) Mark Zuckerberg will testify about Libra, the cryptocurrency he is building, this month after he was summoned by a committee of US politicians.

Henry Kyle Frese Accused of Leaking Docs to Amanda Macias (Heavy) Henry Kyle Frese is the Pentagon analyst who is accused of leaking documents related to North Korea and China to CNBC's Amanda Macias and another reporter.

Intelligence agent arrested for spilling secrets to journalists (New York Post) The feds busted a Defense Intelligence Agency worker Wednesday for leaking classified national defense information to two journalists in 2018 and 2019 — one of whom he was shacking up with. Henry K…

Mississippi Audit: Agencies Not Complying with Cybersecurity Law (Government Technology) A recent report from the state auditor's office showed widespread noncompliance with routine cybersecurity protections. The gaps could open the state to unnecessary threats as hackers aggressively target government.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

CyberForce (College Park, Maryland, USA, November 7, 2019) A gathering of government and industry to bridge the managerial, operational, and technical skills gap of today's cybersecurity workforce.

Insider Threat Program Development & Management Training (College Park, Maryland, USA, December 3 - 4, 2019) The Insider Threat Defense Group will hold its highly sought after and very affordable Insider Threat Program (ITP) Development & Management Course, at the University of Maryland College Park Campus. This 2 day training course will ensure the ITP Manager / Senior Official, Insider Threat Analyst, FSO, and others who support the ITP (CSO, CIO, CISO, IT, Network Security, Human Resources, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. For a limited time the training is being offered at a discounted rate of $1,095. (Normally $1295).

upcoming Events

CyberNext Summit (Washington, DC, USA, October 8 - 10, 2019) Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) 8-10 October, 2019 in Washington D.C. summit will focus on the capabilities needed to achieve security in such a distributed environment, especially in the context of ever-increasing security threats. CNS will take place in parallel to Borderless Cyber 2019, an event by OASIS Open Consortium. By booking 1 ticket, you can attend both events.

Borderless Cyber (Washington, DC, USA, October 8 - 10, 2019) OASIS Borderless Cyber and The Integrated Adaptive Cyber Defense (IACD)'s Integrated Cyber merge conferences this year to bring you a three-day program addressing advances in automation and autonomous systems for network defense. Experts will share knowledge and experiences through a mixture of interactive panel discussions and presentations on proactive/reactive threat intelligence automation options, emerging exchange standards for automating cyber threat data, managing threats with AI, and more. Thought leaders will also provide information on some of the new players in defense development and technology in waiting.

SecureWorld Dallas (Dallas, Texas, USA, October 9 - 10, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

Jacksonville Cybersecurity Conference (Jacksonville, Florida, USA, October 10, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel with three-to-five local CISOs discuss real-world problems and solutions.

driving.digital Conference 2019 (Nitra, Slovakia, October 14 - 15, 2019) An international program conference focused on cyber security in the automotive industry and mobility. Conference themes will address the topic of stability of digital solutions in the automotive and mobility sectors and highlight areas of risk and vulnerability throughout the life cycle of vehicles, from development, production and operation to end-of-life.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.