The CyberWire Daily Briefing 1.4.19

Summary

By the CyberWire staff

A very large doxing campaign has exposed sensitive personal information belonging to hundreds of German political figures (BBC). The only recently noticed campaign, which began quietly before Christmas and took the form of a satirical Advent calendar, released private communications, emails, contacts, phone numbers, memoranda, and financial information belonging to “hundreds” of politicians, including Chancellor Merkel and President Steinmeier (Graham Cluley). The Bundesamt für Sicherheit in der Informationstechnik (BSI) is investigating. The only political party apparently unaffected is the Alternative for Germany, generally described as “far right.” Observers betting on form suspect Russia’s GRU, Fancy Bear, but that’s speculation on a priori probability (TechCrunch).

Speaking of Fancy Bear, ESET has released details on Lojax, the UEFI rootkit the GRU has used in cyber espionage operations (Register).

Trend Micro has discovered a MobSTSPY infestation in Google Play. The spyware was found lurking in otherwise innocent-appearing Android apps. More than a hundred-thousand users may have been infected.

ISIS has returned to the online world seeking to inspire mass murder (mostly by automobile) in spaces "crowded with unbelief." Some of the inspiration has been delivered through dormant Twitter accounts ISIS hijacked (Engadget).

Bail is being sought for Paul Whelan, charged with spying by Russia’s FSB. The FSB says the dual US-British citizen received a USB drive containing a roster of personnel at a secret Russian institution (Guardian). It’s an odd case, but most observers think Whelan’s arrest is a Russian move to bargain for a spy swap with the US (New York Times).

Learn how Cylance silences cyber attacks with Artificial Intelligence.

Notes.

Today's issue includes events affecting Bangladesh, Brazil, China, Egypt, European Union, Germany, Indonesia, Ireland, Italy, Pakistan, Russia, Saudi Arabia, Spain, Sri Lanka, Turkey, Ukraine, United Kingdom, United States

Visualize Your Network Like the Most Infamous Hackers

Cyber threats are becoming more frequent and targeted. Bad actors are more adept at social engineering and investigating your network and infrastructure to understand your organization’s cyber strengths and weaknesses. This webinar delves into a robust threat model capable of repelling the world's most sophisticated hackers and nation-state actors. Join us for an introduction to ScoutThreat™, a threat management platform that helps analysts streamline threat analysis work and extract the maximum value from threat intelligence.

On the Podcast

In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey offers a look ahead at security in 2019. Our guest is Ken Modeste from Underwriters Laboratory, describing UL's evolution as a safety certification organization.

And, if you haven't listened to it yet, Hacking Humans currently features an episode called "At some point you're probably going to have to do some running." Joe describes a reply-all scenario gone wrong. Dave explains the criminal use of steganography in memes as a command and control technique. Our catch-of-the-day features alluring photos texted to an unimpressed listener. Carole Theriault interviews physical pen tester Freaky Clown.

Sponsored Events

Cyber Security Summits: 2019 (United States, January 1 - December 31, 2019) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from the FBI, Darktrace and more at the 2019 Cyber Security Summits. Register with promo code cyberwire95 for $95 VIP admission (Regular price $350).

Rapid Prototyping Event: The Wolf in Sheep's Clothing (Columbia, Maryland, United States, January 29 - 31, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Protoyping Event which is interested in identifying UAM solutions that employ advanced real-time analysis of multiple data sources for detecting unauthorized activities.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Hacker leaks data on Angela Merkel and hundreds of German lawmakers (TechCrunch) A hacker has targeted and released private data on German chancellor Angela Merkel and other senior German lawmakers and officials. The data was leaked from a Twitter account, since suspended, and included email addresses, phone numbers, photo IDs and other personal data on hundreds of senior polit…

German politicians suffer massive hack of personal details and private communications (Graham Cluley) The private communications, emails, contact details, mobile phone numbers, memos, and financial information of hundreds of politicians have been published online.

Hackerangriff auf Politiker: Analysen laufen (BSI - Presseinformationen des BSI) Das BSI prüft den Fall derzeit in enger Abstimmung mit weiteren Bundesbehörden intensiv. Das Nationale Cyber-Abwehrzentrum hat die zentrale Koordination übernommen. Nach jetzigem Erkenntnisstand liegt keine Betroffenheit der Regierungsnetze vor.

Hackers seize dormant Twitter accounts to push terrorist propaganda (Engadget) Terrorists are using an old Twitter exploit to revive dead accounts and spread their hateful message.

ISIS Message After Barcelona Warning: Kill Pedestrians at 'Very Busy and Full of Disbelief' Location (Homeland Security) "A vehicle is equally powerful or even more than a bomb... hit with all the force at the first moment," says terror directive.

Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs (Register) ESET sheds new light on 'Lojax' firmware infection

Feds Warn Chinese Hackers Launching Targeted Cyber Attacks (HealthITSecurity) DOJ and Homeland Security are warning Chinese hackers are targeting IT service providers and others with malware attacks to exfiltrate data. Healthcare and biotech companies are among the victims.

Analysis | How China’s Spies Became Key Players in the Trade War (Washington Post) China’s main intelligence agency, the shadowy Ministry of State Security, has found itself thrust into the global spotlight as political and trade tensions between the U.S. and China flare. Two of its alleged assets have been publicly named in a sweeping U.S. indictment involving hacking on a global scale. After a top executive of Huawei Technologies Co. was arrested in Canada on a U.S. extradition request, it was MSS agents who abruptly detained two Canadians in China, sparking a diplomatic feu

Spyware Disguises as Android Applications on Google Play (TrendLabs Security Intelligence Blog) Recently discovered spyware disguises itself as legitimate Android applications to gather information from Google Play users.

New Android malware hit more than 100,000 users in 196 countries (Cyware) A new Android malware was hidden behind six different Android applications that were available in Google Play, out of which five apps were removed from Google Play in February 2018. The applications have been downloaded 100,000 times by users in 196 countries, with the majority of victims residing in India.

MobSTSPY spyware weaseled its way into Google Play (SC Magazine) Once again a spyware disguised as Android applications has made its way into the Google Play store with some of the malicious apps being downloaded more than 100,000 times by users across the globe last year.

New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit (SecurityWeek) A new version of the NRSMiner is actively spreading in the southern region of Asia and using the EternalBlue exploit to infect systems.

Emotet Malware Gets More Aggressive (Dark Reading) Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access (Threatpost) All of them arise from improper input validations.

Phishing template uses fake fonts to decode content and evade detection (Proofpoint) Proofpoint researchers describe a new phishing template that uses a previously undocumented font trick to decode and display pages.

Apple Phone Phishing Scams Getting Better (KrebsOnSecurity) A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people.

Hackers Attempt to Sell Stolen 9/11 Documents (SecurityWeek) A group of hackers is claiming to be offering a large number of confidential documents for sale that are related to the September 11 terrorist attacks.

Popular Weather App Collects Too Much User Data, Security Experts Say (Wall Street Journal) A weather-forecasting app from TCL Communication Technology Holdings—maker of Alcatel smartphones—asks for data beyond what’s normal for a weather program, a security firm says.

Over 3,000 Luas users may have had records compromised in cyber attack (Irish Examiner) The Luas website has been hacked, with the tram operator being held to ransom for one Bitcoin.

Website of Dublin Tram System Hacked (SecurityWeek) A hacker defaced the website of Luas, the tram system in Dublin, Ireland. The attacker has threatened to leak data unless he is paid 1 bitcoin.

Netflix urges fans not to try the ‘Bird Box’ challenge after videos emerge of people driving while blindfolded (The Telegraph) Netflix has urged fans not to take part in a viral challenge inspired by its new sci-fi horror film Bird Box.

Hackers hijack thousands of Chromecasts to warn of latest security bug (TechCrunch) Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks. The culprits, known as Hacker Giraffe and J3ws3r, ha…

Hacker Promoting PewDiePie Stops Hacking Because They’re Getting Harassed (Motherboard) "Well, here I am, burned and roasted, awaiting my maybe-coming end,” HackerGiraffe wrote.

Don’t fall victim to the Chromecast hackers – here’s what to do (Naked Security) First they came for your printer… and then they came for your Chromecast – learn how to tighten up your router security.

Security Patches, Mitigations, and Software Updates

Two Critical Flaws Patched in Adobe Acrobat, Reader (SecurityWeek) Two critical vulnerabilities have been patched by Adobe in its Acrobat and Reader products, but administrators don’t need to rush to install the updates.

Adobe Issues Emergency Patch Following December Miss (Dark Reading) The company released an out-of-band update to head off vulnerabilities exposed in Acrobat and Reader, one of which had been patched by the company in December.

Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site (Symantec) Symantec's Data Loss Prevention (DLP) Management Console is potentially susceptible to persistent cross-site scripting (XSS) issues and a possible cross-site request forgery (CSRF) in the Enforce Server administration console. Successful exploitation could result in potential unauthorized actions directed against the console potentially with elevated privileges.

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up (ZDNet) Microsoft is adding new Microsoft 365 packages to its subscription-service roster, as well as expanding availability of its MyAnalytics 'fitness tracker for work' service.

Cyber Trends

On the Cyber Edge of History (SIGNAL Magazine) Legislation, strategies, policies, authorities and a spirit of cooperation across government and the international community align to meet the cyber threat.

A 2018 retrospective on control system cyber security – we aren’t as far along as many people think (Control Global) During 2018, Operational Technology (OT) cyber security and threat hunting vendors flourished. There also were many control system cyber vulnerabilities, multiple unintentional control system cyber incidents, multiple control system cyber attacks. What is still missing is adequately addressing the control system field devices.

The Unhackable Election (Foreign Affairs) Malign foreign powers, led by Russia, are weaponizing the infrastructure that underpins democratic societies. Europe and the United States need to work together to craft a bipartisan, transatlantic response to protect democratic elections.

Has GDPR improved privacy - (Enterprise Times) Jake Olcott, Vice President, Communications and Government Affairs at BitSight talks about how GDPR has improved data security

Good Privacy Requires Tech, Cultural Change (Wall Street Journal) Privacy is not a four-letter word, but for some CIOs it has felt that way.

Top 5 Security Trends That Will Continue in 2019 (SecurityWeek) Five trends observed across the security industry in 2018 that are expect to remain strong in 2019.

You cannot save the world alone: This and other lessons we learned at Kaspersky Lab’s Cyber Security Weekend (PCMag India) In a world that gets more fragmented by the day, Balkanisation has become a natural response amongst governments that don’t trust each other

Xconomy: New Year to Bring New Data Security Threats, Cyber Investor Warns (Xconomy) Bob Ackerman is one of the venture capitalists whose funding has long fed the growth of the burgeoning cybersecurity industry. So, you might imagine that

Doctors tell parents to cut children’s screen time (Times) Doctors have issued the first guidance advising parents to limit their children’s access to technology as a study linked heavy social media use by teenagers to signs of depression. Children should...

Marketplace

Profit, Peril And The Internet Of Things (Forbes) The proliferation of IoT devices means more equipment is vulnerable to a security breach than ever before.

The Cybersecurity "Arms Race" Means Double-Digit Profit Opportunities in 2019 (Money Morning) In 2019, everyone is going to wish they bought cybersecurity stocks. That's because there could be some big deals made. There's a lot of money and big profit opportunities ahead...

Long-awaited Cybersecurity industry consolidation might get boost from market correction (ETF Daily News) There are too many cybersecurity companies offering too many solutions to too many problems, with too few qualified workers seeking to help. After years of hoping for a change, it’s possible that the fourth-quarter market correction could…

Facebook Begins New Year in Fixer-Upper Mode (Wall Street Journal) One year ago, Mark Zuckerberg set his sights on “fixing” Facebook. That remains very much a work in progress. At the top of the 2019 to-do list: find a balance between the social-media giant’s deeply held drive for growth and its heightened commitment to improving safety and security across its many platforms.

Apple told to pull iPhones from Germany (BBC News) Apple has been ordered by a court to remove iPhone 7 and iPhone 8 models from its German stores.

Huawei will focus on Cyber Security and Privacy Protection in 2019: Founder (Gizmochina) At a time when most countries are concerned about security aspect related to Huawei’s products, the company’s founder Ren Zhengfei has sent a letter to all its employees talking about...

Huawei enters 2019 swinging with $108.5 billion revenues (Telecoms.com) To say 2018 was a rollercoaster ride for Huawei would be somewhat of an understatement, but the New Year’s message from Rotating Chairman Guo Ping is one of defiance.

Huawei Demotes Workers for Tweeting From an iPhone (Bloomberg) They oversaw agency that tweeted from its official account

LinkedIn backtracks on censorship of Chinese activist (Computing) Another question mark over the influence of repressive regimes on tech firms

TRANSCOM Blazes Cyber Trail to Commercial Cloud (SIGNAL Magazine) The command is making strides in transferring its unclassified systems and is sharing lessons learned that will make the path to cloud usage smoother for others to follow.

Coalfire Federal Appraised at CMMI Maturity Level 3 (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, announced today that Coalfire Federal, ...

Fortinet Serves as a Founding Partner of World Economic Forum’s Centre for Cybersecurity (GlobeNewswire News Room) As first cybersecurity founding partner of the Centre for Cybersecurity, partnership demonstrates Fortinet’s continued commitment to innovation and collaboration to combat global cybercrime

Shared Assessments Program Appoints Risk Management Visionaries as 2019 Steering Committee and Advisory Board Leadership (BusinessWire) Shared Assessments Program Appoints Risk Management Visionaries as 2019 Steering Committee and Advisory Board Leadership

Products, Services, and Solutions

DENSO and Dellfer to Protect Cybersecurity for Connected Cars from the Inside Out (DENSO Media Center) The world’s second-largest mobility supplier DENSO and Dellfer, a cybersecurity company, have entered into a Joint Development Agreement (JDA) to bring ZeroDayGuard 1.0, a cyber security product to market for the automotive industry. The partnership aims to ...

Helping Foster Youth Protect Against Identity Theft (Triple Pundit) Identity theft is a nightmare for anyone who falls prey to it, and while everyone is vulnerable, America’s foster youth are particularly at-risk.

Technologies, Techniques, and Standards

ICS Security Experts Share Tales From the Trenches (SecurityWeek) ICS security experts from several companies share interesting stories from the field.

Debunking Common Misconceptions about Third-Party Risk Management (Infosecurity Magazine) Debunking several misconceptions about managing a third-party risk program have emerged in recent years.

New Year's Resolution: Manage Your Third-Party Security Better! (Panorays) Here’s a great New Year’s resolution for every business: Make 2019 the year that you take control of your third parties’ cybersecurity posture. Here are three good reasons why.

Staying relevant in an increasingly cyber world (Federal News Network) As the cyber industry expands, there’s an influx of unique job titles: cybersecurity analyst, cybersecurity manager, even cyber warrior. But, working in the field of cybersecurity doesn’t always mean holding a position with a trendy tech name.

How DevOps may be the answer to cyber-attacks (Chief Technology Officer) SMEs are starting to recognize that their existing cybersecurity solutions are inadequate against the cyber-attacks. This is why they have started revamping their approach to reduce the risks that hackers pose. One of the most significant changes they have made is investing in DevOps

When Open Source And Cyber Security Bonds: Kali Linux, The Go-To OS For Penetration Testing (Analytics India Magazine) A security-focused operating system (OS) has become insanely popular among most of the penetration testers is Kali Linux.

How the ERC-1400 Has Evolved Into a Suite of Interoperable Security Token Standards (The Tokenist) The ERC-1400 security token standard was initially published just three months ago. Since then, the single ERC has evolved into a suite of security token standards. While all standards are self-contained, each one provides a necessary function of security token performance— where they all remain interoperable among each other. Currently, the ERC-1400 standards are partitioned...

Building a ‘cyber-smart’ culture from the C-suite (EJ Insight) Organizations around the world are becoming more conscious about cyber-security. The topic is discussed regularly in the boardrooms nowadays, especially against the backdrop of significant financial and reputational liabilities brought upon by data breaches. Asia has seen its fair share of data breaches. In March 2016, 55 million voter data from the Commission on Elections…

How to create a security-focused work culture (TechRepublic) Learn how to beef up your company's cyberdefenses by training employees on cybersecurity policies and procedures, password management, and phishing.

How automation enables a proactive security culture at Bank of England (CSO Online) The Bank of England security team uses automation to build intellectual capital, freeing up time to be more proactive and to better explain security to business units.

Utah soldiers to deploy in fight against cyberattacks (DeseretNews.com) A squad of Utah soldiers is deploying to aid in the fight against digital warfare. A team of 18 Utah National Guard members from the 174th Cyber Protection unit is scheduled to deploy to Fort...

Here’s the Army’s latest electronic warfare project (C4ISRNET) Dubbed Raven Feather, the Army is taking aim at platforms and vehicles.

Design and Innovation

The Elite Intel Team Still Fighting Meltdown and Spectre (WIRED) One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.

Microsoft tests feature to allow users to control their personal data (Computing) Microsoft dips a toe into the personal information economy

Architecting Cybersecurity Into Embedded Systems (SIGNAL Magazine) Embedded systems emerge as the latest challenge to secure deployed U.S. military technologies, including those within weapons and flight controllers.

Research and Development

U.S. National Quantum Initiative Act Signed and Delivered – What’s Next? (HPCwire) In case you missed it, the U.S National Quantum Initiative Act was signed into law by President Donald Trump on December 21 just before end-of-year

Are defense contractors investing enough in quantum computing? (Fifth Domain) Quantum computing is set to make existing forms of cybersecurity obsolete, but the coming revolution has not jolted researchers and defense firms to fully invest in the technology,

Legislation, Policy and Regulation

30 Years After the Rushdie Fatwa, Europe Is Moving Backward (Foreign Policy) Blasphemy laws are more firmly anchored in the EU than ever before.

EU Looks to Reduce Exposure to Chinese 5G Risk: Report (Infosecurity Magazine) Brussels wants a more coordinated response to security challenges

How to Hit Russia Where It Hurts (Foreign Affairs) The United States needs a long-term strategy to ramp up economic pressure.

White House Mulls Jim Webb, Ex-Democratic Senator, as Next Defense Secretary (New York Times) Mr. Webb’s views align closely with President Trump’s drive to pull American troops from the Middle East and confront China more aggressively.

The critical strategic questions for DoD’s cyber force (C4ISRNET) With forces now in place, Cyber Command is beginning to think through tough problems and how to employ its capabilities.

NGA’s outgoing director on how to avoid a cultural ‘backslide’ (C4ISRNET) Robert Cardillo, the outgoing director of the National Geospatial-Intelligence Agency, explained how the agency has evolved during his four years at the helm, why the intelligence community needs to continue to challenge the status quo, and how intel work has changed in the last 30 years.

Cyber-security grant tightens Washington County systems (Olean Times Herald) Washington County is in the first round of recipients awarded a state cyber-security grant that will help county officials better monitor computer systems to prevent intrusions from

Litigation, Investigation, and Enforcement

Huawei tit-for-tat: why the US has a more legitimate case than China (South China Morning Post) David Zweig says the Huawei CFO was arrested for an offence committed by her, not her company, and was allowed to hire a lawyer. Canada has treated her more fairly than China is treating two Canadians in detention

Paul Whelan: ex-US marine held in Moscow charged with spying (the Guardian) Whelan faces 20 years if convicted as Russian news outlet claims he had USB drive with classified list of names

Bail sought for Marine vet held in Moscow for alleged spying (Marine Corps Times) The defense lawyer for a former U.S. Marine who was detained in Russia for alleged spying said Thursday that he is trying to get the American released from the Moscow prison where he has coped well with being in custody.

British citizen Paul Whelan held in Russia over ‘spying for the West’ (Times) A British citizen has been detained in Russia on suspicion of spying, The Times has learnt. Paul Whelan, 48, was formally charged with espionage yesterday as it was alleged that he had received in...

Spy or Not? American Who Loves Russia Ensnared in New Cold War (New York Times) Paul N. Whelan, now in a Moscow prison, cut a curious figure. He traveled on Russian trains, collected tea glass holders and cultivated military contacts.

Novi man accused of 'spy mission' in Russia: What we know (Detroit Free Press) Paul Whelan, 48, of Novi, is accused of spying in Russia. Here is what we know about his life, his background and where things stand with his case.

National-security experts say a US Marine veteran detained in Russia doesn’t fit the profile of a spy, but he could be a bargaining chip for a prisoner swap (Business Insider) Paul Whelan's profile doesn't fit that of a spy. But it does fit that of someone President Trump would want to bring home as part of a prisoner swap.

Ex-CIA agent Plame: 'It's not inconceivable' Paul Whelan is a spy (Detroit Free Press) “The Russians are going back to their playbook that they used throughout the Cold War. They’re very aggressive.”

Jerome Corsi's request for specific judge in Mueller lawsuit denied (Fox News) A Washington D.C. federal judge Thursday denied a request by conservative author Jerome Corsi to assign himself to hear Corsi's lawsuit against Special Counsel Robert Mueller alleging illegal and unconstitutional surveillance.

New Documents Suggest The Steele Dossier Was A Setup For Trump (The Federalist) After nearly two years since the Steele dossier was published, it remains the cornerstone of the case for collusion. It has also prompted other operations.

Exculpatory Russia evidence about Mike Flynn that US intel kept secret (TheHill) What many 'Russia collusion' cheerleaders cite as the start of a conspiracy between the Trump campaign and Moscow was, in fact, something very different.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

NITSIG Meeting: Insider Threat Detection & Mitigation Using External Data Sources (Laurel, Maryland, USA, February 12, 2019) Gathering and analyzing Internal data sources is very important for Insider Threat Detection. Equally important is knowing what External data sources are also available to create the "Big Picture" of potential / actual Insider Threats. This meeting will focus on the many External data sources that are available from various companies, for organizations and businesses that want to be proactive in "Employee Threat Identification". This meeting will also provide insight into the possibility that your company's data may be "For Sale" on the Dark Web, and how to locate it.

SecureWorld Charlotte (Charlotte, North Carolina, USA, March 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Boston (Boston, Massachussetts, USA, March 27 - 28, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, April 10 - 11, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Houston (Houston, Texas, USA, April 18, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Toronto (Toronto, Ontario, Canada, April 24, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Kansas City (Kansas City, Missouri, USA, May 8, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Cincinnati (Cincinnati, Ohio, USA, May 16, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Atlanta (Atlanta, Georgia, USA, May 29 - 30, 2019) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Chicago (Chicago, Illinois, USA, June 13, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event in the InfoSec industry. Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

upcoming Events

SINET Global Institute CISO Series (Scottsdale, Arizona, USA, January 15 - 16, 2019) By invitation only. These intimate CISO workshops address the challenges that Board of Directors are placing on security and risk executives, and how to successfully manage and communicate today’s enterprise and organizational threats. These are an intense “roll your sleeves up” thought leadership discussions on How Cyber is Driving the New Board Perspective on Enterprise Risk Management. Attendance is limited to 30 Security and Risk Executives from Global 2000 corporations.

CPX Asia 360 2019 (Bangkok, Thailand, January 21 - 23, 2019) CPX 360 - the industry’s premier cyber security summit and expo - brings together the world’s leading cyber security experts to one venue. Gain a deep understanding of current challenges cyber security professionals face. Experience insightful Cyber Talk keynotes, conference sessions, and hands-on labs covering the latest innovations. Register today!

CPX Americas 360 2019 (Las Vegas, Nevada, USA, February 4 - 6, 2019) CPX 360 promises to be the premier cyber security summit. CPX 360 is where you’ll receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, you’ll enjoy getting hands on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite. If you attend one cyber security event this year, make it CPX 360.

QuBit Conference Belgrade 2019 (Belgrade, Romania, February 7, 2019) QuBit is a Cybersecurity Community Event connecting the East and West. We create a unique way to meet the best and the brightest minds in the information security fields across multiple industries, and all carrier levels. We are collecting great feedbacks on past conferences so we would be glad to cooperate with you, too. QuBit Conference consists of one day (2 in Prague) full of educational presentations, keynotes, case studies and interactive panel discussions in QuBit way - community spirit and tons of great networking opportunities. Not to mention popular pre-conference hands on training held a day before conference.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.