The CyberWire Daily Briefing, 1.23.20

Summary

By the CyberWire staff

The UN has asked the US to investigate the spyware incident involving the phone belonging to Amazon founder Jeff Bezos, the Guardian reports. Motherboard has obtained a copy of FTI Consulting’s forensic report on the device, and notes this conclusion: “Bezos’ phone was compromised via tools procured by Saud al Qahtani,” a close adviser to the Saudi Crown Prince. Experts Motherboard consulted note that the investigators may not have achieved the root access needed to fully inspect the phone, since “good state-sponsored malware” wouldn’t betray itself by appearing in backups. NSO Group’s Pegasus tool is the usual suspect, but the basis for that conclusion, while compelling, remains largely circumstantial.

Comparitech found five Microsoft Elastisearch servers exposed online on December 29th. Microsoft secured them over the next two days, and disclosed details of the incident yesterday. The data were held in a customer service database. Some two-hundred-fifty-million records were exposed.

A ransomware infestation must now be considered a data breach until investigation proves otherwise. BleepingComputer notes that both Maze and Sodinokibi are prepared to leak data belonging to victims who fail to pay. Dark Reading writes that organizations are increasingly disposed to pay.

According to CNET, Apple and Google are engaged in a dispute over Google’s claims that Apple’s Safari anti-tracking features may actually facilitate tracking.

Windows 7 may have gone west, but the German government just can’t quit it. Berlin will pay Redmond €800,000 in 2020 for extended security updates for about thirty-three-thousand PCs still running Windows 7, OnMSFT reports.

Fast, Comprehensive, Simplified Threat Intel Delivered To Your Inbox

Notes.

Today's issue includes events affecting Bahrain, Canada, China, France, Germany, Saudi Arabia, United Arab Emirates, United Kingdom, United Nations, United States

Bring your own context.

GDPR is now a well-established regulatory regime whose effects are felt beyond the European Union. But with enforcement actions (and fines) on the rise, it can be difficult to know exactly how to comply.

"But I think one of the challenges that we've had with GDPR - that it's been completely nonprescriptive in terms of technology and how people do things. So it gives you kind of best practices buzzwords about - you know, you will keep information secure. You will protect the individual. But there's actually nothing underneath that as to how you - or recommendations or suggestions on technology or, as you say, page layout. So that then is left to each individual company."

—Jon Fielding of Apricorn, on the CyberWire Daily Podcast, 1.21.20.

It will take awhile to sort the best practices out.

Coming soon: CyberWire Pro.

Our new subscription program, CyberWire Pro, will be available soon. Designed for cyber security professionals and others who want to stay abreast of our rapidly evolving industry, CyberWire Pro is a premium news service that will save you time and keep you informed. Learn more and sign up to get launch updates here.

Investigating China’s Disinformation Campaigns

Cyber influence campaigns have plagued countries across the globe in the past few years, with foreign policy objectives, economic goals, and public opinion caught in the crossfire. LookingGlass researchers have tracked over 2000 People’s Republic of China-related influence operators on Twitter to better understand the current landscape. In our next webinar, Tom Creedon will explore these findings to gain an understanding of operator account patterns and targets. Save your seat for February 6 at 1pm ET.

On the Podcast

In today's CyberWire Daily Podcast, out later this afternoon, we speak with our partners at CrowdStrike, as Tom Etheridge shares thoughts on incident response plans.

And Hacking Humans is up. In this week's episode, "Flipping the script," Dave's phone is blowing up with smishing attempts. Joe shares a story about fake license renewal attempts from The New Zealand Transportation Agency. The catch of the day flips the script on their attacker. Later in the show Carole Theriault speaks with Jamie Bartlett, the brains and host behind the Missing Cryptoqueen, an amazing BBC podcast about trying to get to the bottom of the OneCoin scam.

Sponsored Events

CyberTech Tel Aviv (Tel Aviv, Israel, January 28 - 30, 2020) Cybertech Tel Aviv is a 3-day event with 200+ organizations, 180+ speakers and 18,000+ attendees with a goal to create business and networking opportunities across borders. For 15% off, use code tcwtlv20dis on the registration page and enter the “Full-Pass" option. https://www.cybertechisrael.com/

Cyber Security Summits: February 5 in Atlanta and on March 20 in Tampa (Atlanta, Georgia, United States, February 5, 2020) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, IBM Security, Google and more. Register with promo code cyberwire20 for $95 VIP admission (Regular price $350) https://CyberSummitUSA.com

Suits & Spooks (Washington, DC, United States, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers from government agencies and technology companies engage in discussion and debate of security challenges. World-class speakers describe their vision of future threats and leading-edge companies will exhibit novel solutions. Get 15% off with discount code cyberwire15.

RSAC 2020 (San Francisco, California, United States, February 24 - 28, 2020) Connect to the people and ideas that matter. To your growth. To your organization. At RSAC 2020, February 24 – 28, explore current and emerging trends, gain valuable skills and network with peers. Register today!

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities

Here Is the Technical Report Suggesting Saudi Arabia’s Prince Hacked Jeff Bezos’ Phone (Vice) Motherboard has obtained the report made by FTI Consulting into how Crown Prince Mohammad Bin Salman allegedly hacked Amazon CEO Jeff Bezos's phone.

The Cybersecurity 202: Bezos hack reveals dangerous escalation in use of commercial hacking tools, experts warn (Washington Post) An alleged Saudi hacking campaign that compromised the cellphone of Amazon founder and Washington Post owner Jeff Bezos is a chilling example of how even the world's richest person can be hacked with tools that were likely bought off the shelf.

The Jeff Bezos hack could happen to anyone (Vox) The story of the Saudi crown prince using WhatsApp to break into a billionaire’s phone is a quick lesson in cybersecurity.

Everything We Know About the Jeff Bezos Phone Hack (Wired) A UN report links the attack on Jeff Bezos' iPhone X directly to Saudi Arabian Crown Prince Mohammed bin Salman.

This is a rare photo of a smartphone-hacking device sold by the NSO Group, the billion-dollar Israeli spyware company accused of helping hack Jeff Bezos (Business Insider) A Business Insider photo from a security conference in Paris reveals the device NSO Group sells to its clients to carry out hacks.

Big Microsoft data breach – 250 million records exposed (Naked Security) Microsoft has today announced a data breach that affected one of its customer databases.

250 million Microsoft customer service records briefly exposed online: report (TheHill) Almost 250 million records of Microsoft customer service and support reports, including locations and email addresses, were briefly exposed online in late December before the vulnerability was patched, a report published Wednesday found.

Microsoft Security Shocker As 250 Million Customer Records Exposed Online (Forbes) A new report reveals that 250 million Microsoft customer records, spanning 14 years, have been exposed online.

WindiLeaks: 250 million Microsoft customer support records dating back to 2005 exposed to open internet (Register) Quickly shuttered partially redacted leaky DB included 'internal notes marked as confidential'

Access Misconfiguration for Customer Support Database - Microsoft Security Response Center (Microsoft Security Response Center) Today, we concluded an investigation into a misconfiguration of an internal customer support database used for Microsoft support case analytics. While the investigation found no malicious use, and although most customers did not have personally identifiable information exposed, we want to be transparent about this incident with all customers and reassure them that we are taking …

New Targeted Attack Campaign in the Middle East (Blue Hexagon) Blue Hexagon Labs describes a new targeted campaign in the Middle East that takes advantage of heightened tensions and uses legitimate services in various attack phases

Maze Ransomware Not Getting Paid, Leaks Data Left and Right (BleepingComputer) Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines.

Sodinokibi Ransomware Threatens to Publish Data of Automotive Group (BleepingComputer) The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.

ConnectWise Responds to Bishop Fox Remote Control Vulnerability Report (MSSP Alert) Bishop Fox outlines eight alleged vulnerabilities with ConnectWise Control, a remote control software platform for MSPs & IT professionals. Here's ConnectWise's response.

Validating the Bishop Fox Findings in ConnectWise Control (Medium) In computer security, responsible disclosure is a vulnerability disclosure model in which an issue is publicly disclosed only after a…

Google finds Apple Safari anti-tracking feature actually enabled tracking (CNET) Apple's Intelligent Tracking Prevention technology posed risks to privacy and security, a research paper concluded.

Google and Apple Clash Over Web Browser Privacy (Bloomberg) Apple anti-tracking tech actually helps tracking, Google says. Apple’s Safari and Google’s Chrome are major competitors.

Democrats warned of cybercriminals targeting campaign funds (CNN) Democratic campaigns were warned late last year that cybercriminals were seeking to steal their funds by posing online as staff and election vendors, CNN has learned.

Cyber Criminals Use Fake Job Listings to Target Applicants' Personally Identifiable Information (Federal Bureau of Investigation) Fake Job or Hiring Scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals leverage their position as “employers” to persuade victims to provide them with personally identifiable information (PII) or to send them money.

16Shop Phishing Gang Goes After PayPal Users (Threatpost) A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.

This Citibank Phishing Scam Could Trick Many People (BleepingComputer) A new Citibank phishing scam is underway that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily cause people to believe they are submitting their personal information on a legitimate page.

Phishing Incident at UPS Store Chain Exposes Customer Info (BleepingComputer) Sensitive personal and financial information of UPS Store customers was exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020.

Security Patches, Mitigations, and Software Updates

Apple and Google’s tough new location privacy controls are working (Fast Company) As users opt out of tracking en masse, advertisers will have to make do with limited location data.

German government will pay Microsoft €800K for Windows 7 extended security updates (OnMSFT.com) The German federal government will pay Microsoft a minimum of €800,000 this year for Extended security updates for a fleet of 33,000 PCs still running Windows 7

Cyber Trends

Proofpoint’s State of the Phish Report Stresses the Need for User Training and Email Reporting as Targeted Attacks Climb (Proofpoint US) Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today released its sixth annual global State of the Phish report, which provides an in-depth look at user phishing awareness, vulnerability, and resilience.

2020 Report on Phishing Attacks - State of the Phish (Proofpoint) Do you have a good sense of cybersecurity best practices and how to fight phishing attacks? Our 2020 State of the Phish report brings you critical insights.

To Avoid Disruption, Ransomware Victims Continue to Pay Up (Dark Reading) For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.

Monthly Threat Actor Group Intelligence Report, November 2019 (ThreatRecon) This is a summary of activity of suspected state sponsored Threat Actor Groups analyzed by the ThreatRecon Team, based on data and information collected from October 21 to November 20, 2019.

Marketplace

Object Management Group Issues Cyber Insurance Request for Information (Object Management Group) Press Release: Gathering input to help users of cloud services better protect their businesses.

Treasury wants more info on financial sector cybersecurity risks (Fifth Domain) Public comments are open until March 23.

Huawei issues don’t mean ‘free ride’ for Ericsson, CEO says (FierceWireless) Instead, it's creating uncertainty that's reducing investment overall, Ericsson's chief executive told CNBC.

CFC acquires insuretech ThreatInformer (CFC Underwriting) Specialist insurer to integrate data enrichment technology to improve underwriting and claims activities.

Insurer Coalition buys BinaryEdge security search engine to scan policyholders (Computing) BinaryEdge acquisition comes as insurers start hiking rates in response to spike in ransomware attacks

Insurers look to curb ransomware exposure as U.S. cyber rates rise (Reuters) U.S. insurers are ramping up cyber-insurance rates by as much as 25% and trying ...

Is cyber-insurance now an enterprise security reality? (diginomica) Insurance against cyber-attacks has been difficult to secure. Now objective, external third party evaluation of a company’s security status is possible, and underwriting it is following along

VMware to acquire AI-based network analytics firm Nyansa (Computing) VMware wants to add Nyansa's AI and machine learning capabilities to its security and network portfolio

VMWare Acquired Another Company. Here’s Why. (Barron's) VMWare announced plans to fold Palo Alto-based firm Nyansa into its expansive network and security portfolio for an undisclosed sum.

This crypto expert is back with a new fund — and he's all-in on bitcoin (Washington Business Journal) The bear market of 2018 taught Maxim Nurov that bitcoin is crypto king.

Lantronix Names Former Microsemi EVP/GM Roger Holliday as VP Worldwide Sales (Globe Newswire) Lantronix, Inc. (NASDAQ: LTRX), a global provider of secure data access and management solutions for the industrial Internet of Things (IoT), today announced that Roger Holliday has joined Lantronix as vice president of Worldwide Sales.

It’s All About Identity for SecureAuth’s New CISO, Chief Evangelist (Yahoo) SecureAuth, the secure identity company, has announced the appointment of Bil Harmer as chief information security officer and chief evangelist. Harmer joins the executive team to “bring trust back to a zero-trust world” and support the rapid growth of the company. Harmer brings more than 30 years

Products, Services, and Solutions

Cowbell Cyber Launches with Industry’s First Continuous Underwriting Platform; Raises $3.3M Seed Round (Cowbell Cyber) Cowbell Cyber, a startup focused on Artificial Intelligence (AI)-powered cyber insurance for small to mid-sized enterprises, today introduced the industry’s first continuous underwriting platform that aligns insurable threats to …

GK8 - Bounty Program: Hack-Proof Digital Vault (GK8) The biggest bounty prize of the year, up to a quarter of a million USD in Bitcoin, $250,000. GK8 Introduces the proven and validated first TRUE cold wallet for executing the entire digital asset management process without an Internet connection

Swimlane SOAR Version 10.0 Delivers Improved Performance and MTTD/MTTR for Security Operations Centers (BusinessWire) Swimlane, an independent leader in security orchestration, automation and response (SOAR), today announced the release of Swimlane version 10.0

Nozomi Networks and ElevenPaths Partner to Deliver Advanced IT and OT Security Services Worldwide (Yahoo) Relationship strengthens ElevenPaths’ portfolio of managed security services with deep cyber-physical systems solutions and expertise, and also strengthens Nozomi Networks’ coverage and capabilities to deliver advanced IT and OT Security Services through Telefonica’s Intelligent SOCs.

ReFirm Labs Announces Winter 2020 Release of Updates to Its Centrifuge Platform for IoT and Firmware Security (Yahoo) ReFirm Labs, a provider of the industry's first proactive IoT and firmware security solutions, today announced the Winter 2020 release of updates to its flagship Centrifuge Platform®. The first solution that proactively manages the security of firmware -- a specific class of software that provides

FireEye Mandiant launches new Cloud Security Assessments | Intelligent CIO Middle East (Intelligent CIO) FireEye, the intelligence-led security company, has announced the availability of two new FireEye Mandiant services.

Jamf Announces Product Integration That Combines Powerful IT Workflows with Streamlined Mac Authentication and Identity Management (Yahoo) Jamf, the standard for Apple in the enterprise, announced that Jamf Connect can now be directly configured in Jamf Pro, combining the powerful IT workflows of Jamf Pro and the streamlined Mac authentication and identity management capabilities of Jamf Connect into one integrated experience. “A recent

CloudVector Introduces API Shark, The Free API Observability Tool (PR Newswire) CloudVector, today announced the launch of API Shark, the free API discovery and observability tool. Digital transformation trends are...

Technologies, Techniques, and Standards

NIST’s new privacy rules – what you need to know (Naked Security) How do you ensure you’re compliant with privacy regulations? NIST has released a Privacy Framework to help you get your house in order.

'Smart factory' honeypot attracts two ransomware attacks, fraudsters, corporate espionage - and other security researchers (Computing) Trend Micro honeypot indicates that bread-and-butter security measures will deter most attackers

Knowing Your Enemy: Attack Attribution in Cybersecurity (Infosecurity Magazine) While you can’t predict all attacks, you can use intelligence from the past to mitigate

Mobility as a Service Comes into Focus for 2020 Payments Summit and Secure Technology Alliance Projects in the Coming Year (Yahoo) The Secure Technology Alliance announced today it is focusing more efforts in 2020 on Mobility as a Service (MaaS) through new council priorities and a dedicated MaaS track at the 2020 Payments Summit. The Alliance aims to support this by bringing together stakeholders to solve the implementation challenges

These are the standards for new government websites (Federal Times) A new set of requirements released by the General Services Administration's Technology Transformation Service will govern how agencies design and monitor their public-facing websites.

Future battles will require these 5 pillars of cyber resilience (Fifth Domain) How can soldiers move, shoot, and communicate with yesterday’s approach to cyber hardening platforms?

Seattle-Area Election Puts Mobile Voting to a Test (Wall Street Journal) About 1.2 million registered voters in King County will have the option to cast ballots on their smartphones or computers in a local election.

Cofense Helps 2020 Presidential Candidates Secure Their Campaigns from Pervasive Phishing Attacks (PR Newswire) Cofense™, the global leader in intelligent phishing defense solutions, today announced its partnership with Defending Digital Campaigns (DDC),...

Former Presidential Campaign Managers and Senior NSA Official Launch Nonprofit To Bring Low To-No Cost Cybersecurity Services To Federal Campaigns (Defending Digital Campaigns) Defending Digital Campaigns announces its first president and CEO, board members and initial service offerings

Dubai regulator takes the wraps off cyber threat intelligence sharing platform (Finextra) The Dubai Financial Services Authority (DFSA) launched the first financial regulator-led Cyber Threat Intelligence Platform (Platform) in the region in collaboration with the Dubai Electronic Security Center (DESC), the National Computer Emergency Response Team for the UAE (aeCERT), the Computer Incident Response Center Luxembourg (CIRCL) and the Open Source Threat Intelligence and Sharing Platform Project (MISP).

Design and Innovation

Three Recent IoT Platforms That Show Smart Home Security Isn’t Just a Software Problem - News (All About Circuits) Here are a few developers that have taken extra precautions to bake security into IoT components at the silicon level.

Nobody boogies quite like you (Naked Security) Our unique dancing style can be used by a machine-learning model to ID us, regardless of musical genre. Unless it’s Metal. We all headbang.

Passwords Are Fossils: How Digital Trust Is Shaping The Future Of Identity And Access (Forbes) When it comes to digital interactions, too often there is a lack of trust between organizations and their users.

Legislation, Policy and Regulation

How Iran's military outsources its cyberthreat forces (The Conversation) The Iranian military operates cyber espionage and sabotage through a network of dozens of contractors, allowing the state to attack foes while denying involvement.

India Plans to Mandate Cybersecurity Measures for Power Grids (Bloomberg via T&D World) To deal with malware, India protects its central power grid through multiple firewalls and has isolated it from office networks.

Cybercrime Prevention Principles for Internet Service Providers (World Economic Forum) A number of studies and surveys describe the impact of cybercrime around the world and attempt to quantify the scale of the threat. The financial impact of cybercrime on businesses and individuals continues to rise, with Accenture estimating that the cost of cybercrime to businesses has risen by 72% over the past five years.

US official: China steals ‘massive amounts’ of data in West (Washington Post) The top U.S. cybersecurity diplomat says that China steals “massive amounts” of data from Western companies

The Interview - Top US cybersecurity official warns of threat posed by China's Huawei (France 24) Robert Strayer, the US Deputy Assistant Secretary of State for Cyber and International Communications and Information Policy, granted an interview to FRANCE 24 in which he discussed the threat posed…

UK to grant Huawei limited role in UK 5G roll out (Computing) Government sources indicate that Huawei's role in the UK's 5G networks will be limited to the periphery

US Pledges $1B to Roast Huawei With Open RAN 5G (SDX Central) The U.S. government’s attempts to stymie Chinese vendors’ strength and ability to build radio access networks (RAN) and software for 5G is evolving.

‘Apple has to help us’ — Trump, Barr turn up heat on encryption fight (POLITICO) The demands by Trump and his attorney general are raising expectations of a new push for legislation or a precedent-setting court ruling to compel Silicon Valley to give in on encryption.

Election Security Coalition Opposes Weakening Encryption (Project On Government Oversight) A bipartisan group of organizations and individuals working to protect election security highlighted the importance of encryption, and, in order to protect the integrity of our elections, called on the DOJ to end its efforts to weaken encryption.

IBM chief calls for 'precision regulation' on AI that weighs privacy against benefits to society (CNBC) "You want to have innovation flourish and you've got to balance that with security," IBM CEO Ginni Rometty said in a CNBC interview from Davos.

New U.S. law requires government to report risks of overseas activities by ex-spies (WTVB) Troubled that former American spies are plying their trade for foreign governments, Congress has passed new legislation requiring U.S. spy agencies to provide an annual assessment detailing the risks such conduct poses for national security. The new measure was driven by a Reuters inv...

Litigation, Investigation, and Enforcement

Glenn Greenwald Charged With Cyber Crimes By Brazilian Government (Citizen Truth) “Charging journalists with criminal activity based on interactions with sources sends a chilling message to reporters working on sensitive stories…” The Brazilian government charged Rio-based journalist Glenn Greenwald with cybercrimes for his reporting on leaked cellphone communications that undermined the credibility of Sergio Moro, President Jair Bolsonaro’s Justice Minister, for his politically-motivated efforts to imprison [...]

Opinion | Brazil Calls Glenn Greenwald’s Reporting a Crime (New York Times) He’s faced continual threats since revealing that leaked texts showed illegal activity by a judge who helped clear the path for Jair Bolsonaro’s election.

Why Glenn Greenwald’s Prosecution Is an Outrage (The Nation) Advocacy groups say attacks on the press are on the rise—particularly in Bolsonaro’s Brazil.

Canada prosecutors say fraud at heart of Huawei CFO Meng's U.S. extradition case (Reuters) Huawei Chief Financial Officer Meng Wanzhou returned to a Vancouver courtroom on...

Meng Wanzhou 'irreplaceable', says Huawei executive (BBC News) The Huawei CFO is fighting extradition to the US from Canada, where she was arrested in 2018.

UN experts demand US inquiry into Jeff Bezos Saudi hacking claims (the Guardian) ‘Grave concern’ expressed at evidence of possible ‘effort to silence Washington Post’

Exclusive: U.S. Cops Have Wide Access to Phone Cracking Software, New Documents Reveal (Medium) While the FBI requests ‘backdoor’ iPhone access, documents indicate law enforcement already has easy access to encrypted devices

Ubisoft sues DDoS-for-hire operators for ruining game play (Naked Security) The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players.

18-Year-Old Hacker Stole Crypto Worth $50 Mn In Sim Swapping Scam (Fossbytes) What happens when an 18-year old guy with a passion for hacking takes his passion too far? He earns $50 million worth cryptocurrency by organizing a SIM Swapping scam. Samy Bensaci, a Montreal based 18-year old was released charged with the theft of cryptocurrency worth $50 million in a well-organized SIM swapping scam.

Un présumé pirate montréalais aurait volé des millions en cryptomonnaie (La Presse) Un jeune crack en informatique de 18 ans, dont la résidence des parents a fait l’objet d’une perquisition à Montréal par la police de Toronto et la Sûreté ...

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

SecureWorld Charlotte (Charlotte, North Carolina, USA, March 4 - 5, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, March 18 - 19, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Boston (Boston, Massachusetts, USA, March 25 - 26, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Houston (Houston, Texas, USA, April 15, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Cincinnati (Cincinnati, Ohio, USA, April 21, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Toronto (Toronto, Ontario, Canada, April 23, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Kansas City (Overland Park, Kansas, USA, April 29, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Atlanta (Atlanta, Georgia, USA, May 27 - 28, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

SecureWorld Chicago (Rosemont, Illinois, USA, June 3, 2020) Join your fellow InfoSec professionals for high-quality, affordable cybersecurity training and collaboration. Earn 6-12 CPE credits through 30+ educational elements, learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with local peers.

upcoming Events

CPX 360 New Orleans (New Orleans, Lousiana, USA, January 27 - 29, 2020) Mark your calendar now for CPX 360 2020, the world’s premiere cyber security summit of the year. Globally renowned industry experts will take to the stage to share analysis, core insights, and actionable business strategies that will help take your cyber security to the next level.

SINET: Global Cybersecurity Innovation Summit (London, England, UK, January 30, 2020) Advancing global collaboration and innovation, SINET convenes a summit of international cybersecurity leaders at the British Museum. The conference will bring together innovators, investors, researchers, and practitioners to form an ecosystem where personal contact fosters a climate in which disruptive solutions to hard challenges can emerge.

CPX 360 Vienna (Vienna, Austria, February 4 - 6, 2020) At CPX 360, you’ll gain an in-depth understanding of today’s dynamic threat landscape and the emerging challenges within cyber security. Get a look at the next wave of Check Point innovation and discover how our consolidated security architecture is creating long-term strategic advantages.

5th Annual Atlanta Cyber Security Summit (Atlanta, Georgia, USA, February 5, 2020) C-Suite & Senior Level Executives: Register with Promo Code CYBERWIRE95 to receive $95 Admission (Standard Price is $350). Learn from renowned experts from The FBI, U.S. Secret Service, U.S. Dept. of Homeland Security, Google, IBM, Verizon, and more about the latest threats facing your company.

Suits & Spooks, 10th Anniversary: Taking Ownership of the Future of our Security (Washington, DC, USA, February 6 - 7, 2020) Suits & Spooks DC is the only international security summit where the attendees and speakers engage in discussion and debate of cyber/physical security challenges over the course of two days. World-class speakers will describe their vision of future threats and leading edge companies will exhibit novel solutions. Our attendees come from the public and private sectors of U.S. and allied countries, and the networking is second to none.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.