skip navigation

More signal. Less noise.

Beginner’s Guide: Open Source Network Security Tools

With so many open source tools out there, it's hard to know where to start. Get your copy of “Beginner’s Guide: Open Source Network Security Tools” today to learn how you can use open source tools for: network discovery, network IDS, vulnerability scanning & penetration testing.

Daily briefing.

Black Hat, BSides, and Def Con

A few quick observations from Black Hat as the conference winds down and is succeeded by Def Con.

Mikko Hypponen, chief research officer of F-Secure, shared some thoughts on the distinctive features of cyberwar. Fifth Domain has covered Hypponen's observations, and they're worth some reflection. What distinguishes cyberwar from kinetic war is, he thinks, the fundamentally difficult nature of attribution in cyberspace. "Cyber weapons are cheap, effective, and they are deniable," Hypponen said. False flag operations are common, and attribution is usually hedged about with reservations. There may even be doubt as to whether a cyberattack has even taken place. A missile launch is an unambiguous event, but it's often unclear if an incident in cyberspace is an attack or an accident.

This problem is closely linked to another: the difficulty of establishing deterrence in cyberspace. For deterrence to work, the adversaries must have some relatively realistic appreciation of what the opposition can do, what its capabilities are. That's one reason for the Cold War traditions of military parades in Red Square, or news footage of tests on the Pacific Missile Range. Cyber capabilities are inherently more difficult to assess. You may not even know that a particular kind of attack is possible, let alone that the opposition is capable of delivering it. "We have no idea" what offensive capabilities other nations have, Hypponen said. "So what kind of deterrence do these tools build? Nothing." (As Dr. Strangelove put it, back in the heyday of nuclear deterrence, "deterrence is the art of producing fear in the mind of the enemy," but "the whole point of the doomsday machine is lost if you keep it a secret.")

Turning to specific nation-states, Hypponen singled out North Korea for particular mention in dispatches. Making all due allowance for the difficulties of attribution mentioned above, Pyongyang does things no other government attempts, like engaging in hacking for financial gain. Part of what explains North Korea's high level of activity and relative recklessness, Hypponen argues, is that the country has very little to lose, and that makes it a different kind of threat actor.

We'll have more notes from Las Vegas early next week.

Vice reports that, contrary to various government assurances, voting machines in the US made by Election Systems & Software have in fact sometimes been connected to the Internet. County election officials who desire faster tabulation and reporting of votes establish wireless connections to SFTP servers behind a Cisco firewall. These connect with backend systems that actually count the votes. In some cases the systems have remained connected for months. Thus voting may be less air-gapped than many officials had imagined.

Both Boeing and the US Federal Aviation Administration dispute claims made this week by IOActive that the 787 Dreamliner's firmware is vulnerable to cyberattacks on flight systems. The aircraft manufacturer told PCMag that IOActive did not have full access to the 787's systems, and that Boeing's "extensive testing confirmed that existing defenses in the broader 787 network prevent the scenarios claimed." The FAA says it's "satisfied with the assessment of the issue."

With calls for increased attention to evidence of threats in social media, the FBI has issued a Request for Proposals that asks contractors to propose tools that could effectively monitor Facebook and other social media for signs of impending criminal or terrorist violence. Facebook, the Wall Street Journal says, isn't entirely happy with the idea.

Broadcom will acquire Symantec's enterprise security unit (including, CRN says, the Symantec brand) for $10.7 billion in cash. Seeking Alpha calls this Broadcom's next move in its play to become a major infrastructure technology provider. Symantec will retain its consumer-facing Norton LifeLock business.

Notes.

Today's issue includes events affecting China, European Union, France, Iran, Israel, Kazakhstan, Russia, Saudi Arabia, Singapore, United States.

Bring your own context.

Hey, Security—ever blame HR for some problem you had to mop up?

"If we turn around and actually spend more time looking at the humans that we have, they are to some degree, our best assets. And that's everybody from the users that we've blamed for everything - maybe we turn around and try to educate them in how to protect themselves more effectively and not do it in a punitive manner - all the way through to the board level, the directors and everybody else. And how do we educate in a way that they understand, not in a way that we're comfortable teaching? I think those are probably two very big ones. And then a little bit of humble pie: we need to go back to the businesses and to the areas of the business we've blamed and say, hey, how do we solve this problem together?"

—Craig Williams, head of Talos outreach at Cisco, on the CyberWire Daily Podcast, 8.6.19.

A little humility is never a bad thing.

What if your security strategy added zeros to your bottom line?

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we speak with our partners at Accenture, as Justin Harvey shares his observations from the Black Hat show floor. Our guest, Tim Tully from Splunk, describes the AI race between the US and China.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Dateline Black Hat, BSides, and Def Con

How uncertainty in the cyber domain changes war (Fifth Domain) Attack attribution and deterrence become much harder in cyberspace.

Why North Korea is a different kind of cyberthreat (Fifth Domain) North Korean hackers go beyond spying and sabotage.

IntSights Exposes Dark Side of Russia at Black Hat U.S.A. (Yahoo) IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the company's latest threat intelligence report, The Dark Side of Russia: How New Internet Laws & Nationalism Fuel Russian

Black Hat: Lessons Learned from the Equifax Data Breach (Channel Futures) Regular communication and interaction with the board of directors is important to ensuring an organization is secure. In addition, organizations should initiate crisis management tests with the involvement of the board of directors.

Privacy law 'hack' exposed fiancee's personal data (BBC News) One in four firms holding a test subject's data released it to her partner without her permission.

Project Zero Wants You To Help Make 0-Day Hard (Decipher) The Google Project Zero team is encouraging public attack research teams to form a coalition to collaborate and share data.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead (WIRED) Avaya patched a problem hackers could exploit in phones. But the bad code never went away.

Whatsapp flaw could allow hackers to alter and manipulate messages (The Telegraph) WhatsApp has refused to fix a security flaw that allows hackers to spoof messages and make it look as if they are coming from someone else, almost a year after a cybersecurity company warned that it could permit the spread of misinformation and fake news.

Facebook leaves flaw in WhatsApp unresolved for a year (Financial Times) Hackers found way to change message content and sender

Researchers Find Vulnerabilities in Boeing 787 Firmware (SecurityWeek) Security researchers have discovered a series of vulnerabilities and attacks that they believe could be possible on Boeing's 787 Dreamliner.

Security Researcher Says He Cracked 787 Airliner, But Boeing, FAA Disagree (PCMAG) A controversial talk at the Black Hat security conference revealed several possible attacks on the Boeing 787, but the airplane manufacturer disputes the claims.

Black Hat: The Future of Securing Power Grid Intelligent Devices (Security Boulevard) Today at Black Hat USA we’re presenting an innovative power grid cyber security solution that greatly improves monitoring of intelligent electronic devices (IEDs). Using the IEC 62351 standard for monitoring industrial networks, we demonstrate how four types of hard-to-detect attacks are readily identified. The post Black Hat: The Future of Securing Power Grid Intelligent Devices appeared first on Nozomi Networks.

'Dupe' there it is: SAML authentication bypass threatens Microsoft (SearchSecurity) At Black Hat 2019, researchers from Micro Focus Fortify demonstrated a technique called dupe key confusion, which bypasses SAML authentication in Microsoft technologies such as .NET.

Black Hat USA 2019: IBM X-Force Red Reveals New 'Warshipping' Hack To Infiltrate Corporate Networks (Forbes) Atherton Research's Principal Analyst and Futurist Jeb Su looks back at the IBM X-Force Red revelation at the Black Hat cybersecurity conference this week of a new type of remote cyberattacks dubbed "warshipping".

How Often Can One Program Infect Another? Let Us Count the Ways (PCMAG) At Black Hat, experts from SafeBreach report on the many different ways a malicious program could infect another process with its own code. Spoiler alert: it's a lot.

Virtru Developer Hub integrates data protection capabilities and ensures privacy of sensitive data (Help Net Security) Virtru announced the Virtru Developer Hub, a single development portal to integrate data protection capabilities and ensure the privacy of sensitive data.

NSA's reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy - CyberScoop (CyberScoop) Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public.

Tel Aviv U and Technion researchers wrest control of one of world's most secure PLCs (Eurekalert) Rogue engineering station instigated 'hostile intervention"' of Siemens programmable logic controller that runs industrial processes

Microsoft names top security researchers, zero-day contributors (ZDNet) Yuki Chen of Qihoo 360's Vulcan team named top bug hunter. Palo Alto Networks named top zero-day reporter.

#BlackHatUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity (Infosecurity Magazine) #BlackHatUSA Empathy is Key to Hiring and Retaining Women in Cybersecurity

The Black Hat cybersecurity conference app has a cybersecurity problem (Mashable) Not a great look.

Black Hat USA 2019 Cybersecurity Conference: Day 3 News (MSSP Alert) Black Hat USA 2019 conference news spans MSSPs, AT&T Cybersecurity, BlackBerry, CrowdStrike, Digital Defense, enSilo, Jask, ManageEngine, Ping Identity, Proficio, Qualys, Tenable, ThreatConnect & more.

From Vegas: A scoop, zero-days and cyber weapons (POLITICO) Huawei rule is here — ‘Long-lining’ supply chain attacks

Spotlight: Black Hat USA 2019 conference focuses on new trend in cybersecurity (Xinhua) Tens of thousands of the world's best cybersecurity professionals gathered in Las Vegas this week for the Black Hat USA 2019 cybersecurity conference, which focuses on latest development and new trend in cybersecurity.

Photo gallery: Black Hat USA 2019 (Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Qualys, Anomali, Vectra,

Photo gallery: Black Hat USA 2019, part two (Help Net Security) Black Hat USA 2019 is underway in Las Vegas. Here are a few photos from the Business Hall and the Arsenal. Featured companies: Bugcrowd, Sumo Logic, Devo

Cyber Attacks, Threats, and Vulnerabilities

U.S. Intel Officials Eye Disinformation Campaign Targeting John Bolton’s Family (The Daily Beast) Cybersecurity experts say an effort to implicate Bolton in a global drug trafficking ring bears hallmarks of past Iranian influence operations.

Exclusive: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials (Vice) The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states.

New Windows Process Injection Can Be Useful for Stealthy Malware (SecurityWeek) Researchers have catalogued most known Windows process injection techniques and discovered a new one, which they say is stealthy and can bypass all Microsoft protections.

Online Account Origination Fraud: When New Users Are Bad News (NuData Security) Your online company is getting lots of new online customers, but you don’t understand why revenue numbers don’t add up. OAO is probably to blame.

Wind River VxWorks (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection or Modification 2.

Twitter may have shared your data with its ad partners without your permission (Naked Security) Some user data, such as country and device type, was exposed to some advertisers for over a year.

Microsoft Says It 'Listens' to Conversations Only With Permission (SecurityWeek) Microsoft says its contractors listen to conversations to hone voice translation features offered by Skype and its digital assistant Cortana, but only when obtaining user permission.

Vulnerability in Kubernetes Allows Access to Custom Resources (SecurityWeek) A vulnerability (CVE-2019-11247) in the Kubernetes container orchestration system could allow users to read, modify or delete cluster-wide custom resources.

Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs (SecurityWeek) Hackers can use rogue engineering stations to take control of Siemens PLCs while hiding the attack from the engineer monitoring the system, researchers demonstrate.

F-Scrack-mimikatz – A bundle of tools (Avast Threat Labs) Recently when analyzing samples which attempt to bypass various applocking techniques we revisited an older bundle of various tools with the sole purpose to make money for the operators. Although the campaign seems to be long inactive it illustrates that creating malware capable of making money takes little to no writing original code and all …

DanaBot Banking Trojan (Infoblox) On 19 April, security researcher Brad Duncan reported a malicious spam campaign that used compressed Windows link files (LNK) to deliver DanaBot malware.1 DanaBot is a relatively advanced banking trojan with a modular design that allows for multiple vectors of attack.

Banking Trojans: What Financial Services Institutions Need to Know and How to Stay Protected (Infoblox) Fewer than 100 years ago, people had to physically walk to the bank to pay their bills and had no choice but to carry around loose change. Thanks to innovations in technology, banking services have come a long way since then. Consumers today can conduct almost all of their banking activities from co...

Serious security issue in F5’s BIG-IP could lead to cyber breaches en masse (Finextra Research) Cyber security provider F-Secure is advising organizations using F5 Networks’ BIG-IP load balancer, which is popular amongst governments, banks, and other large corporations, to address security issues in some common configurations of the product.

Exclusive: Kaspersky Software Lingers On Sensitive Government Systems 2 Years After U.S. Ban (Forbes) New research shows that Kaspersky Lab's antivirus software remains active on sensitive U.S. government networks two years after it was banned as a potential security risk by the Trump Administration.

Huawei Firmware Analysis Reveals Security Problems (InfoQ) Finite State located significant security issues in Huawei firmware images, including memory corruption, hardcoded encryption keys, and unsafe functions used in place of the secure alternatives.

Researchers uncover over 35 vulnerabilities in six leading enterprise printers (Help Net Security) Researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, many of which allowed full compromise of machines.

BEC Attacks: A Closer Look at Invoice Scams (PhishLabs) Why do Invoice Scams, a form of phishing attack, constantly bypass email security technology? The lack of attachments and links.

Valve's Steam hit by privilege escalation zero-day vuln (Bit-Tech) Researcher releases findings without a fix.

Security bod uncovers 'severe' zero-day flaw in Steam's Windows client (Inquirer) Vuln was rejected by Valve for being 'out of scope',Security ,Valve Software,hackerone,Steam,Security

Chap uncovers privilege escalation vuln in Steam only to be told by Valve that bug 'not applicable' (Register) Exploit allows any app to run with full local admin rights on Windows

New Trojan Records Your Screen When on Sex Related Sites (BleepingComputer) A new Spambot Trojan targeting French people has been discovered that records a victim's screen when they are using sites related to sex, pornography, and known pornographic sites.

Group sex app leaks locations, pics and personal details. Identifies users in White House and Supreme Court (Pen Test Partners) We've seen some pretty poor security in dating apps over recent years; breaches of personal data, leaking users locations and more. But this one really takes

Security Patches, Mitigations, and Software Updates

Update your iPhone – remote control holes revealed by researchers (Naked Security) You might not think your phone is as exposed as an internet server – but it’s handling plenty of untrusted data from unknown sources!

Cyber Trends

The Exxon Valdez of cyberspace (The Economist) If data are the new oil, data breaches should be treated like oil spills

US Accounts for More than Half of World's Ransomware Attacks (BleepingComputer) The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs.

Marketplace

Broadcom to Acquire Symantec Enterprise Security Business for $10.7 Billion in Cash (Seeking Alpha) Accelerates Broadcom's Efforts to Build One of the World's Leading Infrastructure Technology Companies

Broadcom Buys Cybersecurity Business As Symantec Exits Enterprise Market (Investor's Business Daily) Chipmaker Broadcom (AVGO) agreed to buy cybersecurity firm Symantec's (SYMC) division that serves large business customers for $10.7 billion in cash, the companies said Thursday. Broadcom stock and Symantec stock gained in extended trading.

$10.7B Broadcom-Symantec Enterprise Deal Creates Software Titan (CRN) Broadcom has agreed to purchase Symantec's enterprise business in a massive $10.7 billion deal that will break up the world's largest pure-play cybersecurity vendor.

ManTech Acquires H2M Group To Beef Up Geospatial, Intelligence Analysis Capabilities (CRN) About 40 percent of ManTech's business comes from the intelligence community.

Privacy Platform Provider Securiti.ai Emerges From Stealth With $31 Million Funding (SecurityWeek) Securit.ai has emerged from stealth with $31 million in funding to launch its platform that uses artificial intelligence to understand the nature and use of companies' stored personal data.

DHS Is Building A Contract To Manage All Its Cybersecurity Operations Centers (Nextgov.com) The single contract will likely have multiple awardees, each capable of managing the entirety of operations at each of the department’s 17 security centers.

The Navy is gauging its cyber risks (Fifth Domain) A contract has been awarded to perform assessments for Naval Air Systems Command in California.

Huawei’s new operating system is called HarmonyOS (The Verge) For everything from smart speakers to wearables.

Huawei Unveils Android Replacement Following U.S. Ban (Wall Street Journal) Chinese technology giant Huawei’s new operating system, called HarmonyOS, is intended to run on all of its consumer gadgets, as it races to develop backups to U.S. technology following its U.S. blacklisting.

Huawei doesn't see open source as the fix for spying accusations (but they should) (TechRepublic) The closed-source, opaque operation of network equipment makes spying accusations difficult to disprove. This could be solved by opening the software stack, but Huawei CSO Andy Purdy disagrees.

Apple Will Give You $1 Million For Finding Security Flaw In iOS, And MacOS (Gizbot) Apple increases the bug bounty reward to $1 million for security researchers. All you need to know.

Randall and Watkin-Child join CIP advisory board (CIO) Cybersec Innovation Partners (CIP) are delighted to announce the appointment of Don Randall MBE and Andy Watkin-Child (CSyP, CEng) as advisory board members who will provide expertise and strategic advice to support the company’s growth plan.

Products, Services, and Solutions

Arkose Labs Deploys Major Enhancements to its Fraud and Abuse Defense Platform (BusinessWire) Arkose Labs, the platform that bankrupts the business model of fraud and abuse, today announced key enhancements to its patented technology. These enh

Code42’s New Data Loss Detection and Response Capabilities Spot Data Theft When Employees Quit (Yahoo) Code42, the leader in data loss protection, announced its Code42® Next-Gen Data Loss Protection solution now includes advanced exposure dashboards and expanded alerting functionality to help companies protect data from loss when employees quit. Code42 also introduced an integrated offering for IBM Resilient

Dragos Platform Covers Cyber Defense and Threat Intelligence (ARC Advisory) ARC Advisory Group recently discussed the requirements for continuous asset and network monitoring with executives from Dragos, an industrial cybersecurity company with a large staff of experts in industrial/OT cyber defense and threat intelligence.

Cybersecurity companies bring advanced encryption and quantum tech to Aus (Security Brief) “This is an outstanding example of world leading Australian cyber security research and development being commercialised to our domestic market and demonstrating its importance to export markets.

New technology makes GPS more secure and reliable for military systems (PR Newswire) Raytheon (NYSE: RTN) received security certification for new GPS modules and receivers from the Global...

Technologies, Techniques, and Standards

GM Cruise Releases Automated Firmware Security Analyzer to Open Source (SecurityWeek) FwAnalyzer is designed to provide continuous firmware security analysis. It was built for Linux-based devices, including Android, but can setup to work on similar platforms.

How to Detect a Cyber Attack Against Your Company (IndustryWeek) This article is the third installment in a five-part series outlining best practices when it comes to "Cybersecurity for Manufacturers." These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

How provider organizations can protect against credential stuffing and data scraping (Healthcare IT News) With protected health information such a juicy target for cybercriminals, both data theft techniques are on the rise in healthcare.

Design and Innovation

Employees must monitor AI at work for sexist and racist bias, warns CBI (The Telegraph) Employees have been encouraged to monitor the use of artificial intelligence (AI) in the office to make sure that it doesn’t become racist or sexist.

Research and Development

'Zero Trust' Lab Will Explore the Future of Pentagon Data Security (Defense One) Once upon a time, U.S. Cyber Command and DISA could act like no one got past their passwords. Those days are over.

Academia

Carnegie Mellon's prestigious computer science school has a new leader (Pittsburgh Post-Gazette) Martial Hebert is known among colleagues as a top researcher in the areas of computer vision, robotics and artificial intelligence.

PDX Cyber Camp trains teens as vanguard of digital defense (Portland Tribune) Cyber security is a booming field where six figure jobs go unfilled. One teen camp aims to change that.

Legislation, Policy, and Regulation

Kazakhstan halts introduction of internet surveillance system (Reuters) Kazakhstan has halted the implementation of an internet surveillance system crit...

Did Mohammed bin Salman Just Give Jihadis the World’s Greatest Terrorist Recruiting Tool? (Foreign Policy) Anger at the presence of U.S. troops on sacred Saudi soil led Osama bin Laden to found al Qaeda and wage jihad on the West.…

Strategy or Straitjacket? Three Reasons Why People Are Still Arguing About the National Defense Strategy - War on the Rocks (War on the Rocks) “It feels so weird to not intervene in the Middle East. I know we’re trying to avoid getting sucked in, but it’s hard to say no.” These were the words my

U.S. Holds Off on Huawei Licenses as China Halts Crop-Buying (Bloomberg) China stopped U.S. farming purchases after new tariff threat. Trump said he’d ease Huawei restrictions before tensions rose.

New Russia Sanctions: Justified, But Feeble and Awkward (Atlantic Council) Late on August 2, under pressure from the US Congress and nearly seven months later than the law allows, the Trump Administration imposed additional sanctions on Russia for its attempted assassination-by-nerve-gas of a former Russian intelligence...

Trump names retired Navy SEAL vice admiral new acting director of national intelligence via Tweet (C4ISRNET) In a one two punch, President Donald Trump announced via Twitter both that the nation’s number two intelligence official would be resigning and that he had named a new acting director of national intelligence―current National Counterterrorism Center Director Joseph Maguire.

Sue Gordon has resigned as deputy director of national intelligence (CNBC) President Donald Trump confirmed that Gordon would be leaving on Twitter this evening, not long after Bloomberg News was the first to report her departure.

Litigation, Investigation, and Law Enforcement

FBI and Facebook Potentially at Odds Over Social-Media Monitoring (Wall Street Journal) An effort by the FBI to more aggressively monitor social media for possible threats sets up a clash with Facebook’s privacy policies and its attempts to comply with its recent FTC settlement.

Facebook loses facial recognition appeal, must face privacy class... (Reuters) A federal appeals court on Thursday rejected Facebook Inc's effort to undo ...

How Amazon is becoming indispensable to America’s police (NBC News) Dozens of law enforcement agencies have used Amazon-powered technology to modernize crime fighting — but critics raise fears of privacy abuses.

Apple is under formal antitrust probe in Russia (TechCrunch) Make way for another antitrust investigation into big tech. Step forward Russia’s Federal Antimonopoly Service (FAS), which has opened an official probe of Apple — following a complaint lodged in March by security company Kaspersky Labs. Kaspersky’s complaint to FAS followed a cha…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Hack the Sea (Las Vegas, Nevada, USA, August 8 - 11, 2019) Hack The Sea is a three day mini-conference that will be held in the villages of DEF CON 27. Hack The Sea will provide a variety of hands-on, collaborative learning experiences ranging from mini-workshops...

DEF CON 27 (Las Vegas, Nevada, USA, August 8 - 11, 2019) DEF CON is a hacker convention which takes place immediately following Black Hat in Las Vegas every year.

Cybersecurity Summit, New York (New York, New York, USA, August 13 - 14, 2019) The Cybersecurity Summit, New York, invites information security practitioners to learn about the latest trends in data breaches and frauds, and about mitigation strategies. ISMG’s Global Summit focuses...

Virginia Cybersecurity Education Conference (Fairfax, Virginia, USA, August 13 - 14, 2019) The goal of the Virginia Cybersecurity Education Conference is to get attendees thinking about ways to engage students at all grade levels in hands-on, meaningful educational activities related to cybersecurity.

AcceleRISE (Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching, The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.