skip navigation

More signal. Less noise.

Daily briefing.

Iran's cyber warfare director has been shot dead. As of this writing Iranian authorities have neither announced suspects nor called the shooting an assassination (which it manifestly is).

Hacktivists strike targets in India, Israel, Slovakia, and Canada. Palestinian-sympathizing AnonGhost claims the last three acts of cyber vandalism, but the attack on Canadian sites is an apparently motiveless outlier—the targets are baseball-related and the defacements carry no political message.

Django is vulnerable to compromise of session cookies, but there are no plans to patch the hole. Webroot offers interesting observations on the "vertical integration" of a criminal DDOS-for-hire-service operating in a "vibrant" corner of the black market. The ZeroAccess botnet remains highly profitable, with India accounting for a growing portion of its victims. Poor patching sustains WordPress vulnerabilities (as frustrated security experts preach patching to an apparently heedless choir).

US Intelligence Community leaders warn of the cyber dangers inherent in the current Government shutdown. DNI Clapper's confidence in the ability of financially pinched analysts to resist recruitment by hostile intelligence services is surprisingly shaky.

Insurers are urging their customers to adopt more sophistication cyber defenses. The financial sector similarly emphasizes the inadequacy of legacy, commodity antivirus and perimeter defenses. New EU penalties will soon render failure to secure enterprise networks costly.

Market analysts like Lockheed Martin's cyber capabilities. Northrop Grumman announces layoffs.

Triumfant reports that otherwise stealthy in-memory attacks betray their activity by creating processing delays.

Senatorial investigation of US surveillance policy raises allegations of geotracking and social network analysis.

Notes.

Today's issue includes events affecting Canada, European Union, India, Iran, Israel, Republic of Korea, Palestinian Territories, Slovakia, United States..

Cyber Attacks, Threats, and Vulnerabilities

Iranian cyber warfare commander shot dead in suspected assassination (Telegraph) The head of Iran's cyber warfare programme has been shot dead, triggering further accusations that outside powers are carrying out targeted assassinations of key figures in the country's security apparatus

Hindustan Times Hacked, Data Leaked (Softpedia) The website of the popular Indian English-language newspaper Hindustan Times has been hacked and defaced by a hacker calling himself Silent Hacker

Public Works Department India website hacked with several Indian Govt Sites (Hackers Post) H4x0r HuSsY, famous for hacking Indian govt sites hit again. This time The official website of Public Works Department, Punjab with 10 other Indian Govt sites hacked by H4x0r HuSsY. Anatomy of the attack on the Indian server is unknown. The hacked sites belongs to different name servers. Two weeks before, Indian BioResource Information Network was hacked by the same hacker

Behind the South Korean Government DDoS Attacks (Threatpost) In the last few years, there have been a series of DDoS attacks and intrusions on government networks in South Korea that have resulted in the loss of untold amounts of data. The four attacks haven't been linked together or attributed to the same attackers, but there are some similarities in the methods and results

Security Vulnerability in Django Could Allow Attackers Access to Cookies (Threatpost) Web app framework Django contains a vulnerability that puts session cookies at risk, but the group in charge has decided not to patch the flaw, and instead warn developers about the problem

DDoS for hire vendor 'vertically integrates' starts offering TDoS attack capabilities (Webroot Threat Blog) DDoS for hire has always been an inseparable part of the portfolio of services offered by the cybercrime ecosystem. With DDoS extortion continuing to go largely under-reported, throughout the last couple of years — mainly due to the inefficiencies in the business model — the practice also matured into a 'value-added' service offered to cybercriminals who'd do their best to distract the attention of a financial institution they're about to (virtually) rob. Operating online — under both private and public form — since 2008, the DDoS for hire service that I'll discuss in the this post is not just offering DDoS attack and

ZeroAccess: The Most Profitable Botnet (F–Secure) In March of this year, researchers on Symantec's Security Response team began looking at ways in which they might be able to "sinkhole" (takedown) ZeroAcess — one of the world's largest botnets. But then... in late June, the botnet started updating itself, removing the flaw that the researchers hoped to take advantage of. Faced with the choice of some or nothing, the team moved to sinkhole what they could. And that was over 500,000 bots

India has third highest infection rate of ZeroAccess botnet (Zee News) ZeroAccess, which is one of the largest known botnets in existence, has infected more than 1.9 million computers globally on a given day in August this year with India having the third highest infection rate after the US and Japan, cyber security firm Symantec has said

WordPress Attacks: Time To Wake Up (InformationWeek) The latest WordPress hacks highlight our continued laziness when implementing online security, a problem made worse by free, easy-to-use sites. I wrote a Security 101 story in light of this news — outdated WordPress sites are used to launch malicious attacks on other websites — it would go something like this: Use strong passwords. Stay current on software updates and patches. Educate employees on security risks and fundamentals. Use anti-malware tools and other technologies. Wash, rinse, repeat

Potential Ripples of Stretched Cyber Support During Shutdown (Nextgov) With electronic infrastructure still up and running despite the government shutdown, the lack of staff support in information security shops is likely affecting the government's ability to respond to cyber threats and attacks and creating potential ripple effects for cybersecurity going forward

Clapper: Temporarily Out Of Work Intelligence Analysts Pose A Special Risk (Business Insider) The government shutdown has "furloughed," or placed on unpaid leave, up to 400,000 government contractors, thousands of whom work in the government's military intelligence and espionage programs

Enterprises risk data theft from old laptops (FierceMobileIT) Many companies turn in their old laptops to the computer firm that sells them their new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay

Security Patches, Mitigations, and Software Updates

Google Updates Chrome 30 for 50 Security Flaws (eSecurity Planet) Google doubles the number of vulnerabilities it has fixed in new browser release. Google is out with its latest Chrome stable browser release, providing one of the highest security fix counts in the history of Google's popular open source browser. The Chrome 30.0.1599.66 release, available

Cyber Trends

NCUA's Matz urges CUs to examine cybersecurity in honor of October awareness initiative (Bank Credit News) In honor of Cybersecurity Awareness Month in October, National Credit Union Administration Chairman Debbie Matz urged credit unions on Monday to implement cybersecurity controls to protect against cyber threats

EU Cyber Security Directive Could Cost Organisations Billions (Broadway World) EU Cyber Security Directive Could Cost Organisations Billions A study from Tripwire and the Ponemon Institute has revealed that many of the world's largest

Hackers get past anti–virus software (GoErie) At a time when millions of computer users face increasingly sophisticated cyberattacks, the anti-virus software they rely on to keep their information safe frequently fails to do the job. Of 45 pieces of malware that lingered on the New York Times computer systems for a third of a year, just one was spotted by its anti-virus software, the newspaper disclosed in January. That same month, security company Kaspersky disclosed a global data-stealing scheme had evaded detection by anti-virus products for five years

Is wireless the Trojan horse in your network security? (Help Net Security) According to Roger Klorese of WatchGuard technologies, smartphones and tablets now account for about 25% of devices used for work in the US. Wireless, mobility and BYOD are all part of an unstoppable

Four Questions To Ask About Every Cyber Risk Report (Wall Street Journal) Verizon's 2013 Data Breach Report said most breaches are perpetrated by outsiders but the Global State of Information Security Survey 2014 said most of the responsibility lies with current and former employees. Ponemon Institute's 2013 study has yet another take: that human error and system problems are major contributors

Marketplace

Lockheed Martin Cyber Security Programs Achieve Significant Milestones (MarketWatch) Lockheed Martin LMT -1.49% achieved several significant cyber security accomplishments in slightly more than a year, solidifying the corporation's position as a leader in cyber security

Death of a Cloud: IBM Partner Nirvanix Files for Bankruptcy (Wired) The company behind IBM's storage cloud is indeed on the way out. Last month, Nirvanix — the San Diego, California company that powered IBM's SmartCloud Storage service — told customers and partners that it was shutting down on September 30

Northrop to lay off 52 employees in Reston (Washington Business Journal) Some contract maneuvering from a federal agency will force Falls Church-based Northrop Grumman Corp. to lay off 52 employees working in Reston. The company filed a layoff notice to the Virginia Workforce Network, saying that the employees from the Intelligence Systems division within the Information Systems segment will lose their jobs by Nov. 29. One of Northrop's contracts is coming to an end, confirmed spokesman Randy Belote, who noted that it was unrelated to the federal shutdown

CISO Interview: Richard Bejtlich (SYS-CON) This is an interview with Richard Bejtlich, Chief Information Security Officer at Mandiant- a major player in the industry leader helping organizations detect, respond to, and contain computer intrusion

So I'm the guy who sent the t–shirt out as a thank you. (Yahoo! Developer Network) So, I am the guy who started sending t-shirts as a thanks to people when they sent us a potential vulnerability issue. What an interesting 36 hours it has been :) Here's the story. When I first took over the team that works with the security community on issues and vulnerabilities, we didn't have a formal process to recognize and reward people who sent issues to us. We were very fast to remedy issues but didn't have anything formal for thanking people that sent them in

Bitdefender injects aggressive changes to Partner Program (Techday NZ) Bitdefender has dramatically overhauled its partnership program as the company continues to expand within the global security industry. Bitdefender COO

James Koenig Named Booz Allen Privacy, Health Cyber Lead (GovConWire) James Koenig, formerly a practice lead at PwC, has joined Booz Allen Hamilton (NYSE: BAH) to lead the firm's privacy and identity theft practice and cybersecurity in the commercial health market

Security Startups: Interview with CyberARM CEO and Co–Founder Shay Zandani (SecurityWeek) SecurityWeek: How did you start out in the computer field and in particular, security? Shay: My background is with "Mamram" - the Israel Defense Force's technical unit. Later, I joined the Israeli Air Force as a programmer where I worked as a team leader and officer. After a few years, I was asked to establish the information warfare department which, generally speaking, means using the enemy IT systems on the defense's behalf. At that time all this was strictly confidential, not like nowadays where there's an information warfare department, and counter cyber-attacks. After proving the team's capabilities, I was asked to establish the "Blue team" which focused on protecting the systems. When I left the army, I gained industry experience with several start-ups. At one of the startups, we established the first Trusted Third Party (TTP). Unfortunately, the idea was ahead of its time - we had a great technical success but it was a marketing failure. After that, I joined PricewaterhouseCoopers (PwC). At PwC I became the CEO of the Global Risk Management Solutions (GRMS) Group. I spent more than 10 years there, running their risk management and IT practices. I left 1.5 years ago to establish CyberARM

Catonsville startup Light Point relishes national attention (Baltimore Business Journal) Cyber startup Light Point Security is feeling the warmth of being in the spotlight. Catonsville-based Light Point has made it to the top five contestants in a Wall Street Journal startup competition that attracted 500 applications. The company still has to make it through two more challenges to win, but already Light Point is experiencing the benefits of being a winner. Investors, potential clients and media have been flocking to Light Point

Products, Services, and Solutions

General Dynamics Fidelis Cybersecurity Solutions Continues to Strengthen Threat Intelligence, Detection and Prevention (Hispanic Business) General Dynamics Fidelis Cybersecurity Solutions announced its flagship network security solution, Fidelis XPS, now includes a new application of YARA technology, a rule-based malware identification and classification tool, that will increase the real-time prevention of malware attacks by analyzing threats in network traffic. Arming customers with another innovative method to detect malicious traffic as it flows on the network, the continued enhancements to Fidelis XPS help customers reduce remediation costs by blocking malware before it enters the enterprise

McAfee Offers Solution to Remediate Advanced Malware (Wall Street Journal) A centralized, multi-protocol malware analysis model eliminates appliance sprawl and eases integration with existing technology investments. Unlike standalone

Trustwave Launches On'Demand Pen Testing Service (SecurityWeek) Trustwave has launched a new subscription-based, penetration testing service that lets businesses schedule, manage and adjust penetration tests through a cloud-based portal

Technologies, Techniques, and Standards

Identifying And Discouraging Determined Attackers (Dark Reading) Enterprises are finding ways to identify targeted attackers and give them fits. Here's how. George S. Patton said, "Nobody ever defended anything successfully — there is only attack and attack and attack some more." So, is it possible to strike back at your attackers? And more importantly, is it the sensible thing to do

Attacks On Volatile Memory Can Be Detected, Researchers Say (Dark Reading) In-memory attacks create processing delays that give hackers away, Triumfant research says. Elusive attacks on a computer's volatile memory can be detected through a detailed analysis of processor behavior, according to new research. Researchers at security vendor Triumfant have discovered that in-memory attacks create a significant delay in system calls that is typically beyond the normal variance of processing time. The ability to detect such attacks — which have generally eluded most security tools because they attack data that is not stored — could enable enterprises to interrupt the attacks before they can do any damage, Triumfant says

Who owns this website? That information may soon be "need to know" only (Quartz) The governing body that oversees the internet's naming system is considering wide-ranging changes to the way domain names are registered. The changes are designed to protect the privacy of people who own websites, but critics argue that such a move would make cybercrime harder to fight and possibly even stifle future innovation

8 tips for safer online banking (CSO) Most of us use online banking. But are you making sure you're doing it as safely as possible? Check to make sure you're doing all of these 8 things

Penetration Testing With Honest–To–Goodness Malware (Dark Reading) Popular fiction usually dictates that the primary cyberfoe of big business is a young, nerdish, and exceedingly smart computer hacker with a grudge against practically anyone and everyone. It may be this particular cliched (and false) stereotype of a hacker that many business analysts and executives have, in turn, used as justification for testing the defenses of their organizations in a particular way. While some may supplement this image of a hacker with concrete bunkers filled with uniformed cyberwarriors if they feel worthy of state-initiated attacks, it is a sad fact that many of the methodologies currently employed by organizations to evaluate their tiered defenses are tired and dated

Incident Response Teams: The MVPs Of Your Cyber Defense (Part 1 of 4) (ThreatTrack CSO) A recent study by ThreatTrack Security illustrated an ongoing paradox for many CISOs. On one hand, nearly 70% of the C-level participants in the study said they're concerned their organization might not be as protected as it should be against malware, Advanced Persistent Threats and other cyber espionage tactics. Yet nearly half also admitted that they don't have an incident response team in place or use advanced malware analysis tools such as sandboxes to further protect their companies

What to Expect When You're NOT Expecting: 7 Steps of a Professional Forensic Investigator (infosec island) A bad day. You receive a letter from your favorite payment brand, which states that your organization has experienced a breach of Card Holder Data. A copy of the letter has also been forwarded to your merchant bank; as a courtesy. Typically you have a week to respond to their request to have a PCI Forensic Investigator (PFI) determine how the breach occurred. Notice that you are pretty much guilty until proven innocent, and to select your vendor of choice, you are directed to the PCI PFI list. Once you have chosen a vendor based on aligned interests and specialty, they'll get to work stepping you through to a report to the payment brands

Research and Development

Crowdsource Control (IEEE Spectrum) The idea of aggregating the opinions of online users to produce valuable results dates back to John Brunner's 1975 science fiction novel, The Shockwave Rider. Today, crowdsourced opinions are very much a fact of daily life

IBM research stakes its future on cognitive computing (ZDNet) IBM Senior Vice President John E. Kelly says the company has entered a new era in computing, and announces the company's plans for future partnerships

Academia

Carnegie Mellon Cyber Security Scholarships (Industrial Safety and Security Source) Seventeen Carnegie Mellon University (CMU) graduate students earned cyber security scholarships from the National Science Foundation, the Department of Homeland Security's CyberCorps Scholarship for Service (SFS) Program and the Department of Defense's Information Assurance Scholarship Program (IASP)

Legislation, Policy, and Regulation

Sen. Feinstein Claims The NSA Does Collect Phone Call Location Information, Contradicting The NSA (TechCrunch) Today Senator Feinstein stated that the NSA phone metadata program that collects records on the telephone calls of American citizens includes location information. Previously, head of the NSA, General Keith B. Alexander, stated that the NSA was not currently collecting call location data under the authority of Section 215 of the Patriot Act. It was left open that other authorization could allow

NSA Experimented With Cell Phone Location Tracking Program (TechCrunch) The National Security Agency experimented with a cell phone location tracking program in 2010, but eventually shelved the idea. Director of National Intelligence, James Clapper, declassified the program during a senate testimony today on Capitol Hill

NSA May Not Be Collecting Your Location Data From Telco Dragnet…Because It Gets It From Your GPS (techdirt) As we noted last week, Senator Ron Wyden has been repeatedly asking the intelligence community about whether or not they're tracking the location on any Americans, and the intelligence community has steadfastly avoided giving a straight answer (as they do). Specifically, he was asking about whether or not the NSA has in the past, or has plans to, get location data on Americans in bulk. The NSA's Keith Alexander did his "under this program" two step, in which he insists that they are not doing so under this program and at this time. That leaves open other programs and at other times

NSA Chief Denies Report on Social Network Spying (SecurityWeek) The head of the National Security Agency said Wednesday the secretive intelligence service does not compile data on Americans' use of social networks, dismissing a media report as "wrong." General Keith Alexander told a Senate hearing that a New York Times article "jumped to the conclusion this was done on Americans, that's not true."

Time to Split the Cyber 'Deep State' of NSA and Cyber Command (Huffington Post) Imagine if the commander of U.S. Pacific Command were the leading source of information on the Chinese military threat, had the ear of Congress on China policy, ran covert military operations against China, and could decide what information on China was classified. This perverse concentration of power is similar to where the United States has found itself on cyber policy. To restore balance, Congress and the president must ensure that new initiatives to control surveillance are more than just cosmetic by reforming America's current national security cyber organizations

NSA Hiring Civil Liberties Watchdog (Time) Whether or not the in-house overseer would be furloughed in a shutdown is not yet known. Times are tough for the US intelligence services these days, what with 70 percent of the intel workforce reportedly on indefinite furlough amid the government shutdown. Director of National Intelligence James Clapper is so concerned about the situation he warned

Barack Obama's SSL certificate, NASA and NIST among those to fall as government shutdown hits sites (Graham Cluley) Barack Obama's website may still be up and running, but no-one has paid for his SSL certificate to be renewed

Military Health System examines privacy, identity challenges (FierceHealthIT) As the U.S. Department of Defense and Veterans Affairs work toward an effective electronic exchange of healthcare records, issues of patient privacy and identity management remain

Cyber Failures in Obamacare Exchanges: Dangerous to Your Wallet and Privacy (Heritage) Yesterday marked the grand opening of the new Obamacare health insurance marketplaces, and the rollout did not go smoothly. Even more worrying is that these website errors are only the tip of the iceberg

Army CIO/G6 Susan Lawrence retires (FierceGovIT) Army Chief Information Office and G6 Lt. Gen. Susan Lawrence is leaving her position, posting a final message online on Oct. 1

Separate commands for spl ops, cyber security, space:IAF chief (Business Standard) The armed forces propose to set up three separate commands in the fields of special operations, cyber security and space, IAF Chief NAK Browne said

Litigation, Investigation, and Law Enforcement

How the feds took down the Dread Pirate Roberts (Ars Technica) The Dread Pirate Roberts, head of the most brazen drug trafficking site in the world, was a walking contradiction. Though the government says he raked in $80 million in commissions from running Silk Road, he allegedly lived under a false name in one bedroom of a San Francisco home that he shared with two other guys and for which he paid $1,000 a month in cash. Though his alleged alter ego penned manifestos about ending "violence, coercion, and all forms of force," the FBI claims that he tried to arrange a hit on someone who had blackmailed him. And though he ran a site widely assumed to be under investigation by some of the most powerful agencies in the US government, the Dread Pirate Robert appears to have been remarkably sloppy—so sloppy that the government finally put a name to the peg leg: Ross William Ulbricht

Lavabit got order for Snowden's login info, then gov't demanded site's SSL key (Ars Technica) Had e–mail provider given up key, all users' data would have been compromised. The American government obtained a secret order from a federal judge in Virginia demanding that Lavabit hand over its private SSL key, enabling authorities to access Edward Snowden's e–mail, and e–mail belonging to Lavabit's 400,000 other users as well. That sealed order, dated July 10 2013, was first published on Wednesday by Wired reporter Kevin Poulsen

Silk Road bust demonstrates feds penetration of Deepnet (CSO) Leader of website arrested by FBI, charged with conspiring to money launder and more

The Silk Road Shuts Down, But The Black Market Isn't Going Anywhere (Forbes) At 3:15PM Tuesday afternoon, the FBI arrested the alleged Dread Pirate Roberts, the operator of online black market site The Silk Road, at a public library in San Francisco

LOVEINT dominates NSA intentional misuse of surveillance powers (FierceGovernmentIT) Auditors from the National Security Agency say they know of 12 cases of intentional misuses of NSA surveillance powers that have been uncovered since Jan. 1, 2003

Tech firms' release of PRISM data will harm security — new U.S. and FBI court filings (Gigaom) The FBI and the US government say Google, Microsoft and other tech firms have no free speech right to declare how many data demands they receive under a controversial Foreign Intelligence Surveillance Act legal process

End Of The Silk Road: FBI Says It's Busted The Web's Biggest Anonymous Drug Black Market (Forbes) After two and a half years running the booming anonymous narcotics bazaar known as the Silk Road, the drug kingpin who called himself the Dread Pirate Roberts has allegedly been unmasked

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

NSU Hosts FBI Presentation on National Cyber Security Awareness (Fort Lauderdale, Florida, USA, October 3, 2013) GSCIS Hosts the Federal Bureau of Investigation (FBI) Special Agents special presentation on "National Cyber Security Awareness." RSVP at the link.

The Monktoberfest (Portland, Maine, USA, October 4, 2013) Our speakers will explore how social trends can change the way we build and use technology, and how technology in turn can change the way we socialize.

Suits and Spooks NYC 2013 (New York, New York, October 5, 2013) Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state...

Forensics and Incident Response Summit EU (Prague, Czech Republic, October 6 - 13, 2013) The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. In addition, we encourage you to take every opportunity to...

CyberMaryland 2013 (Baltimore, Maryland, USA, October 8 - 9, 2013) Join cybersecurity leaders, luminaries and rising stars at CyberMaryland 2013. This two-day event at the epicenter of the nation's cybersecurity innovation and education, will create opportunities for...

2013 Maryland Cyber Challenge (Baltimore, Maryland, USA, October 8 - 9, 2013) Held in conjunction with Cyber Maryland and intended to let students and young professionals showcase their cybersecurity skills, Maryland Cyber Challenge offers competition in three divisions: high school,...

AFCEA Hill AFB Technology & Cyber Security Expo (Ogden, Utah, USA, October 9, 2013) The purpose of this first-time event is to allow base personnel the opportunity to learn about the latest computer security trends, network with peers, share remediation strategies and to view and demo...

NSU's Raising Savvy Cyber Kids with Ben Halpert (Fort Lauderdale, Florida, USA, October 10, 2013) Ben Halpert is an award-winning author of several books for diverse audiences. The Savvy Cyber Kids At Home: The Family Gets A Computer (October, 2010) is a picture book that teaches the concepts of online...

International Conference on Cyber–Enabled Distributed Computing and Knowledge Discovery (Shanghai, China, October 10 - 12, 2013) International Conference on Cyber-enabled distributed computing and knowledge discovery -promotes research and development of the cyber-related technology. It is unique and significant that spans through...

VizSec 2013 (Atlanta, Georgia, USA, October 14, 2013) VizSec brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques.

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer...

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit...

SNW Fall 2013 (Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and...

Hexis Exchange (Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such...

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers,...

NSU Healthcare Cyber Security Summit (Fort Lauderdale, Florida, USA, October 17, 2013) In today's modern healthcare systems, data is everywhere, including sensitive patient data that needs to be secured and monitored. Join top healthcare security professionals from Nova Southeastern University,...

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have...

Securing the Internet of Things Summit (San Francisco, California, USA, October 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications,...

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security...

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully...

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, October 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting...

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest...

Hack.lu 2013 (Luxembourg, October 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.

Joint Federal Cyber Summit 2013 (Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished...

NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, October 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security...

BREAKPOINT 2013 (Melbourne, Australia, October 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for...

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S.

RSA Conference Europe (Amsterdam, the Netherlands, October 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning...

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary,...

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.