skip navigation

More signal. Less noise.

Daily briefing.

Russia-sympathizing hacktivists of Cyber Berkut claim responsibility for defacing Polish governmental and financial sites with images of the Holocaust. Poland's offense, according to Cyber Berkut, is "sponsoring fascism" in Ukraine at the behest of meddling Americans.

Russia's application of a strong hand to Internet censorship shows mixed success (witness the case of "Sergeant Selfie") but Ukraine's government seems ready to implement similarly restrictive policies.

Cyber rioting continues to shadow physical protest in Ferguson, Missouri, USA.

New Zealand's NCSC warns government agencies of an ongoing spearphishing campaign.

German researchers publish anti-surveillance software.

Lockheed Martin, long engaged against cyber espionage services seeking to penetrate its networks, reports that its familiar attackers seem to have, not disappeared, but gone quiet. Continued vigilance is in order.

Ransomware remains in the news. "Kovter" takes a retro approach — it doesn't encrypt your files, it just blackmails you directly in the old-fashioned way. Synolocker's controllers appear ready to move to a different form of crime, as they hold what amounts to a fire sale of encryption keys. Webroot warns of ZeroLocker's ascendance. And another extortion attempt (announcing itself as such) threatens to destroy its victims through "negative SEO."

The Gameover Zeus botnet continues its unwelcome rise from the dead.

Talk of automated cyber retaliation prompts Schneier to remind all of the difficulties of attribution.

Thycotic, hoping to gain insight into bad actors' motivation, surveys people who identify themselves as "hackers." The "hackers" mostly say they hack for artistic and altruistic reasons, not gain. (Tell it to Sabu.)

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Germany, Iran, Israel, Democratic Peoples Republic of Korea, New Zealand, Palestinian Territories, Russia, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Pro-Russia Ukrainian hackers just replaced Polish sites with images from a Holocaust slaughter (Quartz) The pro-Russia Ukrainian hacker group CyberBerkut brought down at least 37 Polish web sites in response to Polish criticism of Russian aggression in Eastern Ukraine. Sites affected include those of the president of Poland and the Warsaw Stock Exchange

Ukrainian hackers claim attack on Polish websites (AFP via Yahoo! News) Ukrainian hackers hostile to the government claimed Thursday to have launched a cyber attack against the websites of Poland's presidency and the Warsaw Stock Exchange''

Ukraine Government Offices bugged with Spyware by Russia (Hack Read) The computers of Ukrainian prime minister and those installed at the embassies of its Eastern Europe allies have been bugged by Snake, a spying tool associated with Moscow

The sad, strange saga of Russia's "Sergeant Selfie" (Ars Technica) After instant infamy for Instagram post inside Ukraine, soldier begs for WebMoney

Gaza and Crimea conflicts could have been predicted by monitoring cyber attacks (Telegraph) A surge in cyber attacks preceeded both the conflict in Ukraine and in Gaza, new research has found — leading to suggestions that the technique could be used to predict future fighting

Anonymous Takes on Ferguson, Continues Pattern of Targeting Police (HackSurfer) The fatal shooting of 18-year-old Michael Brown by police in Ferguson, Mo., has ignited outrage, sparking protests in the streets from citizens and online from the hacking collective Anonymous

'Anonymous' Twitter Feed Suspended During Ferguson Protests (NBC News) A Twitter account from online "hacktivist" group Anonymous was suspended on Thursday after it claimed to reveal the name of the police officer who shot unarmed teenager Michael Brown, setting off five nights of unrest in the suburb of Ferguson, Missouri. Sgt. Colby Dolly of the St. Louis County Police told NBC News that the person named by Anonymous was not the officer who shot Brown, nor was he a member of the St. Louis County Police Department

Spearphishing campaign targeting multiple government departments (New Zealand NCSC) The NCSC is aware of a current spearphishing campaign targeting a wide number of government sector employees. To the recipient, the spearphishing email appears to be sent from a legitimate but spoofed (i.e. using a forged sender address) email address. The NCSC recommends all government IT Security Managers advise employees not to follow the hyperlink contained in the body of the spearphishing email

The HACIENDA Program for Internet Colonization (Heise) Since the early days of TCP, port scanning has been used by computer saboteurs to locate vulnerable systems. In a new set of top secret documents seen by Heise, it is revealed that in 2009, the British spy agency GCHQ made port scans a "standard tool" to be applied against entire nations

Some Cyber Attackers Lie Low (SIGNAL) Some Cyber Attackers Lie Low August 14, 2014 By George I. Seffers E-mail About the Author Some of the hackers who have persistently attacked Lockheed Martin's networks have "gone quiet" in recent months, officials told reporters yesterday at an Arlington, Virginia, media summit hosted by the company's recently restructured Defense and Intelligence Solutions division. "We've seen a number of the adversaries — I wouldn't say they've disappeared — but they've gone quiet," said Darrell Durst, Lockheed Martin's vice president, cyber solutions. "I think we have been able to counter a number of the adversaries relative to our networks"

Kovter Blackmail Trojan Hunts for Victims as CryptoLocker Fades (CIO) Infections caused by the innovative Kovter police blackmail Trojan continued to surge between May and June, security firm Damballa has reported. Could old-style police ransom attacks, once seen as past it, be on their way back with a vengeance?

SynoLocker gang planning to move on? (Help Net Security) The crooks behind SynoLocker have made some changes to the website sporting the payment instructions. They are trying to spur more victims to pay up by saying that the website will be take offline soon and, once that happens, they will not be able to get the private keys needed to decrypt their files

ZeroLocker (Webroot Threat Blog) Recently in the news we saw FireEye and Fox-IT provide the ability to decrypt files encrypted by older crpytolocker variants. They used the command and control servers seized by the FBI during operation Tovar

Hello, this is an extortion email. (DEJANSEO) Over the years we have been a target of various negative SEO campaigns. This morning's email tops it all though. The sender doesn't beat around the bush and makes it very clear saying: "this is an extortion email"

NewGOZ malware sees 1,879 percent infection boom in July (V3) Infection rates of the latest Gameover Zeus malware variant "NewGoz" rose by 1,879 percent in July, despite efforts from law enforcement to shut down the criminal operation, according to security firm Arbor Networks

Gameover Zeus Botnet Rebuilds (Threatpost) It didn't take long for an updated version of GameOver Zeus to make some headway in rebuilding itself

The Impact of Poor Internet Hygiene (BankInfoSecurity) How user practices pave the way for botnets

Zero Days Explained (Rapid7) In today's Whiteboard Wednesday, Trey Ford, Global Security Strategist at Rapid7 will discuss zero days

The biggest iPhone security risk could be connecting one to a computer (CSO) Design quirks allow malware to be installed on iOS devices and cookies to be plucked from Facebook and Gmail apps

The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations (Wired) In the age of surveillance paranoia, most smartphone users know better than to give a random app or website permission to use their device's microphone. But researchers have found there's another, little-considered sensor in modern phones that can also listen in on their conversations. And it doesn't even need to ask

Thousands of computers open to eavesdropping and hijacking (Naked Security) There's a gaping hole in thousands of unsuspecting people's computers that lets any random internet passerby not only look over their shoulder but reach through to take over their systems. The hole is caused by a remote access tool: specifically, unsecured use of a product known as Virtual Network Computing (VNC)

Disqus WordPress plugin vulnerabilities (Help Net Security) During a penetration testing for a client, Australian based independent security consultant Nik Cubrilovic, discovered a couple of security issues within the very popular Disqus WordPress plugin. So far the plugin has been downloaded nearly 1.5 million times from the official Wordpress plugin repository

Blackphone goes to Def Con and gets hacked — sort of (Ars Technica) Over-the-air hacks of BlackBerry, others fly under radar; tweet on Blackphone hack doesn't

Fake Tor Project website delivers malware instead of anonymity (Help Net Security) A computer science student has discovered an almost perfect copy of The Tor Project's website, offering malware for download instead of the Tor Browser Bundle and collecting donations that should rightfully go to Tor developers

Stuxnet Exploits Still Alive & Well (Dark Reading) Exploits continue abusing a four-year-old bug used in the Stuxnet attack, Kaspersky Lab says

Suspicious Login Message Faked, Distributes Backdoor (TrendLabs Security Intelligence Blog) Legitimate services are often used by cybercriminals to try and make their attacks more convincing. Recently, I spotted attacks that used services and platforms like Google Drive and Dropbox in order to look less suspicious to unwary users

Wɑit! Stοp! Is that ℓιŋκ what it claims to be? (We Live Security) The human brain is a funny old thing, and remarkably smart. But sometimes it's too smart for its own good

Why contractors' home networks are a security threat (CSO) An informal poll at Black Hat finds contractors are the favorite target of hackers, followed by IT administrators

Internet Noise and Malicious Requests to a New Web Server (Lenny Zeltser on Information Security) I set up a brand new web server to see what type of connections it will receive. Since the server had no "production" purpose, all attempts to access it could be considered suspicious at best. Such requests are associated with scans, probes and other malicious activities that tend to blend into the background of web traffic. Here's what I observed

Ont. man records fake Microsoft phone scam as warning to others (Global News) When Orangeville, Ont., resident Joel Mantel answered his phone in the middle of dinner last week, he was in the mood for some fun

The Logic of Purposely Using Poor English in Scam Emails (NoVA Infosec) I am not sure of the original source of this graphic but it illustrates an interesting analysis of why scam emailers actually use bad English on purpose. The off kilter language serves as a simple method of filtering out the more highly desirable "gullible" marks from the rest of the crowd

Traffic To Hosting Companies Hijacked In Crypto Currency Heist (Dark Reading) Attacker likely a current or former ISP employee, researchers say

The Internet's Vulnerable Backbone (Slate) How cybercriminals hijacked the Web's architecture to mine bitcoins. Some Internet security problems can be fixed. Vulnerabilities like Heartbleed, for instance, may have massive reach and widespread impact, but they ultimately come down to a clear flaw that we can mend by rewriting code. It's a long, slow, painful process — but we know what needs to be done

Security Patches, Mitigations, and Software Updates

But as long as you don't read PDFs or surf the web, don't worry, everything's fine (FierceITSecurity) Happy Tuesday, everyone. Please patch all systems having anything to do with the web

Apple Safari for OS X gets "click-to-own" security holes patched (Naked Security) Apple has just updated its Safari browser

About the security content of Safari 6.1.6 and Safari 7.0.6 (Apple Support) This document describes the security content of Safari 6.1.6 and Safari 7.0.6

Urgent! Adobe Users Told to Patch Reader and Acrobat Against Zero-day Attacks (Lumension) Adobe has warned computer users to update their installations of Adobe Reader and Acrobat as a matter of urgency, after it was discovered that malicious hackers were exploiting a critical zero-day vulnerability in targeted attacks

PHP 5.3.29 is available, PHP 5.3 reaching end of life (Internet Storm Center) The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively

Google Adds Warnings About Deceptive Software To Safe Browsing Service (Threatpost) The Google Safe Browsing service has become an integral part of most of the major browsers, integrating malware alerts, warnings about malicious Web sites and suspicious content. The company has been expanding the capabilities of the service steadily over the last few years, and now Google is adding warnings about deceptive software to the service

Cyber Trends

86% of hackers don't worry about repercussions (Help Net Security) Thycotic announced the results of a survey of 127 self-identified hackers at Black Hat USA 2014. The survey found that 86% of hackers are confident they will never face repercussions for their activities. In a double-edged sword conundrum, 88% of respondents also believe their own personally identifiable information (PII) is at risk of online theft

Kaspersky: Malware was the most common cause of data loss incidents (CIOL) 21 percent of manufacturers suffered a loss of intellectual property (IP) within the past year

CSIS's Lewis: Biggest cyber risks stem from governments, not non-state actors (Inside Cybersecurity) Foreign governments — not non-state entities — pose the greatest cyber risks amid continuing low-level conflict in cyberspace, Jim Lewis of the Center for Strategic and International Studies said Thursday, noting Hezbollah is the only potential exception

In wake of hacks, incident response efforts weak in enterprise (ZDNet) Only 9 percent say they have a handle on the issue, according to SANS Institute survey

Wearing Your Tech on Your Sleeve (TrendLabs Security Intelligence Blog) Sartorial decisions and technology are often considered two separate, distinct items. However, the surge of wearable "smart" devices has blurred the line between the two. Nowadays, it is common to see people accessorized in pieces of equipment that complement their day-to-day activities

Lack of security awareness reason for high number of cybercrime victims (Trend Micro: Simply Security) Recent studies claim nearly 50 percent of adult Internet users have acquired a virus or had online accounts hacked at some point in time. And the reason for such a high number of cybercrime victims is simple: lack of awareness

Marketplace

Cybersecurity And The National Association Of Corporate Directors (Metropolitan Corporate Counsel) Editor: Why is cybersecurity a current area of focus for NACD? Bew: Cybersecurity and cyber breaches are no longer emerging issues. The headlines about breaches in both the public and private sectors have put the issue on every organization's agenda, whether large or small, whatever the industry and whether the organization is public, private or nonprofit

NRF IT Security Council Educates, Advocates To Combat Data Theft (Business Solutions) Data breeches at large chain stores have spurred technology leaders to form the National Retail Federation (NRF) IT Security Council

Cyber Insurance (Infosec Institute) Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth — sales of cyber insurance in 2013 escalated 30 percent in comparison with 2012, according to the Global Head of Professional Liability for AIG Tracie Grella

Microsoft's strategy on identity management aimed squarely at cloud-based services (NetworkWorld) Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods of authentication and access control for provisioning of Windows-based mobile devices as well as Apple iOS and Google Android devices

CloudFlare's CEO On Expanding In Key Markets Like China And Brazil (TechCrunch) As Web security startup CloudFlare grows internationally, it plans to take a slow and steady approach to dealing with the challenges of expanding in key markets like China and Brazil. In a discussion with TechCrunch senior editor Jonathan Shieber this week at TechCrunch Beijing (organized with TechNode), CloudFlare co-founder and CEO Matthew Prince talked about dealing with laws and regulations in different countries and the challenges of finding a partner in China, its second-largest market

Cisco cutting 6,000 jobs; industry total now at 'great recession' level (FierceCIO) As had been rumored this week, Cisco announced major layoffs yesterday, with 6,000 jobs expected to be cut over the next 12 months. The news comes in the wake of a series of major layoff announcements throughout the tech industry, with job cuts now rivaling the numbers at the beginning of the recession in 2009

Products, Services, and Solutions

DOSarrest Adds New DDoS Protection Node in Singapore (MarketWired) DOSarrest Internet Security announced today that they have expanded their DDoS protection cloud into Asia, with a new DDoS mitigation node in Singapore. The new node will work in conjunction with their existing nodes in New York, Los Angeles and London and will have the same connectivity as the others, including multiple 10 Gb/Sec uplinks to multiple carriers

Bromium and Scalar Partner to Provide Next-generation Endpoint Protection (Bromium) Scalar delivers Bromium to combat cyber attacks; makes top security solution available to Canadian customers

Bromium and The Herjavec Group Partner to Deliver Innovative Endpoint Protection (Bromium) Most advanced security solution now available to Canadian customers

Syniverse and Telus team on secure credit card purchases abroad (Finextra) Syniverse and Telus are optimising the mobile experience to deliver even more peace of mind to customers that make credit card purchases while travelling

AirPatrol ZoneDefense 5 Allows Automatic Changes for Mobile Device Security Based on Location (App Developer Magazine) AirPatrol is offering a new add-in for its ZoneDefense 5 mobile device security platform that will allow organizations using the Enterprise Mobility Management suite from VMware's AirWatch to automatically switch security policies of smartphones and tablets based on the device's owner and location

The automated threat mitigation tool helping to beat Big Data security blues (ZDNet) Hexadite hopes to make automated security palatable to even the most outsourcing-cautious

Continuous monitoring for your perimeter (Help Net Security) Qualys Continuous Monitoring is a next-generation cloud service that gives you the ability to identify threats and unexpected changes in your Internet perimeter before they turn into breaches. With it, you can track what happens within Internet-facing devices throughout your DMZs and cloud environments — anywhere in the world

Technologies, Techniques, and Standards

TUM researchers develop defense software "TCP Stealth" (Technische Universität München) Today, a group of journalists has reported the existence of the "Hacienda" spy program. According to this report, five western intelligence agencies are using the Hacienda software to identify vulnerable servers across the world in order to control them and use them for their own purposes. Scientists at the Technische Universität München (TUM) have developed free software that can help prevent this kind of identification and thus the subsequent capture of systems

It's time for PGP to die, says … no, not the NSA — a US crypto prof (The Register) 'We've come a long way since the 1990s, but PGP mostly hasn't'

Is your encryption getting out of control? (Help Net Security) 2014 marks the 25th anniversary of the creation of the World Wide Web. From its earliest beginnings, users have demanded security for their sensitive information and web sites have universally responded by supporting encryption protocols such as SSL/TLS to encrypt data as it moved across the wires

Why Patching Makes My Heart Bleed (Dark Reading) Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again

A portable router that conceals your Internet traffic (Ars Technica) Def Con presentation unveils OPSEC tool for the rest of us — some assembly required

7 Places to Check for Signs of a Targeted Attack in Your Network (TrendLabs Security Intelligence Blog) Targeted attacks are designed to circumvent existing policies and solutions within the target network, thus making their detection a big challenge. As we've stressed in our previous entry about common misconceptions about targeted attacks, there is no one-size-fits-all solution against it; enterprises need to arm themselves with protection that can provide sensors where needed, as well as IT personnel equipped enough to recognize anomalies within the network and to act accordingly

AppLocker Event Logs with OSSEC 2.8 (Internet Storm Center) In a previous post, Monitoring Windows Networks Using Syslog, I discussed using syslog to send the event logs to a SIEM. This post covers another technique for collecting event log data for analysis

Before Getting Rid of Your Old Printer, Say "Goodbye" to Lingering Data (HackSurfer) In the security business, there's a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don't really talk about. For example, printers

Password confessions of a security expert (ITProPortal) I have a confession. It's hard to admit, and I know it might make me a bit of a social pariah and an outcast in the industry I work in but I need to get this off my chest: I used a single password for many online services *deep breath* for a long time

What Businesses Can Learn from Public Safety Analytics (Data Informed) Big data, at its core, is an optimist's game. Using surveys and numbers, we hope to learn why someone buys a certain shaving cream, or one car over another — and then to turn that knowledge into dollars. In this scrutiny, we are imagining ourselves at our most reasonable, our most profitable. But to best understand human behavior, should commerce look at our most destructive acts, too?

Research and Development

7 futuristic authentication systems DARPA is funding (IT World) From analyzing the way you walk to your heartbeat, these password killers could be here soon

Academia

Hackers in demand to fight cyber-attacks (Yomiuri Shimbun) Confusing the word "hacker," which usually refers to individuals with expert computer and networking talents, with "cracker," referring to those who use such skills for illegal activities, is considered a major reason why there was little demand in Japan to foster more individuals that have expert computer and information security knowledge

Time To Broaden CompSci Curriculum Beyond STEM (Dark Reading) Having a visual arts background may not be the traditional path for a career in infosec, but it's a skill that makes me no less effective in analyzing malware patterns — and often faster

Academy introduces computer network security major (AFNS) Even as the U.S. Air Force Academy has reduced the number of majors it offers recently, it has instituted a new program aimed at helping the Air Force fly, fight and win in cyberspace

Legislation, Policy, and Regulation

In the Fight Against Russia, Ukraine Flirts with Kremlinesque Internet Censorship (Global Voices) A new draft law in Ukraine threatened to empower the government to shut down media outlets and block websites in the name of national security. The law, which passed its first reading in parliament yesterday, has exasperated local journalists, civil society figures, and the international community. The outrage grew so loud that today deputies agreed to remove and soften most of the censorship measures, but proposed moving some of them to existing media laws to achieve some measure of control over dissenting media outlets

US defense contractors still waiting for breach notification rules (Help Net Security) US Department of Defense contractors will have to wait until September 24 to see what specific rules they will be required to follow when it comes to the reporting of computer breaches to the DoD

Rogers sets course for a new era at NSA (FedScoop) There may be more tales yet to come from Edward Snowden, arguably the most wanted man in the world, but Adm. Michael Rogers will be damned if he'll allow one man and a handful of journalists to write the final chapter in the National Security Agency's storied history

Schneier: Cyber-retaliation like that exposed by Snowden report a bad idea (CSO) It's too hard to know for sure who's behind attacks, he says

Privacy group calls for halt of EU-US Safe Harbour agreement (ComputerWeekly) A US consumer protection and privacy organisation has called for the suspension of the EU-US Safe Harbour agreement covering the transfer of citizens' data from Europe to the US

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Safeguarding Health Information: Building Assurance through HIPAA Security - 2014 (Washington, DC, USA, September 23 - 24, 2014) The conference will explore the current health information technology security landscape and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. This event will highlight the...

Hack.lu 2014 (arc Hotel Alvisse, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Upcoming Events

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.