skip navigation

More signal. Less noise.

Daily briefing.

An Israeli officer claims Iran has been involved in pro-Hamas cyber attacks (mostly account hijacking) during the current Gaza conflict.

Cyber-rioting continues to accompany physical protests over the police shooting in Missouri (USA). Anonymous has been heavily engaged, with damage to its brand as it wrongly identifies police officers involved. Observers are unaccountably surprised at an anarcho-syndicalist collective behaving anarchically. ("Unprofessional," HackRead primly calls the hactivists.)

Der Spiegel reports that the Bundesnachrichtendienst (BND) "inadvertently" intercepted phone calls of two US Secretaries of State (Clinton and Kerry). (Lost in the English translations are reports of more extensive and systematic BND interest in Turkish government communications.)

Two major breaches have come to light. US supermarket chains belonging to Supervalu and AB Acquisition had their networks penetrated by hackers; investigation is ongoing. And Community Health Systems reports that personal information belonging to 2.4 million people has been stolen from its systems. Mandiant, which is providing forensic support to the healthcare company, is quoted as attributing the breach to a Chinese APT group. This incident, too, remains under investigation.

As Gameover Zeus continues its unwelcome return from oblivion, researchers find that the Cridex malware family has adapted some of the features that gave Zeus pride-of-place among crimeware.

Stuxnet's lingering presence is another reason to move away from Windows XP.

Microsoft pulls one of last week's patches — MS14-045 — after finding it induces a blue screen of death.

Lenovo continues its long slog through US regulatory agencies en route to acquisition of IBM and Google units.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Barbados, China, Germany, India, Indonesia, Iran, Israel, Nigeria, Palestinian Territories, Saudi Arabia, Turkey, United Arab Emirates, United Kingdom, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

Israeli officer: Iran involved in cyber attacks during Gaza war (Haaretz) Hackers penetrated the official IDF Twitter account and tweeted the fabrication that there was fear of radioactive seepage after two rockets hit the Dimona nuclear reactor

Hacked: Hackers Target Bangladesh Airport Armed Police Website (HackRead) Nigerian Hackers from Nigerian Cyber Hunters (NCH) have hacked and defaced the official website of Bangladesh Airport Armed Police yesterday

Ferguson, Mo., police site hit with DDoS attack (C/NET) In the wake of the shooting of unarmed teen Michael Brown, hackers launch a cyberattack to take out the police department's website and email

Hacktivists Battle Over Ferguson Shooting (BankInfoSecurity) Can Anonymous be trusted when it doesn't trust itself?

Anonymous Leaked Fake Info on officer Who Shot Mike Brown (HackRead) Yesterday we reported on Anonymous hacktivist on twitter with @TheAnonMessage claiming to have leaked the true identity of police officer who shot Mike Brown, the 17 yr kid from the city of Ferguson, but now it has been revealed that every detail that Anonymous claimed on the police officer was fake and probably an attention seeking stunt

How Anonymous got it right and wrong in Ferguson (Washington Post) On Thursday, a Twitter account self-identified with the hacking group Anonymous released the name and photos of an officer they claimed was responsible for the shooting of Michael Brown, an unarmed black teenager killed by police Saturday in a St. Louis suburb. Just the day before, a different name had been circulating online

Ohio State Government Portal Hacked by Anonymous Supporter (HackRead) A hacker going with the handle of Rajol Hazin has hacked and defaced the official sub-domain of Ohio State Government belonging Ohio Board of Tax Appeals

Report: German spy agency inadvertently eavesdropped on Hillary Clinton, John Kerry (PC World) The German intelligence agency BND accidentally listened in on and recorded phone calls from Secretary of State John Kerry and Hillary Clinton, according to a new report from German news magazine Der Spiegel

Geheimdienste: BND überwacht seit Jahren Nato-Partner Türkei (Spiegel) Der Bundesnachrichtendienst führt die Türkei nach SPIEGEL-Informationen seit 2009 als Aufklärungsziel. Auch US-Außenminister John Kerry wurde mindestens einmal von deutscher Seite abgehört

Two supermarket chains report major computer break-ins (CSO) Supervalu and AB Acquisition report major computer break-ins that involved supermarkets across many states. Affected stores include Albertson's, Jewel-Osco, Shaw's, Star Maekts, Farm Fresh and Shop 'N' Save

Supervalu breach shows why move to smartcards is long overdue (Computerworld via CSO) U.S. remains one of the last developed nations to use magnetic stripe cards

Why So Many Card Breaches? A Q&A (Krebs on Security) The news wires today are buzzing with stories about another potentially major credit/debit card breach at yet another retail chain: This time, the apparent victim is AB Acquisition, which operates Albertsons stores under a number of brands, including ACME Markets, Jewel-Osco, Shaw's and Star Markets

Community Health Systems says personal data stolen in cyber attack (Reuters) U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June

China Hackers Suspected in Health Breach (Data Breach Today) Community Health Systems Inc., which owns 206 hospitals in 29 states, says a network data breach exposed 4.5 million individuals' personal information. Mandiant, which is providing forensics services to the hospital chain, believes that an "advanced persistent threat group originating from China used highly sophisticated malware and technology to attack the company's systems," according to Community Health System's 8-K filing to the U.S. Securities and Exchange Commission

Attacks exploited YouTube & Microsoft Live to install surveillance (NetworkWorld) With the "hacking on easy mode" capabilities of network injection, a target could be compromised and infected with a Trojan for surveillance by simply viewing unencrypted content such as YouTube videos or logging into Microsoft Live

Web Server Attack Investigation — Installing a Bot and Reverse Shell via a PHP Vulnerability (Internet Storm Center) With Windows malware getting so much attention nowadays, it's easy to forget that attackers also target other OS platforms. Let's take a look at a recent attempt to install an IRC bot written in Perl by exploiting a vulnerability in PHP

Part 1: Is your home network unwittingly contributing to NTP DDOS attacks? (Internet Storm Center) For the last year or so, I have been investigating UDP DDOS attacks. In this diary I would like to spotlight a somewhat surprising scenario where a manufacturer's misconfiguration on a popular consumer device combined with a design decision in a home gateway router may make you an unwitting accomplice in amplified NTP reflection DDOS attacks

Cridex Malware Takes Lesson from Gameover Zeus (Threatpost) The GameOver Zeus malware had a nice run for itself, making untold millions of dollars for its creators. But it was a run that ended with a multi-continent operation from law enforcement and security researchers to disassemble the infrastructure. Now researchers have identified a new variant of the Cridex malware that has adopted some of the techniques that made GOZ so successful in its day

Despite Microsoft's takedown, GameOver Zeus botnet rises again (Beta News) Back in early June Microsoft announced it had taken down the GameOver Zeus botnet, in an effort to protect customers. But, thwarting the internet bad guys is much more difficult in practice than it is in theory. Now security researches claim the phoenix is rising from its ashes

ZeroLocker ransomware "helps" you get your files back (Help Net Security) In early June, the FBI has lead a rather successful multi-national effort to disrupt the GameOver Zeus botnet which was also responsible for delivering Cryptolocker. Unfortunately, that doesn't mean that users are now completely safe from that and other ransomware

Cybercriminals Formulate New Way to Fool Individuals; Uses Bogus Version of Microsoft Security Essentials for their Scheme (KDrama Stars) Black hat hackers are once again launching their attack on their victims as they manage to lure them in a tech support scam using an interface similar to that of Microsoft Security Essentials, where it alerts users of malware presence on the computer and direct unsuspecting users to a fake support desk

Beware of fake "Gmail suspicious login" warnings (Help Net Security) Malicious emails impersonating Gmail Account Services have been spotted hitting inboxes around the world, falsely claiming that the users' Gmail account has been logged into from an unrecognized device

Vietnam security experts raise caution on Chinese smartphone privacy breach (Tuoi Tre News) Vietnamese smartphone users are advised to beware of Chinese-made handsets after a Beijing-based phone maker admitted recently it was collecting personal data without permission

Ancient Stuxnet flaw still being used to attack millions of Windows XP PCs (CSO) XP popularity and poor patching revealed

'What's a Breach?' Man Who Found Russian Hack Doesn't Want to Argue Semantics (Wall Street Journal) One week after Alex Holden said he found "arguably the largest data breach to date," he doesn't want to argue semantics

What Do I Need to Know and When Do I Need to Know It? (Huffington Post) Another day, another big hack discovered. According to reports from the New York Times, the Wall Street Journal, and numerous other publications, a small group of cyber criminals based out of Russia were apparently able to collect around 1.2 billion usernames and passwords from more than 400,000 websites globally

Gamescom 2014: World of Malware? (We Live Security) The gaming industry keeps growing in terms of popularity, and the large population of gamers, and the crowds at Cologne's Gamescom 2014, represents an opportunity for miscreants to make money. In this blog post, we will explore various attacks specifically tailored to gamers, by starting with trojanized legitimate games, then by exploring some malicious software and targeted attacks against the video games industry. Finally, we will describe some recent exploits found in video games

iPhone's biggest security threat could be USB connections (FierceMobileIT) Apple's iPhone may be most vulnerable to malware when connected to a computer, according to IDG News Service, and is particularly susceptible when connected through USB or Wi-Fi

Ebola fear used as bait, leads to malware infection (Deccan Chronicle) News of the Ebola virus epidemic in West Africa has hit every news outlet around the globe, and cybercriminals are once again using the latest headlines to bait victims. Symantec has observed three malware operations and a phishing campaign using the Ebola virus as a social engineering theme

"Girl killed by husband just because she kissed another men" Facebook scam (Graham Cluley) The latest gruesome scam to spread rapidly across Facebook has managed to dupe thousands of people, and put them at risk of having their computers infected by malware, by pretending to be a video of a woman being killed for cheating on her husband

Robin Williams' last phone call? Sick Facebook video scam exploits celebrity suicide (We Live Security) Be on your guard against yet another Facebook scam, this time exploiting the tragic death of comic actor Robin Williams

Visual Studio Online hit by another major outage (Devops Angle) Microsoft Corp's Visual Studio Online service for software developers was hit by its second major outage in the space of a month yesterday, and was inaccessible to users for about four hours. Microsoft has since blamed the snafu on problems with its database

Security Patches, Mitigations, and Software Updates

Issues with Microsoft Updates (Internet Storm Center) Microsoft has updated some bulletins because there are three known issues that can affect your computer

Microsoft pulls Patch Tuesday kernel update — MS14-045 can cause Blue Screen of Death (Naked Security) Microsoft has pulled one of its August 2014 Patch Tuesday updates. MS14-045, which fixes various security holes in the Windows kernel, can cause a Blue Screen of Death (BSoD), thus forcing a reboot

Why I am still getting security updates on Windows XP Pro? (Telegraph) The updates you are getting are probably virus signatures for Microsoft Security Essentials, says Rick Maybury

Cyber Trends

Banks, financial firms told to prepare against 'intensifying' cyber attacks (GMA News) A cloud services provider on Friday urged banks and financial firms to beef up their system's defenses against "intensifying" cyber attacks

Infographic: Honeypot cloud security data (Help Net Security) New infographic data on hackers reveals that Russia stealing passwords is the least of our cyber worries. Recent data reveals that China and India are attacking U.S. servers more frequently than Russia is stealing passwords

Infographic: 70 Percent of World's Critical Utilities Breached (Dark Reading) New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months

How will you pay for the internet of the future? (Naked Security) How much is Facebook worth?

Report: Consumers 'just don't trust mobile security' (FierceMobileIT) Consumer fears over security and privacy continue to haunt mobile commerce, with a new study finding that nearly half of all consumers would never use mobile payment and banking apps

Effective coordination key to contain cyber attacks: Study (Times of India) Better communication and information about cyber security, right investment in skilled personnel and enabling technologies together with adoption of security measures will minimize the risk of current and emerging cyber threats, says a Websense—Ponemon Institute US report

Fraud alerts sounded by DFSA with scams on the rise in UAE (The National) The UAE is being targeted by international criminals using increasingly sophisticated methods to defraud companies and investors, one of the country's financial regulators has warned

Saudi Arabia a hot target for cyber criminals: Kaspersky (Saudi Gazette) Maintaining cyber security is an important part of Saudi Arabia's national strategy and is high on the government agenda, according to an expert

Indonesia enterprises growing more concerned about IT security (Jakarta Post) Most Indonesian enterprises will increase their information and technology (IT) spending this year and beyond, with IT security becoming one of the top five areas where they will put their spending, a recent survey by the International Data Corporation (IDC) Indonesia shows

The "Website Defacement" Cyber threat to the Caribbean (SKNVibes) In the last year there has been a significant increase in the number of cyber related criminal activity in the Caribbean

Identity Theft is on the Rise. Are You Protected? (Willis Wire) Last week's staggering headline that, Russian hackers stole over 1 billion internet passwords, is yet another example of how global the business of identity theft has become. A breach of this size should be enough to convince anyone about the importance of practicing good cyber security

Marketplace

IBM Obtains U.S. Approval for Sale of Server Business to Lenovo (Bloomberg) International Business Machines Corp. (IBM) cleared a U.S. national-security review for the sale of its low-end server business to China's Lenovo Group Ltd. (992), letting the $2.3 billion transaction go forward even amid tensions between the two nations

Lenovo Working With Multiple Agencies on IBM, Motorola (Bloomberg BusinessWeek) Lenovo Group Ltd. (992) said more negotiations are required with multiple U.S. government agencies as the Chinese company seeks approval for more than $5 billion in planned acquisitions

Partners: IBM x86 Sale Approval Could Set Off Security Questions For Lenovo (CRN) Solution provider partners said Friday that regulatory approval of the $2.3 billion sale of IBM's x86 business to Lenovo is just the start of looming security questions that Lenovo will face as it attempts to gain a foothold in the data center

Facebook, the security company (Ars Technica) CSO Joe Sullivan talks about PrivateCore and Facebook's homegrown security clout

Must-know: EMC's placement in the emerging data security market (Market Realist) According to the International Data Corporation (or IDC), "big data" is expected to experience 40% annual growth until 2016. The exponential growth in data is coming from varied sources like social, mobile, and cloud. It has led to various forms of data thefts and threats. As a result, organizations are pushed to allocate a significant part of their expenditure budget to safety and web threat detection solutions

The KEYW Holding Corporation Announces Closing of $19.5 Million Over-Allotment Option for Total Convertible Senior Notes Issuance of $149.5 Million (MarketWatch) The KEYW Holding Corporation KEYW, +0.71% announced today the closing of an additional $19.5 million principal amount of its convertible senior notes due July 15, 2019 to cover over-allotments in connection with its public offering launched on July 15, 2014, for a total offering size of $149.5 million

U.S. firm helped the spyware industry build a potent digital weapon for sale overseas (Washington Post) CloudShield Technologies, a California defense contractor, dispatched a senior engineer to Munich in the early fall of 2009. His instructions were unusually opaque

Maddrix Earns National Security Agency Incident Response Accreditation (PR Newswire) Maddrix, a leading provider of incident response services and technology focused on targeted network attacks and insider threats, announced that it was recently accredited by the National Security Agency as part of the inaugural class of elite Cyber Incident Response Assistance (CIRA) providers under the NSA's newly established National Security Cyber Assistance Program

Agiliance Receives International Recognition From Stevie Awards (BiusinessWire) Agiliance®, Inc., the Big Data Risk Company™ and leading independent provider of integrated solutions for Operational and Security Risk programs, today announced that it has been named winner of two Stevie® Awards in the 11th Annual International Business Awards℠

Products, Services, and Solutions

Facebook Will Track Shopping Habits (InformationWeek) Facebook plans to track your actions between devices and share with advertisers when an ad leads to a purchase. Here's why one expert says you shouldn't worry

Bitdefender Protects Mom, Dad and Kids with 2015 Family Pack (BusinessWire) Bitdefender, the innovative antivirus software provider, has launched the new 2015 Bitdefender Family Pack to protect entire families from dangers on the internet while maximizing performance and ease of use

WatchGuard Firebox T10 (PC Magazine) The Firebox T10 ($250 for appliance; Security Bundle with hardware and 1-year Security Suite subscription, $395, as tested) is a unified threat management (UTM) device designed specifically for both small office and individual home office users

NIKSUN Announces Alpine 4.5 Release (Herald Online) NIKSUN® Inc., the world leader in cyber security and network monitoring solutions, today unveiled Alpine 4.5 Release, making NIKSUN the first in the industry to provide real-time analytics for data rates exceeding 100Gbps

Technologies, Techniques, and Standards

Exposing lurking dangers with an 'Internet cartographer' (EE News) "So, this is a wind farm," John Matherly said, nodding at a drab blue-and-black portal that blinked onto the computer screen

Cyber forensics: taking tips from a detective?s playbook (GSN) You approach the scene, taking the first steps to determining what happened and how to prevent it in the future. Following your training, you secure the area, conduct a scan of the scene, take photos to maintain a permanent record of the scene as you found it, and begin collecting and evaluating physical evidence

Shark attack! Google wraps underwater cables in Kevlar-like vests (Naked Security) Composite image of shark and cables courtesy of ShutterstockHuman taste buds generally find spaghetti to be tasty

Research and Development

VXer fighters get new stealth weapon in war of the (mal)wares (The Register) Foiled traditional systems force white hats to bare metal

Academia

Protecting your data against a cyber attack (The Lawyer) Higher education providers are becoming increasingly popular targets for cyber attacks. Attacks against US universities have increased exponentially, and many institutions have responded by allocating significant resources and capital towards upgrading and reconfiguring their cyber security infrastructure

Legislation, Policy, and Regulation

Centre to shield India from cyber attacks proposed (Hindustan Times) The Narendra Modi government is preparing to set up a Rs. 950-crore cyber security centre following a rise in virtual world attacks and recent revelations that the US National Security Agency had spied on the BJP and sensitive establishments

Anti-leak spy laws will only target 'reckless' journalists: Attorney-General's office (Sydney Morning Herald) Only "reckless" reporting by journalists would be subject to new national security reforms that would jail those who disclose information about so-called "special intelligence operations" conducted by Australian spy agencies, the Attorney-General's Department says

Army contemplates new career branch for cyber personnel (Federal News Radio) The Army, along with the rest of the military services, is in the midst of an ambitious endeavor to build a joint cadre of several thousand cyber warriors that will conduct offensive cyber operations, defend the country from cyber attacks and operate the military's own networks via three different groups of cyber mission teams

Obama's deputy CTO leaves White House (The Hill) Nicole Wong, one of the Obama administration' top people on technology and privacy, is leaving the White House

Litigation, Investigation, and Law Enforcement

Security Research and the Law: What You Need to Know (eSecurity Planet) Security researchers must navigate a minefield of U.S. laws and statutes, such as the Computer Fraud and Abuse Act

Meet the Man Leading the Snowden Damage Investigation (DefenseOne) Among the many actions the Obama administration took in the "post-Snowden" era of insider threats was to appoint a new governmentwide counterintellligence chief

U.S. Intelligence Can't Stop the Next Snowden for Years (Daily Beast) A new leaker is spilling secrets while the government rushes to build systems to track access to classified info and find potential spies

Chinese man indicted over theft of Boeing C-17 secrets (ComputerWorld) Su Bin is accused of working with two others to steal gigabytes of U.S. defense-related documents

Attacking NPR As A Shill For Government Intelligence (Public Radio East) Glenn Greenwald can certainly raise a ruckus. The lawyer-cum-journalist who has been a principle conduit for the publication of the National Security Agency documents leaked by Edward Snowden has turned his sights on a recent NPR story by counterterrorism correspondent Dina Temple-Raston. Greenwald has called it an "indisputable case of journalistic malpractice and deceit"

Premier FBI cybersquad in Pittsburgh to add agents (AP via the Stars and Stripes) The FBI's premier cybersquad has focused attention on computer-based crime in recent months by helping prosecutors charge five Chinese army intelligence officials with stealing trade secrets from major companies and by snaring a Russian-led hacking ring that pilfered $100 million from bank accounts worldwide

WikiLeaks' Assange hopes to exit London embassy if UK lets him (Reuters) WikiLeaks founder Julian Assange, who has spent over two years in Ecuador's London embassy to avoid a sex crimes inquiry in Sweden, said on Monday he planned to leave the building "soon", but Britain signaled it would still arrest him if he tried

Another use for hashtags: to hide money transfers to sanctioned states (Quartz) PricewaterhouseCoopers, the consulting firm which assures investors and regulators alike that businesses' books are on the up-and-up, will pay a $25-million fine and be barred from certain work with Wall Street banks for two years after misleading regulators, the New York Times reports

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Upcoming Events

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.