skip navigation

More signal. Less noise.

Daily briefing.

Anonymous claims to count coup against Israeli sites with cyber operations supporting Hamas in Gaza.

Apparent ISIS supporters associated with Anonymous are being generally credited with the now-remediated Playstation denial-of-service attack, and also with the bomb threat against a Sony-executive-carrying aircraft.

South Korea's Defense Ministry discovers a cyber campaign against journalists on the defense beat. The MoD attributes the campaign to China.

European automobile manufacturers are currently under cyber attack via phishing of customer service departments — the malicious emails carry an information-stealing Trojan.

Jailbroken iPhones continue to be exploited. An Android side-channel attack could spread to other platforms.

The Kelihos botnet is criminally controlled and no hacktivist tool, but its botmasters are cloaking themselves in Russian patriotism to recruit collaborators in attacks on networks in countries that have imposed sanctions on Russia. (But it remains a criminal enterprise.)

A new variant of GameoverZeus appears in the wild, using, according to Damballa, domain generation algorithms.

In the US, Secret Service warnings of point-of-sale threats suggest Backoff malware is a coordinated criminal effort. The FBI warns healthcare providers that they've become a prime target of hackers (probably because they've proved a relatively soft target).

Healthcare cyber concerns are, of course, heightened by the recent breach of Community Health Systems. The costs of this attack are thought to be very high. There's much related discussion of the difficulty of assessing cyber risk, but consensus is that cyber is an ongoing enterprise risk still overlooked by boards. It's also overlooked during merger-and-acquisition due diligence.

Notes.

Today's issue includes events affecting Australia, China, Colombia, Germany, Finland, Israel, Italy, Republic of Korea, Netherlands, Palestinian Territories, Russia, Singapore, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Hack Attack! Anonymous strikes at Israeli govt over Gaza (RT) Hacker collective Anonymous has taken down key Israeli government websites in a "retaliatory" attack against Israel and in solidarity with the people of Gaza. Israel Defense Forces, Bank of Israel, and the Israeli PM's Office were among the targets

Massive Cyber Attack: Anonymous takes down top Israeli Govt websites for Gaza (HackRead) The online Hacktivist group Anonymous is back in news with another bang. This time the hackers have taken down the official government portal of Israeli government over Gaza attacks

Pro-Hamas Hackers Trying to Cripple Israel in Secret Cyber War (Jewish Press) One missile explosion on Tel Aviv could cause a local disaster. One successful Hamas hack of IDF secrets could cause a national disaster

PlayStation Network Brought Down By DDoS Attack (Huffington Post) Gamers woke up to an unpleasant surprise on Sunday morning when hackers brought down Sony's PlayStation Network by way of a distributed denial-of-service (DDos) attack

Sony PSN back online after DDoS attack (Help Net Security) Sony's PlayStation Network has been hit with and downed by a large DDoS attack this weekend, but is now back online a functioning as it should

Blizzard's BattleNet battered by DDoS attacks (incgamers) It's not a great evening to be trying to play Blizzard titles, as BattleNet games like Diablo 3 and World of Warcraft are the latest to succumb to DDoS (Denial of Service) barrages. Several major games have been affected over the past few days, including League of Legends and Guild Wars 2

Defense ministry finds hacking attempts against its reporters (Korea Herald) Unidentified hackers, suspected to be based in China, have been caught trying to steal data from media reporters covering South Korea's Ministry of National Defense, ministry officials said Friday

Cyber attack targets personnel data of VR and other Finnish companies (Yle Uutiset) A cyber attack on a Finnish IT company's server may have exposed the personal data of tens of thousands of employees at eight companies. The server was used to login to HR information systems run by companies such as the state rail company VR, the phamrceuticals wholesaler Oriola and the Finnish Tax Administration. At least one company has since terminated its relationship with the IT services provider

Thousands of iPhones hit by new malware (GMA News) A new malware targeting Apple's iOS may have wormed its way to as many as 75,000 iPhones, a security vendor said over the weekend

Side-Channel Android Weakness Likely on Other Platforms (Threatpost) A weakness in Android, one that's likely also found in other leading operating systems, allows an attacker to infer what's happening on a victim's user interface and launch an appropriate secondary attack resulting in data loss

Kelihos botmasters target Russian patriots to expand botnet (Help Net Security) The cyber crooks behind the Kelihos botnet are, once again, trying to swell the number of computers included in it

Attack targets firms from the automobile industry in Europe (IDG via CSO) Attackers are sending emails containing a new information-stealing Trojan program to customer service departments, Symantec researchers said

FBI warns healthcare firms they are targeted by hackers (Reuters) The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records

Behind the huge cyberattack campaign in Latin America that no one has heard about (Quartz) For the past four years, a secret cyber-attack campaign, possibly state-sponsored, has been directed at several Latin American intelligence services, military, embassies and other government institutions. The Moscow-based cyber-security firm Kaspersky Lab, which claims to have unearthed the campaign, has given it a name: El Machete

Over 1,000 businesses compromised with Backoff malware (Help Net Security) The US Department of Homeland Security has once again issued a warning to businesses about the Backoff malware

Secret Service says "Backoff" malware hit 1000 businesses — 6 tips to keep your data safe (Naked Security) It now appears that the string of recent data breaches at US retail establishments was not a coincidence, but rather related attacks using the same malicious software kit

FBI issues warning about creative Google searches (CSO) A memo dated July 7, issued by the FBI and the National Counterterrorism Center, warns law enforcement and private security agencies about the practice of Google Dorking (or Google Hacking if you prefer) and what can be done about it

Netcore, Netis routers have hardcoded password, Trend Micro says (CSO) A line of routers from a China-based manufacturer has a serious flaw that could allow a hacker to monitor someone's Internet traffic, according to research from Trend Micro

Vibram suffered five finger data breach (CSO) I'm a little surprised at myself. I did some research about this data breach when it was first posted at the beginning of August but, somehow I managed to neglect to write it up

Watch out for fake versions of Flappy Bird sequel Swing Copters in Google Play Store! (Naked Security) Late last week, the game Swing Copters came out, a sequel of sorts to the now-cult-classic game Flappy Bird

Cyber-Crooks Piggyback on Ebola Epidemic for Disseminating Malware, Says Symantec (Spamfighter News) Symantec, the security company, referring to Ebola, the dangerous new virus which has caused an epidemic in the western countries of Africa and which is regarded to be a health emergency globally ever since over 1,000 people, who contacted the viral infection, died within Liberia, Guinea, Nigeria and Sierra Leone so far in 2014, warns that cyber-criminals are currently leveraging the outbreak to launch fresh assaults

What happened to the Flashback Trojan? Turns out US universities are still riddled with it (Techworld via CSO) Malware hiding in dorm rooms

Wireless smart meters criticized for invading privacy, starting fires (FierceMobileIT) Smart meters, which enable utilities to communicate wirelessly with home energy systems, are being criticized for invading home owners' privacy and, in some cases, starting fires

Security Patches, Mitigations, and Software Updates

Mozilla Adding Granular App Permissions to Firefox OS (Threatpost) Mozilla is set to add a feature to its mobile Firefox OS that will give users the ability to revoke any application's permissions on a granular basis

Facebook cracking down on 'clickbait' with update (USA Today) Facebook is launching an update Monday for users' news feed that will attempt to weed out stories that publish 'clickbait' headlines

Cyber Trends

Assessing The Financial Impact Of 4.5 Million Stolen Health Records (Forbes) Less than a week ago, publicly traded Community Health Systems (CHS) formally announced to the SEC what amounts to the second largest breach of health records (4.5 million) in U.S. history. According to the filing, the data was stolen between April and June of this year

Due diligence light on cyber risks (FierceCFO) Dealmakers don't pay much attention to cybersecurity when they're vetting a target company

Cyber Security: The Weak Link in M&A (Freshfields Bruckhaus Deringer) International law firm Freshfields Bruckhaus Deringer is calling for cyber risk to be evaluated like any other risk impacting the value of a target following a global survey of dealmakers. The results of the survey reveal a worrying level of complacency towards the assessment of cyber risks during M&A deals, despite increasing awareness of the cyber security risks facing businesses

Cyber Due Diligence: How and Why Investors — and the Companies They Are Targeting — Should Assess Their Cyberrisks (Risk Management Magazine) Recognition of the dangers related to computer intrusions — which rose to a level that was significant enough for President Obama to discuss the issue in his 2013 State of the Union address to Congress — is an acknowledgment long overdue

4 'cyberhealth' strategies for boards (VentureBeat) Cybersecurity made it onto the list of the top five concerns of U.S. electric utilities this year, according to a new Black & Veatch survey. And less than a third of respondents said they're equipped to handle an attack

8 ways to talk security with executive management (Help Net Security) The importance of information security and technology risk management continues to grow, but many risk and security professionals continue to struggle with non-IT executive communication

Breach Response: Are We Doing Enough? (BankInfoSecurity) One commonality of the rash of recent data breaches, including those victimizing Community Health Systems, Supervalu and UPS Stores, is that the cyberdefenses many organizations had put in place to safeguard their data and systems over the years are no longer effective. The predators have become more sophisticated at the expense of their prey

New Approaches Needed For Hyperscale Security Threats (IT Jungle) In the ongoing battle for network superiority, cybercriminals appear to be gaining the upper hand. The rise of commercial malware and the sophistication of hyperscale hacker tools are giving the bad guys incredibly powerful tools to perpetrate their crimes. Considering the disjointed approach to cyber threats in Western nations, some experts say it's time to explore fundamentally new approaches to fighting it

Technology exposing Australian businesses to "catastrophic" risk: Senetas (ARN) Security must be introduced at the outset of network design to avoid risk of cyberattack

Cyber steps up its role on the battlefield (Marine Corps Times) A platoon of Marines are on a pre-dawn Osprey raid to snatch a high-value target. But, as the crew chief leans out of the side hatch, he sees blazing lights in the town ahead. They will be illuminated for small-arms fire as they approach their landing zone

Electromagnetic Warfare Is Here (IEEE Spectrum) A briefcase-size radio weapon could wreak havoc in our networked world

Marketplace

Cybersecurity's hiring crisis: A troubling trajectory (ZDNet) There is a severe — and worsening — shortage of information security professionals. Leading industry experts believe it predicts a grave outcome

Data centres proliferating in Canada as companies play catch-up amid security concerns (Financial Post) Data centres are booming in Canada as demand grows from companies wanting to store information within our borders and amid growing concern about data privacy, prompting the likes of industry giants Salesforce.com Inc. and SAP SE to expand their footprint within the country

The incredible shrinking defense industry (Politico) Major defense contractors are shrinking — big time

Why Investing In Cyber Security Stocks Is A Steal Now (Seeking Alpha) The opportunities in the global cyber security industry make investing in cyber security stocks one of the wisest decisions right now. The ever-increasing spread of cyber-attacks and threats is fast shaping the fortune of the global cyber security market. Other factors driving growth in this industry include a surge in the number of people using Internet-connected devices, mostly through the Internet of Things, where the existing solutions to track cyber-attacks have largely become ineffective

CACI CEO Ken Asbury Sees Growth Potential in Federal Cyber, Health IT Areas (ExecutiveBiz) Ken Asbury, president and CEO of CACI International, says the health information technology and cybersecurity areas present the company with opportunities for growth in the federal market, The Washington Post reported Sunday

Baltimore startup Maddrix lands on list of NSA cybersecurity experts (Baltimore Sun) Lockheed Martin also among companies accredited in new program assisting government in rooting out barrage of network intrusions

Cyber Deal Tops Pentagon’s Weekly Contracts (DoD Buzz) A multi-billion-dollar contract to upgrade the Navy's ship-based computer networks against cybersecurity threats topped the list of contracts announced by the Pentagon last week

Products, Services, and Solutions

Security appliance and router for industrial networks (ProSecurityZone) The Magnum 10RX router and security appliance from Belden has been designed for use in industrial control systems for providing protection to infrastructure objects

Tool restores SynoLocker-encrypted files (Help Net Security) Security company F-Secure has created a tool that could help SynoLocker victims get their files back, but it only works if they have received — bought — the correct decryption key

Panda Internet Security 2015 (PC Magazine) Glue together antivirus and firewall protection, tack on a few more security features, and pretty soon you've got a full-blown security suite. Panda Internet Security 2015 ($49.99 per year; $69.99 for three licenses) offers an outstanding antivirus component, but the other suite components don't all measure up

Kaspersky vs BitDefender Antivirus: The Competition ever Stops (JBG News) The rapid increase of viruses and threats that have spread out all throughout the network has brought a large number of antivirus software in the market. These programs are designed to detect and eliminate the harmful threats that can damage your system

The battle of Security — Avast vs AVG Antivirus (Streetwise Tech) Keeping your apps and software constantly up thus far is critical part in this day and age, hackers and Trojan viruses are becoming more common now we talk about a few attributes, specifications and latest upgrades to the application and software

Technologies, Techniques, and Standards

Point of Sale Terminal Protection — "Fortress PCI at the Mall" (Internet Storm Center) This is a very broad topic, but over the last few months I've seen some really nicely protected PCI termainls. Especially since many POS environments are still running Windows XP, this is an important topic to discuss

How to improve your Twitter security and privacy (Naked Security) We don't tend to lump Twitter in the same privacy bracket as, say, Facebook

PGP Alternatives for Email Encryption (Infosec Institute) A few weeks ago, I wrote an article for 2600 Magazine. (If you're curious, publication has been confirmed and you'll probably see it in the Winter 2014-2015 issue.) The form email you get when you email an article submission says

Building resilience in our systems (Federal Times) As government and industry continue to develop new capabilities to defend and counter persistent threats against information systems, weapons systems, and critical infrastructure, the need to develop resilience, both technically and procedurally, has become a necessity. Organizations have long implemented redundant capabilities, from backup data centers to independent communications paths, but the need to include cyber resilience has come of age

Security: Crunchifying the Soft Chewy Center (Trustifier) Has anyone has ever compared your network to a Tootsie Pop or chocolate chip cookie? In the past some pundits have said that in terms of security, networks were "crunchy on the outside, but soft and chewy on the inside"

Inside the ISO 27001 Documentation Toolkit (Help Net Security) You work for a small or medium company and you'd like to become compliant, but budget is always an issue. The ISO 27001 Documentation Toolkit from 27001 Academy is here to help. The Toolkit is available in several languages and will guide you through the whole process for a fraction of the cost of a consultant

Understanding and Implementing the NIST Cybersecurity Framework (HLS Forum on Corporate Governance and Financial Regulation) Why the Cybersecurity Framework was created and why it is so important

NIST Seeks Info on User Experiences with Cybersecurity Framework (NIST) Six months ago, the National Institute of Standards and Technology (NIST) released version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity, a methodical approach that organizations of all types can use to create, guide, assess or improve their cybersecurity plans. The framework was developed with industry in a collaborative and open process over the course of a year, as directed by President Obama in Executive Order 13636. NIST is now seeking public feedback on the framework

Research and Development

Project Aims to Decipher Cryptography with Phones (Laboratory Equipment) While carrying out her master thesis on computer science, Ramasany Gowthami participated in the creation of an Android app by means of which users get together to crack a modern cryptographic code

Legislation, Policy, and Regulation

China to change its National Security Law with extra powers (Economic Times) China is all set to beef up its National Security Law by granting sweeping powers to security agencies backed by stiff punishments for for counterespionage in the backdrop of reports of cyber-snooping by the US

Leaked Documents Reveal How the Chinese Communist Party Channels Public Opinion (Global Voices) A central government coordination body called Central Internet Security and Informatization Leading Group was established on February 27, 2014 led by the Chinese President Xi Jinping, Premier Li keqiang and head of the propaganda authority Liu Yunshan. Such high level coordination group suggests that internet information security has become the top priority of the Chinese government

Banks to meet with Treasury Department on cyber threats -sources (Fox Business via Reuters) A group of Wall Street banks plan to meet the U.S. Treasury Department and other government officials next month to talk about how to cooperate to fend off cyber attacks, people familiar with the matter told Reuters

Report summary: securing the electric grid (Intelligent Utility) The electrical grid is often described as the "most critical of critical infrastructure." Given its importance to modern society and our way of life, it is an obvious target for a wide range of actors who would seek to do harm to the United States

Securing the U.S. electrical grid (Help Net Security) The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather

Switchboard: White House agrees with its cybersecurity czar, says he doesn't need to code (Washington Post) Does the White House's cybersecurity czar need to be a coder? He says no

It Does Matter That The White House Cybersecurity Czar Lacks Technical Chops (Forbes) Michael Daniel, the White House cybersecurity coordinator or "cyber czar", made comments recently that being a coder or "being too down in the weeds at the technical level could actually be a little bit of a distraction." This statement raised concerns in the cybersecurity community. A quick examination of his background elevated those concerns. Mr. Daniel has never been involved with cybersecurity before; he has a strong background in policy and budgeting but nothing in even the basics of cybersecurity. This seems to be a problem just for the government cybersecurity community, but it has farther reaching impacts

NSA built 'Google-like' search engine to share data (USA Today) The National Security Agency built its own search engine and shares hundreds of billions of digital records with federal law enforcement and several other U.S. government agencies, The Intercept investigative site reported Monday

Litigation, Investigation, and Law Enforcement

Detained Colombia hacker outlines alleged political plot against peace process (Miami Herald) Andrés Sepúlveda, an alleged computer hacker who was detained in May, says political rivals of President Santos were using classified information to derail Colombia's peace process

Comcast Data Breach Leaks Thousands of Unlisted Phone Numbers, Threatening Customers' Privacy (Electronic Frontier Foundation) Four years ago, users of Comcast's phone service who had paid for their personal information to be unlisted noticed that something was amiss. Complaints started appearing from these individuals who found their names, addresses, and telephone numbers in phone directories both online and off

LinkedIn Settles Data Breach Lawsuit (InfoRiskToday) LinkedIn has agreed to settle a consolidated class action lawsuit stemming from a June 2012 data breach that compromised 6.5 million hashed passwords

Identity theft vendor sentenced to 100 months in prison (Help Net Security) A northern California man who served as an information and document vendor in the identity theft and credit card fraud ring known as Carder.su was sentenced yesterday to serve 100 months in federal prison. He was further ordered to pay approximately $50.5 million in restitution

Breach of Homeland Security Background Checks Raises Red Flags (Dark Reading) "We should be burning down the house over this," says a GRC expert

FBI Completes Digitization of Criminal, Civil Identity Records (ExecutiveGov) The FBI's Criminal Justice Information Services division has completed the digital conversion of its fingerprint, criminal history and civil files as part of a two-decade effort to completely modernize the division's biometric file system

As hackers continue to strike, consider pros and cons of a credit report security freeze (Post and Courier) Each passing week seems to bring news of yet another data breach, exposing an ever-rising number of consumers to potential fraud and identity theft

Alleged 'Messiah' hacker faces 105 more charges (ChannelNewsAsia) James Raj Arokiasamy is already facing charges for hacking the Ang Mo Kio Town Council's website. He faces a total of 162 charges

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices...

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from...

Upcoming Events

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.