skip navigation

More signal. Less noise.

Daily briefing.

Coincidentally or not, as Russian operations against Ukraine become increasingly kinetic and even less plausibly deniable, and as the OSCE meets in Vienna to seek a European response to the crisis, cyber attacks strike Norwegian oil companies and US banks.

Fifty Norwegian oil and energy companies have been hacked; another two hundred fifty have been warned to check their networks. Norway's National Security Authority believes it has a good idea of who's responsible for the attacks, but is for the moment refraining from attribution.

Across the Atlantic, JPMorgan Chase and perhaps four other Wall Street banks appear to have been subjected to cyber attacks earlier this month. The FBI is investigating, and the media report strong evidence of Russian responsibility. Observers note that, while sensitive information appears to have been stolen, it appears not to have been used by criminals. While this argues for state rather than criminal activity, absence of crime isn't by itself definitive evidence of espionage. (The Telegraph does note that Russia's Foreign Ministry has criticized JP Morgan Chase for blocking payments in accordance with US sanctions.) While the coordinated attacks could ultimately result in customer losses, they could also enable market manipulation (in many respects a more troubling threat).

Backoff point-of-sale malware continues its spread, and the PCI Council issues retailers a call-to-action.

The International Chamber of Commerce warns the maritime industry that cyber risk to shipping has significantly risen.

In industry news, analysts look at HP and think it's preparing for a cyber security acquisition.

Notes.

Today's issue includes events affecting Colombia, European Union, Norway, Russia, South Africa, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

50 confirmed, possibly more Norwegian oil companies hacked (Help Net Security) 50 Norwegian oil and energy companies have been hacked, and 250 more have been warned to check their networks and systems for evidence of a breach

JPMorgan confirms it is investigating possible cyber attack (Reuters) JPMorgan Chase & Co is investigating a possible cyber attack and working with law enforcement to determine the scope, company spokeswoman Trish Wexler said

FBI investigates alleged Russian cyber attack on Wall Street (Telegraph) Major US financial institutions reportedly targeted by sophisticated high-level cyber-attack amid suspicions that operation was launched in retaliation for sanctions over Ukraine

FBI Probes Possible Hacking Incident at J.P. Morgan (Wall Street Journal) The Federal Bureau of Investigation is probing a computer-hacking attack on J.P. Morgan Chase (JPM -0.25%) & Co. and as many as four other banks, in what people familiar with the probe described as a significant breach of corporate computer security

Cyber attacks on US banks fuel financial sector concerns (ComputerWeekly) The FBI is investigating what appears to be a series of co-ordinated cyber attacks at JP Morgan Chase and at least four other financial institutions, according to US reports

Bank Hackers Said to Steal Data for Draining Accounts (Bloomberg) A hacking attack on U.S. banks this month led to the theft of customer data that could be used to drain accounts, according to person briefed by U.S. law enforcement

70% of finance apps vulnerable to input validation attacks (Help Net Security) A growing number of data breaches and security incidents can be directly linked to poor code quality, according to CAST

Backoff malware widespread, PCI Council issues call to action (FierceRetailIT) Backoff malware has affected more than 1,000 U.S. businesses, infecting POS systems from Target to Supervalu. The United States Secret Service and Department of Homeland Security has issued a warning that the Backoff POS malware may have infected more systems than previously believed

PCI SSC Bulletin on Malware Related to Recent Breach Incidents (PCI Security Standards Council) In a statement released on 22 August by the United States Secret Service and Department of Homeland Security, a warning was issued that a Point of Sale (POS) malware dubbed "Backoff" may have infected systems in over 1,000 organizations and represents a very real threat to the security of cardholder data in all organizations. This malware released in 2013 infects electronic cash registers (ECRs) and similar POS systems, and was not recognized by antivirus software solutions until this August. It infects POS systems and has already resulted in large amounts of cardholder data being compromised and transmitted to criminal organizations

Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem (Dark Reading) Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts

One More Day of Trolling in POS Memory (Internet Storm Center) Further to the recent story on Memory Trolling for PCI data, I was able to spend one more day fishing in memory, I dug a bit deeper and come up with more fun Credit Card / Memory goodness with our friend the Point of Sale application

Risk of cyber attack on the shipping supply chain increasing, say experts (Business Reporter) The International Maritime Bureau has warned that the sophisticated IT systems used to facilitate international shipping have made the industry vulnerable to hackers

IBM: Heartbleed Attacks Thousands of Servers Daily (Threatpost) On the one hand, the total number of vendor-reported vulnerabilities are down so far this year. On the other, 2014 was the year of the Heartbleed, the common name for a vulnerability in the nearly ubiquitous OpenSSL's encryption implementation library, which IBM Security Systems characterized as "one of the most widespread and impactful security vulnerabilities of all time"

Cybercriminals Leverage Rumored Windows 9 Developer Preview Release With Social Engineering (TrendLabs Threat Intelligence Blog) We're seeing schemes that are taking advantage of the buzz around the upcoming developer preview release of Windows™ 9 this September

Java.com, TMZ Serving Malvertising Redirects to Angler Exploit Kit (Threatpost) Online ad network AppNexus has again been identified at the core of another malvertising campaign using the Angler Exploit Kit to redirect visitors to sites hosting the Asprox malware

iPhones, iPads ripe for the picking (NetworkWorld via CSO) USENIX Security Symposium: Georgia Tech researchers show how PC botnets could infect iOS devices to steal passwords

Flashback to the Biggest Mac Malware Attack of All Time — Is it Still a Threat? (Intego) In early 2012, the biggest Mac malware attack of all time was taking place — catching out at least 600,000 unguarded Mac users around the world, including (to potentially one famous company's embarrassment) some 274 in Cupertino

Popular Hackforums Website Defaced by Egyptian Hacker (Hacker News) Hackforums — one of the popular hacking forum in the world — has been hacked and defaced by the famous Egyptian hacker

SWAT Team Detains Popular Gamer Who Was Live-Streaming 'Counter-Strike' (TechCrunch) An incredible video showing the apparent swatting of a video game player who operates under the moniker 'Kootra' was published today

Another Day, Another Data Breach (Big Brother Watch) In what is becoming an ever more regular occurrence for the NHS, it has been reported that the East Midlands Ambulance Service has lost a disk containing the notes of 42,000 patients' who had been treated by paramedics in the last few months

Security Patches, Mitigations, and Software Updates

Scratched PC-dispatch patch patched, hatched in batch rematch (Register) Windows security update fixed after triggering blue screens (and screams) of death

Cyber Trends

Vulnerabilities on the decline, but risk assessment is often flawed, study says says (IT World) The number of vulnerabilities could reach a three-year low in 2014, but correctly assessing their risk can be hard, IBM researchers said

Financial, insurance sectors most targeted by cyber attackers: IBM (Business Insurance) IBM Corp. said in a research report that the financial and insurance sectors are those most targeted by cyber attackers, making up nearly 50% of the cases reported in 2014, reports

Why You Need To Add "Cyber" To Your Job Title (Forrester Blog) Sometimes ambiguity has power — the power to capture the zeitgeist of a movement, culture, or vision without getting dragged into the weeds about what really is or isn't included; it provides time for an idea to crystallize, become defined, or reach critical mass

Marketplace

Anti-spy technology remains hot a year after NSA leaks (Ars Technica) With surveillance a worry, startups offer products to help users gain privacy

How privacy fears are driving automakers in the age of the connected car [w/poll] (Autoblog) As cars collect and store more and more data about the whereabouts of their drivers, automakers are responding to critics who say they should be more transparent about how those details are used. Ford is hiring a global privacy policy attorney to craft the company's customer privacy policies in the era of connected and autonomous cars

Hewlett-Packard Expected To Invest In Cyber Security (Bidness Etc) Hewlett-Packard is expected to acquire a security company soon to expand its enterprise security position

Google goes public with security audits to ease corporate concerns (C-NET) The tech titan makes available to the public for the first time two independent security audits, as it works to prove its commitment to customer data protection

InfoReliance Wins DHS Contract to Provide Specialized Security Services for the National Cyber Protection System (IT Business Net) Security services to support DHS Office of Cybersecurity and Communications Network Security Deployment Division

Colombian police opt for Radware cyber-protection (NJBiz) Radware Ltd., an application delivery and security company, said Tuesday that the Colombia National Police has chosen it to protect its network against cyber-attacks

No Clear Solutions in the Cybersecurity Hiring Crisis (NoVA Infosec) Here's an excellent post on the infosec worker shortage by Violet Blue the other day with comments from the likes of Richard Bejtlich, James Arlen, and Chris Hoff. It's like the Cybersecurity Dreamteam … but even they can't offer any clear solutions

ThreatTrack Security Appoints Stuart Itkin as Chief Marketing Officer (Providence Journal) ThreatTrack Security - a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks - today announced the appointment of Stuart Itkin as Chief Marketing Officer. Itkin previously led global marketing at fast-growing startups and large public companies, including CEB, Kronos, Zebra Technologies, Lucid and Symbol Technologies

HP ArcSight?s Doron Keller Joins Exabeam to Lead Security Research (Virtual Strategy) Keller brings in-demand expertise to Exabeam as it assembles dynamic team of early SIEM influencers to build the next big thing in security analytics

One Woman's Journey from Clerical Worker to Cyber Warrior (Cleared Jobs) There are many interesting paths and stories leading to a career in cybersecurity. In this article Jen Havermann, Raytheon Portfolio Manager Cyber Intelligence & Analysis Programs, shares her tale

Products, Services, and Solutions

Firefox OS app permissions will give users more privacy than Android (Naked Security) Mozilla's mobile platform, Firefox OS, is behind Android in just about every way

Varonis Keeps Emerson Industrial Automation Secure and Productive (MarketWired) Varonis Systems, Inc. (NASDAQ: VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data, today disclosed how its product suite has helped Emerson Industrial Automation regain control of its file shares and increase efficiency at the same time. The UK-based manufacturer was crippled by a variation of the Conficker virus just over two years ago

Prelert Extends Anomaly Detection to Elasticsearch (BusinessWire) Prelert, the anomaly detection company, today announced the release of an Elasticsearch Connector to help developers quickly and easily deploy its machine learning-based Anomaly Detective® engine on their Elasticsearch ELK (Elasticsearch, Logstash, Kibana) stack

Alert Logic Threat Manager and Alert Logic Log Manager Achieve VMware Ready — vCloud Air Status under Access Tier in vCloud Air ISV Partner Program (PRNewswire) Company Brings Managed IDS and Log Management Capabilities to vCloud Air Customers

Ixia and Plixer Provide Enhanced Cyber Attack and Application Performance Analysis (BusinessWire) Ixia (Nasdaq: XXIA) announced the integration of its Application and Threat Intelligence (ATI) Processor with the Plixer International, Inc. Scrutinizer cyber threat incident response solution. The joint solution improves forensic incident response and application optimization capabilities that help IT professionals prepare for the next cyber attack or application performance issue

Panda partners with iBurst to deliver comprehensive security for home users (ITWeb) National Internet service provider iBurst has partnered with Panda Security to improve iBurst's security offering to its customers. In addition to facilitating increased connectivity for South Africans, iBurst now offers customers industry leading security products, thanks to its partnership with Panda Security

Mobile Banking is Completely Insecure: SnoopWall Launches PrivacyShield To Fix This Problem (Broadway World) SnoopWall, the world's first counterveillance security software company, announces the launch of Privacy Shield, a powerful patent-pending counterveillance engine designed to shield your financial application from eavesdropping by malicious apps on your device and from cybercriminals in close proximity intercepting the transmission of sensitive information

iboss Addresses Security Risks Associated With Rising Chromebook Adoption (Sys-Con Media) New Chromebook SSO authentication feature increases security and BYOD policy management for K-12 schools

AVG Internet Security is the Lightweight Antivirus Program For PC Protection (Streetwise Tech) It is important to have your computers protected with antivirus programs, even if you are sure that you always avoid untrustworthy websites. One of the best antivirus suites that will ensure you real time protection is AVG. It does not put too much pressure on speed and performance when scanning and only takes a little space out of your system

SAIC Introduces CyberSecurity Edge™ (Insurancenewsnet) Cyberattacks disrupt activities and steal information every day. Science Applications International Corp. (NYSE: SAIC) today launched CyberSecurity Edge™, an adaptive cybersecurity solution that offers advanced data security and mitigates vulnerabilities to ensure customers are protected from hackers, viruses, and malware

Creators of New Fed-Proof Bitcoin Marketplace Swear It's Not for Drugs (Wired) When the recording industry smashed Napster with a $20 billion lawsuit more than a decade ago, filesharing morphed into Bittorrent, a fully peer-to-peer system with no central server for law enforcement to attack. Now the developers behind one software project are trying to pull off a similar trick with the anarchic model of bitcoin e-commerce pioneered by the billion-dollar Silk Road black market. And just as with Bittorrent, their new system may be so decentralized that not even its creators can control exactly how it will be used

Technologies, Techniques, and Standards

Spotting Web threats in the confusion of short-lived hostnames (CSO) Here's what you can do to spot malicious sites among the vast number of legitimate hostnames that exist for less than a day on the Web

10 most significant software security design flaws (Help Net Security) The IEEE Center for Secure Design, a cybersecurity initiative focused on the identification of software design flaws, released a report based on real-world data collected and analyzed by experts at the world's leading technology companies

Avoiding the Top 10 Software Security Design Flaws (IEEE Center for Secure Design) The goal of a secure design is to enable a system that supports and enforces the necessary authentication, authorization, confidentiality, data integrity, accountability, availability, and non-repudiation requirements, even when the system is under attack

"There is no inside" — How to get the most from your firewall (Naked Security) Firewalls seem like a fixture of IT security, having been used for more than 15 years in most business environments to protect our internal assets from the scary nasties that are out there on the big bad internet

Toss routers with hardcoded passwords, expert says (CSO) A Chinese manufacturer's routers that contain a hardcoded password that can be used to open a 'backdoor' should be thrown away and replaced with more reputable gear, experts say

10 Ways To Strengthen Healthcare Security (InformationWeek) As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?

Hackers Target Healthcare Providers — How to Protect Yourself (LinkedIn) In any industry, you hear conflicting opinions about the necessary level of data security, and healthcare is certainly no exception

Security in the Cloud (Trend Micro: Simply Security) You're off to the cloud, and the first thing you run into before you can reach altitude is a wall. That wall is your organization's security requirements

Design and Innovation

Verizon Bolsters User Authentication with QR Codes (Threatpost) If you want to know what the future holds for authentication on the web, it all depends whom you ask. Some say it'll come in the form of biometrics — iris and fingerprint scans, etc. Others say the answer lies in a tangle of constantly changing two-factor verification codes users need to punch in

Legislation, Policy, and Regulation

OSCE holds urgent meeting over Ukraine (The Local) Agence France-Presse (AFP) reports that the European security body OSCE will hold a special meeting in Vienna on Thursday to discuss developments in conflict-torn Ukraine, following reports of Russian troops on the ground there, the US mission to the organisation said

Russia Ramps Up Information War in Europe (Wall Street Journal) Image battered by conflict in Ukraine, Russia pushes to rebuild and expand Soviet-era foreign state media

The executive order that led to mass spying, as told by NSA alumni (Ars Technica) Feds call it "twelve triple three"; whistleblowers says it's the heart of the problem

Editorial: Unpacking DISA's Forecast to Industry (C4ISR & Networks) Most military organizations are in receive mode when it comes to dealing with industry. A few, though, including the Army's Program Executive Office for Command, Control and Communications-Tactical (PEO C3T) and the Defense Information Systems Agency (DISA), reach out to industry at least on an annual basis to let it know what requirements, RFIs/RFPs and priorities can be expected in the coming year

Army's network plan overhauls strategy along with equipment (C4ISR & Networks) The Army's goal is simple: increase operational effectiveness, improve security and be efficient. Getting there is not. The question becomes: How do you connect the global Army across approximately 1.4 million people in nearly 150 countries with the latest capabilities and the highest security? The Army has an answer in the current network-modernization effort

Security tops Navy PEO-EIS priority list (C4ISR & Networks) Victor Gavin, a member of the Senior Executive Service, is the Navy's program executive officer for Enterprise Information Systems (PEO EIS). He oversees a $2 billion portfolio of programs designed to enable common business processes and provide standard IT capabilities to the Department of Navy. PEO EIS programs include Navy Marine Corps Intranet (NMCI) and the follow-on Next Generation Enterprise Network (NGEN), as well as enterprise resource planning systems and Department of Navy enterprise software licensing

We Must Secure America's Cell Networks — From Criminals and Cops (Wired) This month, FCC Chairman Tom Wheeler revealed, in response to a letter from Congressman Alan Grayson, that his agency is assembling a task force "to combat the illicit and unauthorized use of IMSI catchers." Often known as the brand-name "StingRay," these are surveillance devices that impersonate legitimate cell towers, enabling them to covertly identify and locate nearby cell phones and, in some cases, to intercept the content of calls or text messages those phones send or receive

How Cops and Hackers Could Abuse California's New Phone Kill-Switch Law (Wired) Beginning next year, if you buy a cell phone in California that gets lost or stolen, you'll have a built-in ability to remotely deactivate the phone under a new "kill switch" feature being mandated by California law — but the feature will make it easier for police and others to disable the phone as well, raising concerns among civil liberties groups about possible abuse

Facebook and Twitter users 'more likely' to censor their views offline (Guardian) Pew study warns about 'spiral of silence' in US discussion of Edward Snowden's NSA online surveillance revelations

Litigation, Investigation, and Law Enforcement

Colombia: Hacker Who Spied on FARC and Gov't "Hired by Uribe" (InSerbia) Andrés Sepúlveda, the Colombian hacker at the center of a spying scandal that involved peace negotiators on behalf of the Santos government and the FARC rebels, said this week that he was hired by former conservative leader Álvaro Uribe Vélez's campaign group run by the party he founded

Raytheon, NOAA criticized for ignoring cyber vulnerabilities in satellite program (Washington Business Journal) The Commerce Department inspector general is criticizing a federal climate-satellite program receiving support from Raytheon for ignoring thousands of major cyber vulnerabilities, according to Defense One

Law in the Boardroom 2014 (FTI Consulting) Cyber risk, M&A, shareholder engagement, and compliance dominate today's legal oversight environment. Here are the results of our nationwide survey of directors and general counsel on the risks that matter most in 2014

Cybersecurity official uses Tor but still gets caught with child porn (Ars Technica) Timothy DeFoggi wrongly thought he was covering his tracks

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related...

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.