skip navigation

More signal. Less noise.

Daily briefing.

North Korea — the Air-gapped Kingdom — has recovered from Monday's Internet outage. Most observers think the DPRK sustained a denial-of-service attack; others say the episode's consistent with a glitch. (Arbor Networks publishes a technical overview of the outage.) Speculation jumps to the conclusion (with a coy little alley-oop from the State Department) that this is part of that proportional response the President promised, but attribution here is as difficult as it is elsewhere. Besides, both Anonymous and LizardSquad quickly claimed credit for themselves. Few are convinced, but it's possible.

Count the Chinese government among the official doubters of the FBI's attribution of the Sony hack to North Korea: they're slow-rolling any cooperation with US action. There's growing suspicion that such action will be circumscribed by the President's characterization of the attack as "cybervandalism," and anyway, others ask, what could you actually do to retaliate against Kim? (War on the Rocks' serious information ops suggestion — mockery of Kim — isn't risk-free: "sending in the clowns" would provoke sad reprisals against the North Korean people.) International lawyers watch for a confirmed US response with interest. Defense intellectuals offer to school the rest of us on cyberwarfare as an asymmetric threat.

DHS releases a compendium of Destover indications of compromise for those rightly concerned about further reuse of the wiper malware. South Korea beefs up its cyber defenses, more spooked by nuclear plant hacking than the Sony affair. ICS security mavens remind us of "Aurora" and the threat to rotating machinery (like pumps and dynamos).

Notes.

Today's issue includes events affecting Afghanistan, Australia, China, European Union, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, Thailand, United Kingdom, United States.

The CyberWire staff will be taking Christmas off to celebrate the holiday with their families. Regular publication will resume December 26 (interrupted again for New Year's Day, then resuming as usual on January 2).

Cyber Attacks, Threats, and Vulnerabilities

North Korea back online: Was it the target of a cyberattack? (Los Angeles Times) North Korea experienced a major Internet outage on Tuesday, according to companies that monitor global networks, raising suspicion that the country may have been the target of a cyberattack

North Korea Goes Offline (Arbor Networks) It was reported earlier today that North Korea was having Internet connectivity issues

North Korean Web goes dark days after Obama pledges response to Sony hack (Washington Post) North Korea's fledgling Internet access went dark Monday, days after President Obama promised a "proportional response" to the nation's alleged hack of Sony Pictures Entertainment. The question of who pulled the plug immediately became the stuff of a global cyber-mystery

North Korea drops off the Internet in suspected DDoS attack (Ars Technica) Just a few gigabits per second seem to have taken the country offline

North Korea Experiencing Internet Outages, Raising Questions About US Retaliation (Dark Reading) Is it coincidence, or is a DDoS on North Korea's Internet infrastructure a "proportional response" by the US?

U.S. coy about North Korea Internet failure as retaliation speculation swirls (Washington Times) Obama last week vowed 'proportional' response to Sony hack that canceled 'The Interview'

Would a Cyberattack on North Korea Be Illegal? (Daily Beast) Someone knocked the Hermit Kingdom offline. If it was the United States, the operation will test the bounds of international law

DHS Releases Destover Wiper Malware Indicators of Compromise (Threatpost) US-CERT released a not-so-cryptic advisory this weekend providing enterprises with indicators of compromise and detailed descriptions of the malware used against "a major entertainment company," the Department of Homeland Security's description of Sony Pictures Entertainment

China Isn't Sure North Korea Hacked Sony, Nor Whether It Happened On China's Territory (Bustle) The U.S. government announced last week that the North Korea regime was behind the destructive cyber attack on Sony Pictures Entertainment, but one country still isn't convinced. On Monday, Chinese officials said there's not enough evidence that North Korea hacked Sony, disagreeing with the recent conclusion made by U.S. investigators. The Chinese government also refused to directly condemn the cyber attack on Sony, but did emphasize that China denounces any cyber breaches of national security

North Korea hacking accusations threaten to escalate cyber war between U.S. and China (Venture Beat) Chinese authorities condemned the concept of cyber attacks today but insisted there was no evidence that North Korea was behind the Sony hack

South Korea Divided on Response to North's Cyber Attack (Voice of America) In South Korea, there are voices of support for the idea that U.S. President Barack Obama might put North Korea back on the list of state sponsors of terrorism in response to the cyber attack on Sony Pictures Entertainment

Sony Hack Is Bad, But the Real Cyberwar Is All Around You (NBC News) Sony is reeling from the effects of its recent massive breach, in which hackers were able to penetrate the company's systems at a deep level — and make Hollywood insiders blush by releasing troves of internal data and private emails

Reacting to the Sony Hack (Schneier on Security) First we thought North Korea was behind the Sony cyberattacks. Then we thought it was a couple of hacker guys with an axe to grind. Now we think North Korea is behind it again, but the connection is still tenuous. There have been accusations of cyberterrorism, and even cyberwar. I've heard calls for us to strike back, with actual missiles and bombs. We're collectively pegging the hype meter, and the best thing we can do is calm down and take a deep breath

How to Explain the Sony Hack to Your Relatives (Gizmodo) The holidays are a time for eggnog and presents and bizarre credulous rituals involving an old elf-man and his pack of flying caribou. It's also a time to cuddle up by the hearth and begrudgingly explain the latest technology news to your relatives. This week's edition: The Sony hack

North Korea's Finest Hour (Politico) After 60 years of trying to be taken seriously, the strangest regime on earth finally succeeds

North Korea and cyberterrorists won big in Sony hack, researcher says (Ars Technica) If DPRK was really behind the Sony hack, "proportional response" is pointless

Why the U.S. Can't Punish North Korea (Atlantic) The FBI formally accused the isolated country of the Sony hack, but the White House is basically powerless to do anything to respond

Sony vs. North Korea: Send in the Clowns? (War on the Rocks) The Kim regime running North Korea is a brutally oppressive dictatorship that routinely commits mind-boggling atrocities against its own people. Thanks to its policy of punishing dissidents — as well as their extended families for several generations — an estimated 80,000-120,000 North Koreans suffer horrific human rights abuses in the Kim regime's gulags. Innocents are routinely beaten. Tortured. Made to eat vermin and grass to survive. It is difficult to comprehend the heartbreaking scope and scale of these abuses; they are "without parallel" in the 21st century. And, of course, as if all this wasn't disturbing enough, the Kim regime is proceeding "full steam ahead" on its nuclear weapons program, which threatens to destabilize the Asia-Pacific region. The dictatorship in North Korea is odious indeed

Obama Could Stifle North Korea's Shakedown of Sony (Breitbart) The American people now have a censor — North Korean dictator Kim Jong Un — and they can thank President Obama's failure to defend their rights to free speech and privacy

Obama Is Wrong: The Sony Hack Is Not 'Cybervandalism' (Foreign Policy) Why the United States needs a broad, new strategy to prepare for — and defend against — the next generation of online warfare

How The Hack Attack on Sony Is An Act of War (CCTV America) BVS Cyber Security Expert and CEO, Scott Schober, visits CCTV America to discuss how the North Korean hacker attacks on Sony are an act of war against the US

How Obama Took Sony's Crisis From Bad to Worse (Variety) If there are such a thing as textbooks in the field of crisis management, the Sony Pictures hack might end up in the chapter labeled "Worst Case Scenario"

Sony Hack Shows U.S. Gov't and Business Disconnect (Bloomberg) Bloomberg's Jonathan Allen reports on the disconnect between Sony and the White House in the wake of Sony's hack attack

Should Sony Pictures have pulled 'Interview' movie? (Palm Beach Post) In the last month, Sony Pictures has been subject to an increasingly common form of cyberterrorism. Computer hackers broke into the company's computer system and released sensitive business and personal information. Tens of millions of these files were stolen and have appeared on file-sharing Web sites around the world. The attacks, which U.S. authorities have determined originated in North Korea, have sent the entertainment conglomerate reeling

Robert J. Samuelson: Sony attack alerts America to cyber warfare threat (Billings Gazette) We have just witnessed the first major incident of cyberblackmail or cyberterrorism. Sony capitulated. This cannot be good, but it obscures a more unsettling message: Our digital dependence exposes us to catastrophic failures of basic services

North Korea, Iran, Syria — asymmetric cyberwar is here to stay (Computerworld via CSO) Until last week very few beyond a handful of security titles, a few cybersecurity vendors and the middle pages of the New York Times paid much attention to the growing issue of small nations with big cyber-ambitions

Sony Hack: Three Lessons Learned for Corporations (Bloomberg) Peter Singer, author of "Cybersecurity and Cyberwar," and senior fellow at New America Foundation, discusses the hacking attack on Sony Pictures related to the film "The Interview," and the three most important lessons companies can learn from the situation

The sad ironies of the Sony affair (David Strom's Web Informant) I have been spending time studying up on what actually happened at Sony over the past month. There has been a tremendous amount of inaccurate reporting, and a dearth of factual information. Let's try to set that record a bit straighter. From where I sit, the attack and the activity about the movie were two separate events and were probably caused by at least two separate entities. Assigning blame across both of them to the same actor is ludicrous

South Korean nuclear operator hacked amid cyber-attack fears (Guardian) Operator begins two-day exercise after suspected hacker tweets information on KHNP plants and its staff

Forget the Sony hack, this could be the biggest cyber attack yet (Quartz) On Friday, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives' sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, "The Interview," and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio

Cluster of Tor servers taken down in unexplained outage (Ars Technica) Brief, unexplained shutdown (not seizure) follows warning of plans targeting Tor's directory service

Chinese Malware Found Targeting Visitors on Afghan Govt. Websites. (HackRead) All eyes are now open on the possible future wars and their tactics since 2014 has made public several cyber-attacks on both governmental and private entities

Christmas in October: a Nugget of Malware Reuse for the Holiday Season (Cyactive) The creators of Red October have returned with Cloud Atlas, a new variant of their malware, which reuses a number of major components from both RO and other malware

App "Component" Downloads Apps Onto Devices (TrendLabs Security Intelligence Blog) We often talk about the security risks when dealing with third-party app stores. Previous research has shown that third-party app stores are often a hotbed of malware, specifically, malicious versions of popular apps. Aside from malicious apps, we are now seeing a marked increase of "downloader apps" in these stores, whose primary function is to download other apps that may lead to security risks for mobile users

Exploits for dangerous network time protocol vulnerabilities can compromise systems (IDG via CSO) Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems

Cybercrime group steals millions from Russian banks, targets US and European retailers (IDG via CSO) A sophisticated group of cybercriminals has stolen over $25 million by hacking into the infrastructure of numerous financial institutions in Russia and former Soviet Union countries, as well as into point-of-sale systems belonging to U.S. and European retailers

JPMorgan data breach entry point identified: NYT (Reuters via Yahoo! Tech) A computer breach at JPMorgan Chase & Co earlier this year could have been avoided if the bank had installed a simple security fix to an overlooked server in its network, the New York Times reported, citing people briefed on investigations

Staples says 1.16M cards affected during data breach (CSO) Data suggests the attackers were compromising cards for more than six months

Madonna turns to the sneakernet after album leak (Ars Technica) After her next album gets leaked, Madonna's team gets serious about security

oCERT Releases Advisory for Unpatched UnZip Vulnerability (US-CERT) The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file

Meet the bots that made half the web's traffic in 2014 (Quartz) Bots, those software programs that automate web activity, accounted for 56% of Internet traffic in 2014, according to content delivery platform Incapsula. (This was actually down from 61.5% of traffic in 2013)

Security Patches, Mitigations, and Software Updates

Apple's First Automatic Security Update Protects Your Mac In the Background (TechCrunch) Apple has pushed its first ever automatic security fix for OS X, with a new update signed to thwart a vulnerability associated with the use of the network time protocol that allows your Mac to automatically sync its clocks. The update had already installed for me when I woke up this morning, with a notification letting me know what was up, but required no intervention on my part and also ran without having to restart my Mac

Snapchat apps on Windows Phone yanked over the weekend (Ars Technica) The unofficial disappearing photos apps have themselves disappeared

Cyber Trends

"Bare Minimum" Not Enough To Stop Hacktivists: An Interview with Dan Holden (Hacksurfer) Hacktivism has played a big role in the cyber threatscape this year. Anonymous, Lizard Squad and others have made headlines on an almost weekly basis for their hacktivist attacks

Will 2015 be the year of risk-based security? (Help Net Security) As 2014 comes to a close, many of us are beginning to look ahead at the expected trends for the coming year. For those of us in cybersecurity who are at the forefront of protecting organizations from an increasingly dynamic threat landscape and the harsh realities of cybercrime, placing big bets and declaring predictions regarding what we will see in 2015 has become both sport and tradition

2014: The year cyber danger doubled (GovTech) Cybersecurity stories were more popular than ever in 2014, with the word 'cyber' showing up in front of topics ranging from security to shopping scams to global online attacks. But no matter how we rename, reclassify or reanalyze the data in cyberspace, it is clear that the dollars spent, problems encountered and attention given cyber has virtually doubled in 2014

The Future of Privacy (Pew Research Internet Project) The terms of citizenship and social life are rapidly changing in the digital age. No issue highlights this any better than privacy, always a fluid and context-situated concept and more so now as the boundary between being private and being public is shifting. "We have seen the emergence of publicy as the default modality, with privacy declining," wrote Stowe Boyd, the lead researcher for GigaOm Research in his response in this study. "In order to 'exist' online, you have to publish things to be shared, and that has to be done in open, public spaces." If not, people have a lesser chance to enrich friendships, find or grow communities, learn new things, and act as economic agents online

Marketplace

Thank you Sony! Cybersecurity stocks soar (CNN via Gant Daily) The massive Sony hack may have killed "The Interview," but it's breathing new life into cybersecurity stocks

Sony Hack Ignites Cybersecurity Market, But Human Element Remains Weak Link (International Business Times) Following hacks that crippled Sony Pictures and caused numerous other high-profile data breaches in 2014, cybersecurity has caught the attention of Wall Street. With companies and government agencies looking to secure their computer networks more tightly than ever, stocks of antivirus and network-protection specialists are hot. But even the most sophisticated software can't stop an employee from clicking on a legit-looking email link that opens their corporate data to the world

FireEye (FEYE) Stock Continues to Climb Today Following Deal With Sony (TheStreet) FireEye (FEYE) shares are up 0.36% to $33.18 in trading on Monday after Sony (SNE) announced that it was hiring the cyber security firm to clean up the mess left by its high profile hack last week

Jim Cramer: Palo Alto Networks Is the 'Gold Standard' of Cyber Security (TheStreet) Shares of Palo Alto Networks (PANW) are up Monday after Piper Jaffray raised its price target to $150 from $130. In these times of security breaches, Palo Alto is the "gold standard" of cyber security, TheStreet's Jim Cramer said on CNBC's "Mad Dash" segment

Teradata Corporation (NYSE:TDC) Announces Increase in Repurchase Plan (Street Report) Teradata Corporation (NYSE:TDC) announced that its Board of Directors has authorized an additional $300M for share repurchases under its general open market share repurchase program. The company now has approximately $450M available under this program as a result of the increased share repurchase authorization

How to stop hackers once they're in: CyberArk CEO (CNBC) The innovative project, in cooperation with the Check Point Software Technologies, will build a mechanism to detect and identify cyber-attacks on the Foreign Ministry's missions throughout the world

Sony Seeking More Cybersecurity Staff Amid Hack Fallout (Wall Street Journal) Sony 6758.TO +0.94% Corporation of America, whose film studio is recovering from a crippling hack, is seeking to hire cybersecurity managers to handle the political fallout from hack attacks and assess vulnerabilities. Filling those roles could be challenging given the cybersecurity talent shortage, say tech experts

FBI campaigning to hire skilled technical employees over the next month (Ars Technica) A concerted effort to bring scientists and engineers into the fold ends Jan 20

New site to bolster cybersecurity community, workforce (Federal Times) The U.S. Cyber Challenge has partnered with Monster.com to build a community of cybersecurity professionals and verified talent pool that government and private sector employers can tap to fill positions in this critical field

Cybertalent on the Cheap (Internet Storm Center) I recently attended an information security meetup and one of the main topics was building up security resources on a state/local government budget. This is not an easy task, but is something many people are facing

Products, Services, and Solutions

Security firm IOActive to expand Vehicle Security Service program (SC Magazine) Known for its hardware, software and wetware security services, IOActive has announced that it will be expanding its automotive security testing practice

Sony Hack Underscores the Need for Practical Email Protections — Virtru Makes Email Encryption Easy, Affordable and Available to Everyone (Marketwired) The Sony Pictures Entertainment hack and email leak is a cautionary tale for any business or individual with high-value intellectual property or company secrets to protect. The now historic security breach highlights the inherent vulnerabilities of email communication and how an email hack can cost a company more than its reputation. Early estimates predict losses of hundreds of millions resulting from the leak of personal and employee information, business plans, unreleased movies and other confidential and proprietary studio information. Had Sony adequately invested in data security and deployed an end-to-end email encryption service like Virtru, it's likely much of the fallout from this data breach could have been prevented

Procserve partners with CenturyLink to meet government requirements (Computer Weekly) Established in 2006 to underpin the UK government's e-commerce strategy, Procserve's secure network has carried more than £2bn worth of transactions and is used by more than 17,000 buyers and 32,000 suppliers

Technologies, Techniques, and Standards

Attributing Cyber Attacks (Journal of Strategic Studies) Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution?

Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (NIST Special Publication 800-53A Revision 4) This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations

Former Home Depot Managers Depict 'C-Level' Security Before the Hack (Macroinsider) House Depot's (HD) in-store payment system wasn't set up to encrypt customers' credit- and debit-card data, a gap in its defenses that gave potential hackers a wider window to exploit, according to interviews with former members of the retailer's

Mitigate cyber attacks with crisis management (Tech Republic) Businesses go through crises, that's just the way it is. Researcher explains the importance of differentiating between a regular crisis and a cyber crisis

Understanding & Detecting Backoff POS Malware (RSA: Speaking of Security) Point of Sale (POS) malware has had its share of headlines this year. Now with the holiday shopping season underway POS systems will certainly be an enticing target for hackers to explore due to the payoff of thousands of fresh credit card numbers that will be run through these devices

2 keys to enhancing DOD's new risk framework (Defense Systems) In mid-November, the Government Accountability Office and Veterans Affairs Department Inspector General testified before the House Veterans Affairs Committee regarding the deficiencies in the VA's cybersecurity program… One of the main concerns included in the report was the over-utilization of systems that were issued a temporary authority to operate (ATO), a formal declaration that a solution has passed the certification and accreditation (C&A) process

3 tips for a quieter Christmas than Sony (Naked Security) Sony got breached. Data was leaked; lawyers' letters were written; a movie was withdrawn; lawsuits were announced

Design and Innovation

MFA and Cyber Bureau launch Cyber Defense Project (Yeshiva World) The innovative project, in cooperation with the Check Point Software Technologies, will build a mechanism to detect and identify cyber-attacks on the Foreign Ministry's missions throughout the world

BlackBerry and Boeing Team Up to Offer Self-Destructing Spy Phone (Bloomberg) Boeing Co. (BA) is teaming up with BlackBerry Ltd. (BBRY) on a secretive, self-destructing smartphone developed for use by U.S. defense and homeland security employees and contractors

Research and Development

Mathematicians Make a Major Discovery About Prime Numbers (Quanta via Wired) In May 2013, the mathematician Yitang Zhang launched what has proven to be a banner year and a half for the study of prime numbers, those numbers that aren't divisible by any smaller number except 1. Zhang, of the University of New Hampshire, showed for the first time that even though primes get increasingly rare as you go further out along the number line, you will never stop finding pairs of primes that are a bounded distance apart — within 70 million, he proved

Mathematicians have finally figured out how to tell correlation from causation (Quartz) Untangling cause and effect can be devilishly difficult

Academia

Ever-increasing cyberattacks prompt new cybersecurity degree programs (Catholic News Service via Catholic Sentinel) The year 2014 has seen jaw-dropping news of banks, businesses and governments reporting organized cyberattacks and breached data networks compromising millions of private data files, financial accounts and consumer information

Legislation, Policy, and Regulation

S. Korean military to set up cyber operations team (Korea Herald) The South Korean military plans to establish a new team in charge of cyber operations under the Joint Chiefs of Staff (JCS) as part of efforts to boost its cyber warfare capabilities, officers said Tuesday

China and U.S. grapple over red lines for cyberattacks (E&E News) Tucked away on a commercial street in the Pudong district of China's most populous city is a plain beige building with a dark history

Why no one understands what cyber war actually is (Cyberwarzone) Here we go again, the hack on Sony has been titled an "cyber war attack" by various news outlets and the government is now claiming that it was an act of cyber vandalism and not an cyber war attack. Euhmm, ok. Awesome — that really helped us forward. Guys how many times does it need to be repeated, we clearly see the "war" in "cyber war", now let's take a look at the definition of war

Sony hack points to NSA's conflicting roles (San Jose Mercury News) Sony Pictures made a mistake in pulling the satire "The Interview" from movie theaters. But rather than look for help from China to solve the problem, President Obama needs to look inward, at his own federal government, to address the broader security issues underlying this and other damaging hacking, whether foreign or domestic

Cyber Command investment ensures hackers targeting U.S. face retribution (Washington Times) Pentagon budget documents detail growing military commitment to cyberwarfare

Obama Administration Aims to Create 'Insider Threat' Job Specialty to Plug Leaks (Nextgov) A New Year's goal of the federal office responsible for averting employee leaks is to make a career out of catching so-called insider threats

Litigation, Investigation, and Law Enforcement

GCHQ warns serious criminals have been lost in wake of Edward Snowden leaks (Telegraph) Surveillance by GCHQ on other crime lords has also not gone ahead after Snowden exposed their methods

Cybersecurity and the Risks of Law Enforcement Back Doors (Reg Blog) Software, networking, and other technology providers are beginning to see stronger system security measures as a real benefit to their users. In fact, some companies, like Apple, Google, and Yahoo, are aiming to provide such strong security on user data that no one but the user can ever access the user's information. Law enforcement agencies in the United States have reacted negatively to plans for producing such strong security, insisting that companies must at least provide "back doors" to law enforcement to access user information. Law enforcement specifically wants to require companies to build their products' encryption and other security systems so that companies could "unlock" the data for law enforcement by using, as one editorial board unfortunately put it, a "secure golden key they would retain and use only when a court has approved a search warrant"

What Is Wrong With 'Legal Malware'? (Forbes) Can malware, malicious by definition, ever be a good thing? Surprisingly, there are law enforcement agencies that would answer yes. There are a growing number of hacking techniques involving malware deployed by governments around the world. Effectively they are using criminal tools, which they claim is a legitimate means to the ultimate, legitimate end — fighting crime, even going so far as deeming their use legal. I disagree. And I think it is a worrying trend generally — one that needs to be nipped in the bud

Thailand's Government Claims It Can Monitor The Country's 30M Line Users (TechCrunch) Government officials in Thailand last year demanded access to chat app Line so that they could monitor conversations taking place in the country, and this week a politician claimed that they can now do so

Watchdog: Secret Service refused to hand over cybersecurity data (The Hill) The Secret Service refused to hand over mandatory data on its computer security systems to the Department of Homeland Security (DHS) during fiscal 2014, a new watchdog report finds

Israel charges eight Palestinians over Facebook incitement (Al Arabiya) Eight Palestinians from annexed east Jerusalem were indicted on Monday for inciting anti-Jewish violence and supporting ?terror? in postings on Facebook, a justice ministry spokeswoman said

Google: Hollywood Is 'Trying to Secretly Censor the Internet' (National Journal) Leaked emails reveal movie studios have been encouraging state officials to go after Google as part of a fight against online piracy

Edu-apps may be STALKING YOUR KIDS, feds warn (Register) Vendors scolded over possible privacy violations

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

2015 Cyber Risk Insights Conference — San Francisco (San Francisco, California, USA, March 3, 2015) Following on the success of the 2014 half-day cyber risk event, Advisen will present a full day of learning and networking for risk managers, CISOs, CROs, insurance brokers, insurance underwriters, reinsurers...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

Innovation Summit: Connecting Wall Street, Silicon Valley & the Beltway (New York City, New York, USA, June 25, 2015) Innovation Summit connects America's three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint research initiatives. The opportunity to bring...

Upcoming Events

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, January 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by...

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, January 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris...

ShmooCon (Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015,...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.