skip navigation

More signal. Less noise.

Daily briefing.

Trend Micro warns of a new phishing campaign targeting online shoppers. (They're calling it "Operation Huyao," and trace it to actors in China, but without further attribution.) Unlike traditional phishing, Huyao doesn't depend upon creating a plausible simulacrum of a legitimate site. Instead of creating and posting a bogus copy of site, the campaign uses proxies as relays to legitimate sites, modifying pages only when (and as long as) information theft is required.

Other developments in the criminal cyber market include the effective recycling of well-known techniques and exploits (highlighting the importance of not forgetting old lessons learned the hard way), and the very rapid and inexpensive trade in attack code — the collision attack against the MD5 algorithm, for example, was on the market within ten hours of the relevant Windows update, and it cost just 65 cents. Other corners of the black market are making it easier for semi-skilled skids to deploy and profit from ransomware.

Apple continues to deal with customer dissatisfaction over their Macs' insouciant way of sending sensitive documents to iCloud without so much as a by-your-leave (other than whatever might be implied by a EULA).

The Hacking Team defends its lawful intercept products and its customers' need for them.

The US elections prompt many to worry about the security of electronic voting devices. This election's results were probably unaffected, but clearly this will be a research topic.

Calling for a modus vivendi, Microsoft's general counsel deplores the "privacy arms race" between governments and IT companies.

Notes.

Today's issue includes events affecting Australia, Canada, China, Ethiopia, Republic of Korea, Netherlands, New Zealand, Russia, United Kingdom, United States.

Dateline Columbia, Maryland: the National Initiative for Cybersecurity Education conference

Interactive National Cybersecurity Workforce Framework (National Institute for Cybersecurity Careers and Studies) The National Cybersecurity Workforce Framework classifies the typical duties and skill requirements of cybersecurity workers. The Framework is meant to define professional requirements in cybersecurity, much as other professions, such as medicine and law, have done

Does Anybody Really Know How Many Cyber Professionals the Government Needs? (Nextgov) Nearly everyone agrees there's a shortage of cybersecurity professionals across government. But quantifying the precise cyber talent gap remains an inexact science

Rethinking Security Education (IT Business Edge) A new Ernst & Young survey found that companies are willing to spend more money on security for their networks and the devices that connect to them. That's the good news

Science, Technology, Engineering and Math: Education for Global Leadership (US Department of Education) The United States has become a global leader, in large part, through the genius and hard work of its scientists, engineers and innovators. Yet today, that position is threatened as comparatively few American students pursue expertise in the fields of science, technology, engineering and mathematics (STEM) — and by an inadequate pipeline of teachers skilled in those subjects. President Obama has set a priority of increasing the number of students and teachers who are proficient in these vital fields

Why the Maker Movement Is Important to America’s Future (TIME) I grew up in the age of Tinker Toys and Erector Sets. Both were meant to inspire me to be a maker instead of a consumer

Virtual Competitions (CS2N) CS2N, or Computer Science Student Network, is your center for Computer Science activities, Computer Science competitions, and courses. CS2N provides step-by-step lessons to make programming easy

Despite skeptics, security awareness training for employees is booming (TechTarget) Employee security awareness training has been derided in the past, but new Gartner research suggests that a market of competitive, high-quality vendors are making security awareness a must-have

Cyber Attacks, Threats, and Vulnerabilities

New Phishing Technique Outfoxes Site Owners: Operation Huyao (TrendLabs Security Intelligence Blog) We've found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims

Check Mate — Sometimes All You Need Are a Bunch of Pawns (Cyactive) The attackers of the "Operation Pawn Storm" group managed to infiltrate government, military and defense contractor networks of the U.S. and of U.S. allies between 2011-2014, by reusing mainly simple phishing methods and well known malware and exploits

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud (Ars Technica) Collision attack against widely used MD5 algorithm took 10 hours, cost just 65 cents

Ransomware Getting Easier For Both Bad Guys & Victims (Dark Reading) Ransomware operators can make a tidy living without much technical expertise or legwork

Mac Users' Unsaved Files and Screenshots Are Automatically Stored on iCloud (Slate) Opening TextEdit in your MacBook to jot down some notes may feel like the digital equivalent of scrawling on the back of an envelope. Unfortunately, those unsaved notes may not be as private as you think they are — and likely haven't been for a while

Critics chafe as Macs send sensitive docs to iCloud without warning (Ars Technica) PSA: Turn off autosave of in-progress documents containing sensitive data

Remote control (Economist) In one of his many former lives, Gulliver qualified as a pilot. He therefore exudes an aura of unquestionable confidence when striding into an aircraft cabin, secure in the belief that, if the worst happens and both pilots have the fish, he could take charge of the cockpit and calmly land the plane, Sullenberger-style. Cue the applause

Wi-Fi security vs. government spies (ComputerWorld) Its one thing to be lectured to about Wi-Fi security and quite another thing to see the actual manuals used by government spies

Hacking Team Responds in Defense of Its Spyware (Intercept) Last week, The Intercept published manuals showing the workings of an invasive spyware tool made by the Italian company Hacking Team and sold to authorities in dozens of countries around the world

Hacking Team Defends Spyware, Attacks Researchers' Methods (Threatpost) Privacy advocates and anti-surveillance activists have been taking a close look at the way that some vendors of so-called lawful intercept and surveillance software and hardware systems conduct their business and which customers and governments they sell their wares to. Now, some of those vendors — and the customers they work with — are mounting their own criticisms of the researchers and their tactics

Internet of Things attacks unlikely — but the cloud is another matter (SC Magazine) Security software vendor Trend Micro says that nascent infrastructure means that there will be few attacks from cyber-criminals on Internet of Things devices next year

Lookout releases list of 'relentless' mobile threats (AndroidGuys) Lookout, the guys behind some of our favorite mobile security software, is constantly looking at apps from around the world. In fact, they analyze some 30,000 titles per day, always keeping an eye on things. This week sees them compiling its first list of Relentless Mobile Threats to Avoid. As Lookout sees it, these are the sort of threats that anyone and everyone should be aware of and avoid. Even those living in the United States

9 Cyber Security Threats Faced by Big Businesses (Business2Community) In the wake of the major cyber attack on Target Stores, Inc — and as companies large and small continue to assess the damage and fallout caused by the Heartbleed Bug — the big question in the minds of CIO's everywhere is what will the next big cyber threats be? In answer to that question Verizon recently published its 2014 Data Breach Investigations Report. This 60-page document is based on the compilation and analysis of 63,000 security incidents and 1,300 confirmed data breaches, as reported by some 50 companies worldwide. What follows is a summary of the 9 categories of cyber security threats faced by major businesses, as identified in the Verizon report

14 years after Bush v. Gore, we still can't get voting tech right (Ars Technica) Regions across the US experience tech glitches on Election Day

"Distributed Denial of Service" Attack Targets our Website (FITS News) Just as we were beginning to launch our 2014 election night live blog, FITSNews was hit by a massive cyberattack — one that has wreaked havoc on our website

Hackers Could Decide Who Controls Congress Thanks to Alaska's Terrible Internet Ballots (The Intercept) When Alaska voters go to the polls tomorrow to help decide whether the U.S. Senate will remain in Democratic control, thousands will do so electronically, using Alaska's first-in-the-nation internet voting system. And according to internet security experts, including the former top cybersecurity official for the Department of Homeland Security, that system is a security nightmare that threatens to put control of the U.S. Congress in the hands of foreign or domestic hackers

Drupal vulnerability blamed for problems at Indiana Dept. of Education (CSO) Indiana DOE says recent website defacement didn't compromise data

Personal Info on Nearly 8,000 Compromised in Miami Health Center Data Breach (Softpedia) Jessie Trice Community Health Center issues notifications

227,747 new malware samples are created daily (Help Net Security) The growth of malware appears unstoppable. In total, some 20 million new strains were created worldwide in the third quarter of the year, at a rate of 227,747 new samples every day

Security Patches, Mitigations, and Software Updates

LInksys Patches (Most) Routers Running Smart Wi-Fi Firmware (Threatpost) Two versions of popular consumer and small office Linksys routers remain vulnerable to a pair of vulnerabilities recently patched in other models of the Belkin-owned networking gear

Cyber Trends

Targeted attacks around the globe will escalate (Help Net Security) Experts from Trend Micro believe that targeted attacks campaigns will continue to multiply in 2015, after cybercriminals had noteworthy breaches via targeted attacks in the U.S

Risky file sharing practices can cause data loss and compliance violations (Help Net Security) Organizational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and that employees routinely breach IT policies and place company data in jeopardy, according to the Ponemon Institute

AVG Technologies research reveals teenager privacy time bomb (Financial News) The latest Digital Diaries research from AVG Technologies N.V. (NYSE: AVG) said it has found that almost a third of teens (28 percent) say they regret posting something online

Breach Fatigue Sets In With Consumers (Dark Reading) Report from Ponemon and RSA shows that consumers aren't really adjusting behavior due to mega breaches

3 Important Trends for ICS/SCADA Systems (Recorded Future) Last week, we presented a webinar with the ICS/SCADA experts from Cimation. Industrial control systems (ICS) are the "nervous systems" that manage facilities and operations, everything from robotic assembly lines to HVAC systems to power plants. SCADA is the data-intensive technology at the heart of a modern factory or refinery. This webinar was an "encore" of the Cimation presentation at RFUN 2014, our annual user conference

Marketplace

Predictive analytics startup Prelert receives $7.5M from Intel Capital, others (Boston Business Journal) Prelert, a Framingham-based provider of machine intelligence-based predictive analytics aimed at identifying cybersecurity threats, said it raised $7.5 million from Intel Capital and existing investors Fairhaven Capital Sierra Ventures

Mission Secure closes round of seed financing to commercialize cyber security defense technology (GSN) Charlottesville, VA-based Mission Secure Inc. (MSi), a next generation cyber defense technology and solutions provider focused on providing advanced protections for physical systems and autonomous vehicles to the defense and commercial sectors, has announced that it recently closed its seed financing round led by Ballast Fund investors, a private equity firm, along with several high net worth angel investors

Former White House counterterrorism chief joins Leidos (Washington Business Journal) Leidos Holdings Inc. named Michael Leiter, former director of the National Counterterrorism Center its chief of business development and strategy

A10 Networks Hires Ericsson Veteran Gunter Reiss to Lead Expanded Strategic Alliances and Business Development Organization (IT Business Net) A10 Networks (NYSE: ATEN), a technology leader in application networking, today announced the appointment of Ericsson veteran Gunter Reiss as vice president of strategic alliances

Rook Security Strengthens Compliance and Regulatory Auditing Consulting Practices with Recent Hires (Herald Online) Consulting offerings expand with additional PCI, HIPAA and financial regulatory expertise

Volexity Names Volatility Developer Michael Hale Ligh as CTO (Virtual Strategy) Volexity, an innovator in threat intelligence and incident response solutions, today announced that the company has named Michael Hale Ligh as Chief Technology Officer

Intelligence, Security Executive Linda Millis Joins SolPass (PRNewswire) SolPass LLC, the Denver-based technology developer of solutions for controlling cyber crime, has hired Linda S. Millis as Senior Vice President, Business Development

Products, Services, and Solutions

IBM Launches Cross-Cloud Security Protection (InformationWeek) IBM's Dynamic Cloud Security can monitor and analyze data access activity and applications in IBM SoftLayer, Salesforce.com, and Amazon

Popular messaging apps fail EFF's security review (IDG via CSO) Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF)

Google open sources nogotofail, a network traffic security testing tool (Help Net Security) In their quest to make users, the Internet, and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects "easier for everyone"

DTCC unveils cyber-threat sharing platform (Financial News) The Depository Trust & Clearing Corporation has unveiled a cyber-threat intelligence sharing platform, as the financial services sector ramps up its defenses against cybercrime

Black Lotus Partners with CloudSigma to Provide Enhanced DDoS Protection in Cloud Environments (realwire) Black Lotus, a leader in availability security and provider of distributed denial of service (DDoS) protection, today announced a partnership with CloudSigma, a public cloud infrastructure-as-a-service (IaaS) provider with advanced hybrid hosting solutions

Centripetal Networks Integrates ThreatIQ Threat Intelligence into its Network Defense Solutions (Providence Journal) ThreatTrack Security — a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks — today announced an OEM agreement with Centripetal Networks Inc., a cybersecurity solutions provider specializing in Real-Time Active Network Defense

For enterprise file sync-and-share, security is king (TechTarget) IT should rest easy about where their data lives in the consumerization age, but there's no one-size-fits-all approach to reaching that peace of mind

NIBC gives users compliance controls, mobile access (FierceFinanceIT) Forced to meet new regulations, Netherlands-based merchant bank NIBC needed to prove that it was compliant in the way it managed unstructured data. Doing so led to a project it's rolling out on a department-by-department basis, an effort that provides document and email compliance controls while also allowing employees to better access files from mobile devices

M2Mi Unveils Enhanced M2M/IoT Enterprise Cloud Platform Available at IBM Cloud Marketplace (Policy Charging Control) Machine-To-Machine Intelligence (M2Mi) has unveiled M2M Intelligence® v5.6, a latest version of cloud-based M2M and Internet of Things platform that includes enhancements in security, privacy as well as in-stream contextual intelligence required for enterprises to rapidly roll out revenue-generating M2M and IoT services

Infoblox Delivers Network Automation for Next-Generation Data Centers with the First Solution That Discovers and Manages Virtually Routed Networks in Multivendor Environments (BusinessWire) Infoblox Inc. (NYSE:BLOX), the network control company, today announced enhancements to its Infoblox NetMRI product that enable it to discover, track, and manage virtual routing and forwarding (VRF) of network traffic — a technology essential to next-generation data centers and multi-tenant computing. This makes NetMRI the first network automation solution that can change and configure multiple virtually routed networks in multivendor environments

CloudPassage Updates World's Leading Software-Defined Security Platform (Marketwired) CloudPassage today announced the immediate availability of the latest release of Halo®, the only software-defined security platform purpose-built for cloud and virtualized infrastructure. The new capabilities offered in the release make it faster, easier and more effective for Global 2000 companies to detect and react to security vulnerabilities in these environments

Startup promises to secure data centers, clouds workload by workload (Network World) Software platform enables writing and enforcing plain-language security policies, baking them in to applications

Kaspersky top as Bitdefender fails in latest security tests (Expert Reviews) Kaspersky Internet Security remains the top-ranked security program, with Norton Security and ESET Smart Security 7 completing the top three. The biggest loser in the latest round of expert testing was Bitdefender Internet Security, which slipped from fourth best to third from last

'Blur' Protects Against Online Tracking (InformationWeek) New tool blocks companies from tracking you online, lets you mask sensitive information such as email, phone number, and credit card information

Dropbox's Drew Houston Responds To Snowden's Privacy Criticism: It’s A Trade-Off (TechCrunch) NSA whistleblower Edward Snowden sparked controversy when he advised consumers (twice) to "get rid of Dropbox" if they want to protect their privacy. Today, Drew Houston, CEO of the cloud storage startup, responded to the accusations. People can do more to encrypt their data, he admitted, but It's "a trade-off between usability/convenience and security," he said. "We offer people choice"

Technologies, Techniques, and Standards

Marrying Monitoring With IAM (Dark Reading) Prevalence of stolen online credentials and rampant password reuse means enterprises must keep better tabs on how credentials are used

Tool Tip: vFeed (Internet Storm Center) I have had a number of occasions lately to use or talk about vFeed from Toolswatch.org (@toolwatch). NJ's written a little gem here; a useful Python CLI tool that pulls CVEs and other Mitre datasets

Workplace Privacy: Big Brother Is Watching (Dark Reading) Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?

8 Tips on Cyberthreat Information Sharing: NIST Drafts Guidance on Managing the Data (GovInfoSecurity) The debate over cyberthreat information sharing has centered on privacy and liability concerns. But there's been relatively little discussion of the steps government agencies and businesses must take to be able to share the data

Q&A: Dartmouth's mHealth security ace (Healthcare IT News) 'At the time at least, smartphones were (a) very novel thing and very relatively incapable'

6 things we learned from this year's security breaches (CSO) According to the Open Security Foundation, three out of 10 of the all-time worst security breaches happened this year. That includes 173 million records from the NYC Taxi & Limousine Commission, 145 million records at Ebay, and 104 million records from the Korea Credit Bureau. And that's not counting the 1.2 billion user names and passwords reportedly stolen by Russian hackers, or the 220 million records recently discovered stolen from gaming sites in South Korea

Ten Tricks to Make Anyone Trust You (Temporarily) (LinkedIn) Here are ten of the tricks that I teach in various workshops and security awareness training to show when people are trying to manipulate you into trusting them

Academia

How local school districts are protecting student data (KSHB 41) 41 Action News reported how schools are using computers to collect information about kids so they can better identify problems and help overcome obstacles in their education. The fields include student's names, district, gender, date of birth, social security number, disciplinary history and standardized test scores

Legislation, Policy, and Regulation

British official: U.S. tech 'dominates' the Internet (Longview News-Journal) One of Britain's highest-ranking intelligence officials Tuesday castigated U.S. companies that dominate the Internet for providing the "command-and-control networks of choice for terrorists and criminals" and challenged the companies to find a better balance between privacy and security

Microsoft's top legal gun decries privacy 'arms race' (PC World) The conflict between snooping governments seeking to defeat encryption and users demanding ever more robust privacy tools has turned into an arms race — and it's time for arms control talks, Microsoft's general counsel said on Tuesday

NSA director says major hurdles hinder cybersecurity (USA TODAY) The United States faces major cyber threats. But, according to the director of the National Security Agency, the intelligence community has to overcome major hurdles to protect it, from dealing with the demands of privacy advocates to the inability to pay Silicon Valley-level salaries

Senate Leaders Say Cybersecurity Legislation Must Pass This Year (Healthcare Informatics) Senate Intelligence Committee leadership expressed the need to pass cybersecurity legislation before Congress adjourns in December

Panelists explain US information secrecy (Washington Square News) The modern security state, Edward Snowden's leaks and the National Security Agency have been in the public sphere for over a year, and the debate about secrecy continued with three members of the intelligence community on Nov. 3. The panelists discussed the need to withhold some information when dealing with the public at the event hosted by NYU School of Law's Center on Law and Security

We’ve Got Our Eye On You (Middle East Online) There is a deepening structural conflict over the shape and mastery of digital capitalism. The disparate interests ranged against US corporate and state power have gained momentum, but the United States is set on renewing its global dominance

Federal agencies seek to coordinate, share experiences on cyber policy (Inside Cybersecurity) A new working group is looking to share best practices, experiences and observations among federal agencies as officials seek to implement a variety of regulatory and voluntary efforts on cybersecurity

Staff changes at Cyber Command (FCW) Army Sgt. Maj. David Redmond is replacing Air Force Chief Master Sgt. Kevin Slater as command senior enlisted leader for U.S. Cyber Command and senior enlisted adviser for the National Security Agency

Litigation, Investigation, and Law Enforcement

Appeals Court Takes on NSA Surveillance Case (AP via ABC News) Three federal appeals court judges struggled Tuesday over whether the National Security Agency's phone data surveillance program is an intelligence-gathering tool that makes the nation safer or an intrusive threat that endangers privacy

100 Bitcoin bounty slapped onto head of blackmailer who DDoSed Bitalo (Naked Securiy) On Saturday, an attacker and blackmailer "DD4BC" sent a note to the Bitalo Bitcoin exchange threatening distributed denial of service (DDoS)

2 ex-chiefs of cyber command charged over online smear campaign (Yonhap) Two former commanders of South Korea's cyber command have been charged with meddling in politics around the 2012 presidential election, military prosecutors said Tuesday

Another day, another data breach (SC Magazine) Tracking down threat actors is no easy feat, and requires an immense amount of research and collaboration. Home Depot and JPMorgan Chase seem to be the top searches that pop up when one Googles "data breaches." But just when you think a particular breach will snag a headline for weeks, another takes its place in what seems like days

Ethiopia: Yonas Kassahun Receives Two-Year Jail Sentence for Cyber Crimes Against Akiko Seyoum (All Africa) On October 22, 2014, a Federal First Instance Court sentenced Yonas Kassahun to two years in jail for hacking into the email account of Akiko Seyoum, general manager of the Orchid Business Group. In a separate civil lawsuit, Yonas also seeks 42 million Br from Akiko

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

INTEROP Las Vegas (Las Vegas, Nevada, USA, April 27 - May 1, 2015) Attend Interop Las Vegas, the leading independent technology conference and expo designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities,...

Upcoming Events

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, November 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

BSidesToronto (Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.