skip navigation

More signal. Less noise.

Daily briefing.

Chinese government spyware deployed against Hong Kong protesters is found effective against jailbroken iOS devices. The government's censorship also seems to be having effect: awareness on the mainland of protests appears limited.

Various Asian media report signs of low-level cyber conflict among Pakistan, India, and Bangladesh, but accounts are confused and preliminary.

On the subject of attack attribution, CSO debunks a Bloomberg story that Tuesday retailed threat intelligence warnings of large-scale nation-state cyber attacks. Much of apparent attack traffic seems to have been innocent research scans hitting honeypots.

The industry continues to slog through Shellshock. Attackers exploiting the bug are said to be going after network-attached storage devices. Patching is very active but spotty. Several diagnostic and mitigation tools are on offer (some of them free).

BadUSB was reported at Black Hat, with details withheld to keep the exploit out of criminal hands. But Derbycon presenters have posted BadUSB code to Github, whence it will shortly make its way to the black market.

Dr. Web discerns a large Mac botnet.

US Attorney General Holder asks US manufacturers for police-accessible cyber backdoors in their products, lest at-risk children prove beyond rescue by the authorities. Other parenting help from the police seems to have been unfortunately indiscriminate, as programs that distribute spyware so families can track kids online draw surprised (generally unfavorable) scrutiny.

Russia's President Putin promises to "secure" the Russian Internet, but censorship isn't under consideration (he says).

The chair of the US House Intelligence Committee calls for more cyber offense.

Notes.

Today's issue includes events affecting Argentina, Australia, Bangladesh, Brazil, Canada, China, European Union, Germany, India, Indonesia, Iraq, Israel, Republic of Korea, Netherlands, Pakistan, Philippines, Russia, Saudi Arabia, South Africa, Sudan, Syria, Turkey, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Researchers unearth Xsser mRAT, Chinese iOS spyware (Help Net Security) Researchers looking into the mobile malware attack directed against Hong Kong protesters using Android devices have discovered that the attackers can also target iOS device owners — if the device is jailbroken

Hong Kong protest goes unnoticed in China (Financial Times) Thousands of miles from the "umbrella revolution" rocking Hong Kong, Tiananmen Square in the heart of Beijing is now also filled with huge crowds of ordinary citizens, many of them carrying coloured flags, parasols and loudhailers

National Security Agency probing cyber alert on Pakistan's software (Deccan Chronicle) The National Security Agency (NSA) is probing an alert from cyber security experts on weaponised surveillance software used by Pakistan and Bangladesh intelligence to spy on computers and mobile phones used by Indian politicians, journalists and security establishments

Threat Intelligence firm mistakes research for nation-state attack (CSO) China, the world's mythical hacking unicorn, and Chattanooga, TN, said to be major threats

We Set Up a Decoy. Hackers Came. From Beijing. And Chattanooga (Bloomberg) Three months after online decoys were set up pretending to be industrial-control systems, we wrote about how computers from the U.S., China and Russia were found to be the biggest sources for launching scouting attacks against these fake critical infrastructures

Shellshock attackers targeting NAS devices (CSO) Hackers are targeting vulnerable Web servers in QNAP network-attached storage devices

Shellshock: The Patching Dilemma (BankInfoSecurity) Akamai's Smith sees patching perils, lingering flaws unfixed

Shellshock Blasts a Supermassive Black Hole in the Heart of Cyber-space (Cyactive) The discovery of Shellshock, a vulnerability in the Unix Bash shell, has opened a Pandora's Box of attack vectors against one of the most prevalent systems in the internet. The targets most at risk? "Unpatchable" systems

The Unpatchable Malware That Infects USBs Is Now on the Loose (Wired) It's been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it's possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem — and the lack of any easy patch — Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl's fellow researchers aren't waiting any longer

Security bug in Xen may have exposed Amazon, other cloud services (Ars Technica) Flaw in hypervisor could let malicious VM read data from or crash other servers

17,000 Macs recruited into malware botnet, with a little help from Reddit (Graham Cluley) Researchers at Russian anti-virus company Dr Web believe that they have uncovered a new botnet, which has recruited thousands of Mac computers

Zeus malware is back with a new target: Mobile devices (TechTarget) Zeus malware is back with a new target — mobile devices. Expert Nick Lewis explains how Zeus-in-the-mobile differs from traditional Zeus and how to defend against it

Windows 8.1 backups can leave sensitive files exposed to Internet (NetworkWorld via CSO) Failing to properly set up Windows File History can make private data Google-able

WordPress and other CMSs are 'inherently insecure' (BetaNews) A large proportion of websites are not standalone sites in their own right, but creations based on CMSs such as Drupal, WordPress, and Joomla. This is particularly true for personal blogs, but using a CMS as the basis for a site has been increasingly popular among larger companies. CMSs are used because they allow for articles to be posted easily, make it simple for multiple people to contribute to a site, and allow for different users to be assigned different access rights. They can also be extended through the use of plugins, but these self-same extensions are also a security disaster waiting to happen

Smart Meter Hack Shuts Off The Lights (Dark Reading) European researchers will reveal major security weaknesses in smart meters that could allow an attacker to order a power blackout

Security company finds many popular Android flashlight apps could compromise your data (Softonic) Security company Snoopwall has published a report on the top ten Android Flashlight apps, and found that all of them require and obtain permissions

Telstra warns of phishers targeting 700MHz spectrum trial (SC Magazine via IT News) Criminals are attempting to trick Telstra customers into handing over personal details through phishing emails targeting Telstra's trials of new 700MHz spectrum

Will your unread Facebook messages be deleted? Dream on, and don't click on that email (Graham Cluley) Cybercriminals have spammed out messages claiming that recipients are at risk of having their unread messages on Facebook deleted

Confronting My Cyberbully, 13 Years Later (The Atlantic) Between ages 13 and 16, she sent me emails, from my own account, "reminding" me to kill myself. Well, I didn't — I grew up, and so did she

Security Patches, Mitigations, and Software Updates

Xen Security Advisory CVE-2014-7188 / XSA-108 version 4: Improper MSR range used for x2APIC emulation (Xen) The MSR range specified for APIC use in the x2APIC access model spans 256 MSRs. Hypervisor code emulating read and write accesses to these MSRs erroneously covered 1024 MSRs. While the write emulation path is written such that accesses to the extra MSRs would not have any bad effect (they end up being no-ops), the read path would (attempt to) access memory beyond the single page set up for APIC emulation

Joomla update fixes high risk bug that could lead to site compromise (Help Net Security) The developer team behind the popular open-source content management system Joomla is urging users to update the software to the latest version

Cyber Trends

Global DDoS attack numbers decline, attacks from China rise (Help Net Security) In the second quarter of 2014, Akamai observed attack traffic originating from 161 unique countries/regions, which was 33 fewer than the first quarter of the year. The highest concentration of attacks (43%) came from China. Observed traffic from second-place Indonesia more than doubled quarter over quarter to reach 15%, while the United States followed with 13%, up slightly from last quarter's 11%

Retail is most compromised industry (FierceRetailIT) After the massive data breaches that have plagued retailers from Target (NYSE:TGT) to Home Depot (NYSE:HD) in recent years, a new study shows that retail is the most compromised industry in terms of data security

What's in store after Supervalu breach? (FierceRetailIT) The latest retail security breach — hitting grocery retailer and wholesaler Supervalu (NYSE:SVU) for the second time this year — targeted its point-of-sale (POS) systems. However, security experts warn that retailers need to be prepared for other types of attacks

The cyber economy's soft underbelly (Halifax Chronicle Herald) The Internet is critical to Canadian commerce and to federal, provincial, territorial and municipal governments. The federal government alone offers more than 130 commonly used services online, including tax returns, Employment Insurance applications and student loan applications

Marketplace

Cyber Risk Insurance: Surging Demand and Evolving Coverage (JDSupra Business Advisor) Cyber risk insurers are doing a brisk business these days. Reports of data breaches abound, and risk managers are understandably looking to offload some of the risk through insurance. As a result, insurers are issuing new cyber risk policies at a record pace, and increasing limits on existing policies

European firms far from ready for new data rules, study shows (ComputerWeekly) As European authorities aim to ratify revised data protection legislation by the end of 2015, many firms will have a lot of work to do to comply, a study has revealed

Cyberark listing puts Israeli venture capital fund in the spotlight (Reuters) Within sight of Jerusalem's Old City stands a modernist building housing one of Israel's most successful venture capital firms, the backer of scores of start-ups over the past 20 years that have generated nearly $18 billion for investors

How Reorganization Might Change Microsoft's Security Strategy (eWeek) Microsoft's folding its Trustworthy Computing group into two other groups, along with related staff cuts, raise questions among security professionals

JR Reagan Promoted to Global Chief Info Security Officer Role at Deloitte (GovConWire) JR Reagan, formerly an enterprise risk services principal at Deloitte?s auditing practice, has been named global chief information security officer for the professional services firm

Products, Services, and Solutions

Microsoft Teams Up With Security Group to Fight Cyber 'Bank Robbers' (eWeek) Microsoft has forged a partnership with the Financial Services Information Sharing and Analysis Center in an effort to thwart cyber-criminals

Is that used iPad actually stolen? Apple creates tool for would-be buyers to check (IDG via CSO) If you're looking to buy a used iPhone, iPad or iPod touch device, Apple is now offering an online tool to let you first check if it's been locked down by the previous owner, which could indicate that it was actually stolen or lost

Rambus Cryptography Research Division Launches Suite of DPA Resistant Cores Addressing the Continuing Rise in Data Theft (Design Reuse) Enables easy-to-integrate countermeasures as further deterrent to side-channel attacks

Faraday v1.0.4 — Pen Test Environment (IPE) Released (ToolsWatch) Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit

Bitglass Launches Free 'Shadow IT' Analysis Service (Talkin' Cloud) Bitglass says new service allows enterprises to evaluate employees' unauthorized cloud app usage

BitSight Launches First Security Ratings Product for Cyber Insurance Industry (Marketwired) New solution provides underwriters and brokers with data to support cyber insurance coverage decisions as well as security insight for the insured

Solutionary Leverages Big Data Analytics to Speed Real-Time Threat Detection and Improve Security Operations While Reducing Business Risk for Customers (CNN Money) Solutionary, an NTT Group security company (NYSE: NTT) and the next-generation managed security services provider (MSSP), today announced that its Security Engineering Research Team (SERT) is combining its deep security expertise with big data analytics to expand global correlation, providing customers with a greater view of attack indicators and a true understanding of attackers' goals and techniques

Technologies, Techniques, and Standards

Security Onion news: Updated ShellShock detection scripts for Bro (Internet Storm Center) Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro. These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability"

An Open Source Solution to Shellshock (eSecurity Planet) An open source tool can mitigate risks associated with Bash shell attack

Ex-NSA director Alexander calls for new cybersecurity model (PCWorld) Small and medium-size U.S. companies should band together on cybersecurity systems as a way to pool limited resources against increasingly sophisticated attackers, the former director of the U.S. National Security Agency said Tuesday

FBI opens malware tool to public as part of radical crowdsourcing plan (CSO) The FBI is close to allowing anonymous outsiders to use its Malware Investigator tool for the first time through a dedicated crowdsourcing portal, an official reportedly confirmed at last week's Virus Bulletin conference

Unintentional ICS cyber incidents have had significant impacts on nuclear plants — why aren't they being addressed (Control Global) The NIST definition of a cyber incident as defined in FIPS PUB 200, Minimum Security Requirements for Federal Information and Information System, is electronic communications between systems or systems and people that impacts Confidentiality, Integrity, and/or Availability. The incident doesn't have to be malicious or targeted to be a cyber incident

Information Governance: Principles for Healthcare (IGPHC)™ (AHIMA) Complete, current, and accurate information is essential for any organization in the healthcare industry to achieve its goals. Adoption of an information governance program underscores the organization?s commitment to managing its information as a valued strategic asset

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices Guidance for Industry and Food and Drug Administration Staff (US FDA) The need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information. This guidance has been developed by the FDA to assist industry by identifying issues related to cybersecurity that manufacturers should consider in the design and development of their medical devices as well as in preparing premarket submissions for those devices

FDA Guidance on Medical Device Cyber Security is Here, But Will It Have Teeth? (Medical Device and Diagnostic Industry) FDA released its guidance for protecting medical devices from cyber attack, but one cyber security expert says the real test will be how the agency reacts when manufacturers don't follow its recommendations

5 New Truths To Teach Your CIO About Identity (Dark Reading) When CIOs talk security they often use words like "firewall" and "antivirus." Here's why today's technology landscape needs a different vocabulary

Endpoint management depends on data security policies (TechTarget) Enterprise security begins with data classification but doesn't end there. Admins should step back to consider the whole endpoint management picture

Compliance for Bitcoin, virtual currencies and storage and backup (ComputerWeekly) The use of virtual currencies is maturing, and responses to their use are rapidly evolving. Virtual currencies are a paradigm-busting phenomenon that test the existing frameworks of central banking, taxation and currency

Research and Development

DARPA Working on Provably Secure Embedded Software (Threatpost) DARPA is the birthplace of the network that eventually became today's Internet, and the agency has spent the decades since it released that baby out into the world trying to find new ways defend it. That task has grown ever more complex and difficult, and now DARPA is working on a new kind of software that is provably secure for specific properties

DARPA ASOM technology identifies counterfeit microelectronics (Security Affairs) DARPA announced the deployment of the ASOM technology which will be used to inspect critical equipment to detect counterfeit microelectronics

Academia

Meet the NSA's hacker recruiter (CNBC) The National Security Agency has a recruiting problem

Tech, CSC work on curriculum development (Monroe News-Star) Faculty from Louisiana Tech University's cyber engineering, computer science, and computer information systems programs, and research and development group hosted more than 30 executives from CSC, a global leader in next-generation IT, last week for strategic curriculum workshops

CyberPatriot Participants Represent 49 States, Several Countries in CyberPatriot VII (IT Business Net) For the fourth consecutive year, the Air Force Association's CyberPatriot program expects to have all 50 US states represented in its national youth cyber defense competition. Over 1,200 teams have registered from 49 states, missing only Montana. Teams have also registered from the US Virgin Islands, Puerto Rico, Germany, South Korea, and Canada

Legislation, Policy, and Regulation

Putin Supports Project to 'Secure' Russia Internet (New York Times) President Vladimir V. Putin appeared on Wednesday to throw his support behind a plan to isolate the Internet in Russia from the rest of the World Wide Web, but said the Russian government was "not even considering" censoring Internet sites

Thought Crime: UK Leadership Wants To Ban Predicted 'Extremists' From Social Media, TV, Events (TechDirt) Theresa May, the current UK Home Secretary, has announced that, if re-elected, her party (the Conservatives) will push for "extremist disruption orders" which would effectively ban people declared "extremist" (using a very broad definition) from using social media or appearing on TV

Experts call for [Pakistan] cyber security legislation (The International News) Experts at daylong seminar 'Security in Cyber Space: Implications and Challenges' stressed on the need for comprehensive cyber security legislation to deal with the significant emerging national security threat, says a press release

Intel chairman: We need more cyber offense (FCW) Rep. Mike Rogers (R-Mich.) is reviving a dialogue between Congress and Cyber Command on the role of offense in U.S. cyber policy. House Intelligence Committee Chairman Mike Rogers said Oct. 1 he would like to see the United States go on the offensive in cyberspace more than it does, but that there is not a clear understanding across government of what an offensive policy entails

US Attorney General urges tech companies to leave back doors open on gadgets for police (Naked Security) US Attorney General Eric H. Holder Jr. on Tuesday urged tech companies not to lock police out of popular consumer gadgets, lest law enforcement's efforts to nab kidnappers or child predators be stymied

Contractors, Expect 72-Hour Rule for Disclosing Corporate Hacks (Nextgov) Look for the whole government to take a page from the Pentagon and require that firms notify their agency customers of hacks into company-owned systems within three days of detection, procurement attorneys and federal officials say

Remarks of Assistant Secretary Strickling at The Media Institute (National Telecommunications and Information Administration) I want to thank The Media Institute and Dick Wiley in particular for inviting me today. It has been four years since I last spoke here, and it is great to be back again

Elijah Cummings: Sleepless over security (Politico) Rep. Elijah Cummings on Wednesday said he was so disturbed after Secret Service Director Julia Pierson's congressional testimony that it kept him up at night

The reporter who brought down the Secret Service's director (Yahoo News) Washington Post journalist Carol Leonnig has been uncovering the agency's secrets for years

House Approves Federal Records Accountability Act (FEDWeek) The House before recessing through the elections passed by voice vote legislation that would create a process for the suspension and removal of an employee who an agency inspector general finds has willfully concealed, removed, mutilated, obliterated, falsified, or destroyed federal records

Key Homeland Security official urges passage of cybersecurity bill (Washington Post) A top Department of Homeland Security official on Wednesday called on Congress to pass cybersecurity legislation, saying there is a "dire need" to strengthen the department's ability to defend against cyberattacks

Navy stands up first cyber type command (Navy Times) Submarines have a three-star type commander who oversees their force. So do ship crews, aviation squadrons, and expeditionary sailors likes Seabees and divers. Now Navy hackers have their own, too

Patients don't own health record data (FierceContentManagement) Then again, neither does anyone else

South Dakota mail policy: Don't ask, don't keep (Sioux City Journal) Dead men tell no tales, and if they worked for the state of South Dakota, neither do their emails

California toughens breach notification law (Help Net Security) California Governor Edmund Brown has signed on Tuesday new legislation that will strengthen privacy and consumer protections in the state

Feds OK money to improve Port cyber security (Guam Pacific Daily News) The Port Authority of Guam received approval for $468,830 from the U.S. Department of Homeland Security to advance the Port's maritime security initiatives

Litigation, Investigation, and Law Enforcement

Cops Are Handing Out Spyware to Parents — With Zero Oversight (Wired) Mere days after a government crackdown on a spyware manufacturer comes the startling revelation that law enforcement agencies have been purchasing commercial spyware themselves and handing it out to the public for free

LulzSec supersnitch led attacks on UK, Australia — report (The Register) Sabu helped Feds target 30 countries, documents reveal

ID Theft Service Customer Gets 27 Months (Krebs On Security) A Florida man was sentenced today to 27 months in prison for trying to purchase Social Security numbers and other data from an identity theft service that pulled consumer records from a subsidiary of credit bureau Experian

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, October 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is...

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Upcoming Events

NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), October 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

NGA Cyber Security Day (Springfield, Virginia, USA, October 6, 2014) The National Geospatial-Intelligence will be hosting the 2014 Cyber Security Day at the NGA Headquarters in Springfield, VA. Featuring government and industry speakers, the focus will include such topics...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Technology & Cyber Security Day (Hill Air Force Base, Utah, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent...

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.