skip navigation

More signal. Less noise.

Daily briefing.

Protesters in Hong Kong continue to draw the authorities' attention, with extensive use of mobile remote-access Trojans (RATs) against activists reported.

India's Defence Metallurgical Research Laboratory sustained and apparently parried a cyber espionage attempt.

Shellshock attacks appear to have slackened, but as fresh Bash vulnerabilities are disclosed, this is probably only a parenthesis. Akamai (who reported the fall-off) notes that slightly more than half the payloads it's monitored were illegitimate probes, which comports with other analysts' predictions that early Shellshock exploitation was likely to be battlespace preparation for subsequent large-scale campaigns.

The JPMorgan breach is larger than initially feared: the bank disclosed in a security filing yesterday that some 76M household and 7M small business accounts were affected. Investigation continues.

Large data breaches in the banking and retail sectors drive a surging cyber-insurance market, in part because the assets at risk are relatively easy to determine compared to, for example intellectual property value-at-risk. IP remains difficult to insure.

Post mortems determine that the WordPress hack affecting Gizmodo early this summer distributed banking malware to 7000 users in two hours.

Failure to patch and employees' gullible susceptibility to social engineering bedevil enterprises.

NIST releases its "Framework and Roadmap for Smart Grid Interoperability Standards."

Russia's President Putin, cast vaguely implausibly in the role of cyber victim, authorizes TASS to state that "over 90M hacker attacks have been registered in Russia since 2010." (One presumes TASS doesn't include outbound hacker attacks.) Expect a Russian Internet crackdown — the Finance Ministry has already banned Bitcoin.

Notes.

Today's issue includes events affecting Australia, Brazil, China, India, Indonesia, Republic of Korea, New Zealand, Romania, Russia, Taiwan, Turkey, United States, and Vietnam.

Cyber Attacks, Threats, and Vulnerabilities

Year of the RAT: China's malware war on activists goes mobile (Ars Technica) Is the Chinese government spying on Hong Kong protesters' phones?

The best live-blogs, live streams and Twitter feeds for following Hong Kong's "Umbrella Revolution" (Quartz) The situation in Hong Kong is escalating. Protestors have swarmed around two important government buildings. The first is chief executive CY Leung's residence. The second is the Central Government Complex. Police have issued warnings and are standing by to keep the buildings secure. To help you follow the action as it unfolds, here's a list of some of our favorite sources

Hong Kong is attacking the protest movement's biggest weakness — its fragmented leadership (Quartz) So far in the Hong Kong protests, the territory's chief executive, CY Leung, has seemed inept at best. But in his press conference just a half hour before the deadline student leaders gave him to resign, he somehow found his inner Machiavelli

Cyber-Attack on Indian Defence Research Lab Thwarted: Quick Heal (NDTV) An attempt to steal sensitive data from Defence Metallurgical Research Laboratory (DMRL), the research lab of DRDO, through cyber-attack was detected and blocked in September, security software maker Quick Heal has said in its report

Situation Update: Bash Vulnerability (aka "shellshock") (Trend Micro: Simply Security) It's been over a week now since the remote code execution vulnerability affecting the bourne again shell ("bash") was made public

Researcher Takes Wraps Off Two Undisclosed Shellshock Vulnerabilities in Bash (Threatpost) The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff

Shellshock Vulnerabilities Proliferate, Affect More Protocols (TrendLabs Security Intelligence Blog) Since the initial discovery of the initial Shellshock vulnerability and multiple reports of it being exploited in the wild, more vulnerabilities have been found in Bash. This was not unexpected. After the initial disclosure of Heartbleed, other vulnerabilities were found in OpenSSL. This pattern is repeating itself with Shellshock and Bash

Bored hackers flick Shellshock button to OFF as payloads shrink (The Register) But beware of complacency, warn Akamai bods. Malicious and benign attacks against systems vulnerable to Shellshock had halved by Sunday after peaking three days following the bug's disclosure, Akamai researchers say

Shellshock Attacks Spotted Against NAS Devices (Dark Reading) First in-the-wild exploits found targeting QNAP network-attached storage devices

Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtime (Threatpost) The Xen Project published a security advisory yesterday about a critical vulnerability in its virtual machine and hypervisor systems that could expose public cloud servers to attacks capable of crashing host machines and even stealing small amounts of random data. The fix was made available under embargo to certain cloud service providers last week, leading to downtime as some of those providers performed emergency maintenance to resolve the vulnerability over the weekend

Release of Attack Code Raises Stakes for USB Security (Threatpost) Rarely in security is anything an absolute, but in the case of the BadUSB research that emerged during this year's Black Hat conference, phrases such as "completely compromised" and "undetectable" paint a grim picture for the security of devices that communicate over USB

Cyberattack Against JPMorgan Chase Affects 76 Million Households (New York Times) A cyberattack this summer on JPMorgan Chase compromised the accounts of 76 million households and seven million small businesses, a tally that dwarfs previous estimates by the bank and puts the intrusion among the largest ever

Anatomy of a Compromised Site: 7,000 Victims in Two Hours (TrendLabs Security Intelligence Blog) Earlier this year we discussed how Gizmodo's Brazilian site was compromised and used to spread online banking malware to approximately 7,000 victims in a two-hour span. The site was compromised via WordPress plugin vulnerabilities that allowed the attacker to add a script that redirected users to a second compromised site, which eventually led users to download the malware

Android browser flaw found to leak data (CSO) The vulnerability enables a hacker to run JavaScript from a website to steal data from web pages open in other browser tabs

Mobile Malware: Small Numbers, but Growing (New York Times) The warning was dire: A small security company revealed a flaw in millions of smartphones that could allow dangerous software to masquerade as a legitimate app and seize control of a phone

How RAM Scrapers Work: The Sneaky Tools Behind the Latest Credit Card Hacks (Wired) Today, news broke of yet more large-scale credit-card breaches at big-box stores, this time at Albertson's and Supervalu, grocery chains in the American west

POISON PI sniffs WiFi from your mail room, goes on rampage (The Register) Snail mail is preferred medium for hack attack pack

Cyber Trends

The anatomy and physiology of APT attacks (TechTarget) Building on what cybercriminals began, security services from many countries have the capability to attack and steal for their national interests

'Pernicious disease' of cyber war escalates (Banking Technology) While the average bank heist averages $6000, a cyber-thief can make off with millions. Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4

Most Security Pros Expect APT Attack in Next Six Months (Infosecurity Magazine) More than half of IT security professionals think they will be hit by a state-sponsored attack in the next six months, with 48% not confident their staff could spot the presence of a hostile intruder, according to new research

China Is The World's Top Source Of Internet Attack Traffic (Forbes) China is the place where the vast majority of Internet attack traffic originates from, according to Akamai's most recent "State of The Internet" report

Increase in unpatched browsers and operating systems leads to security concerns (Beta News) October is National Cyber Security Awareness Month (NCSAM) in the US and security company Secunia has marked this by issuing its latest Country Report assessing the state of security among PC users

Why the Apple Pay Launch Means Mobile Payments Have (Finally) Arrived (Kurt Salmon) Whether or not Apple Pay becomes yet another home run for the Cupertino-based behemoth will become clear in the coming months and years. In the meantime, however, one thing is certain: With its launch, mobile payments are here to stay

Poll: Employees Clueless About Social Engineering (Dark Reading) Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored

Sophos exposes lack of confidence around data protection (MicroScope) The confidence that customers have around the ability of their employer to look after data and stay on the right side of the law is shocklingly low given that more legislation is coming to increase the responsibility of firms to secure information

Half of NZ businesses not ready for cyber attack (Stuff) Half of New Zealand businesses are unprepared for cyber security threats even as online criminals devise nastier and more personal forms of attack, Vodafone says

Top Threats and Priorities for State CISOs (StateTech) A new NASCIO survey has found that security officers rank malicious code, hactivism and zero-day attacks as their greatest threats

Marketplace

Cyberinsurance Resurges In The Wake Of Mega-Breaches (Dark Reading) Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target

Cybersecurity Defense Hampered by Lack of 'White Hat' Hacker Talent (Wall Street Journal) The lack of qualified IT staff schooled in the latest data cybersecurity measures is the biggest challenge vexing chief information and security officers today, panel participants said at the Work-Bench Enterprise Security Summit

Bridging the talent gap in health care (SC Magazine) Cybercriminals are constantly looking to make a quick buck. But while many industry observers may assume — based on recent headlines — that credit cards are what these miscreants are primarily after, it is, in fact, patient data that really gets them more money

Developing a Digital Forensics Career (CareerInfoSecurity) As high-profile data breaches, such as those that hit SuperValu, Home Depot and many others, continue to grab headlines, demand is growing for well-trained digital forensics experts who can conduct timely investigations to determine the cause of a security incident and help identify mitigation steps

Fortinet takes 3rd position behind Cisco and Check Point in network security appliance market (Infotech Lead) Fortinet has taken third position behind Cisco Systems and Check Point Software Technologies in the network security appliance market that grows 4 percent in the second quarter 2014

Symantec: A Stock Worth Investing (Seeking Alpha) The company's financial position is strengthening due to increasing cyber threats and data hacking

Kaspersky places technical expertise at heart of partner efforts (MicroScope) When it comes to refining partner programmes there are several options that a vendor can follow, including the decision to develop a structure that leans more heavily on rewarding those resellers that develop technical expertise

Palo Alto Endpoint Security Announcement: Proof of a Market in Transition (NetworkWorld) Endpoint security tools moving beyond AV, putting a $10 billion market in play

Ex-NSA Director Touts Cybersecurity As A Service (InformationWeek) Gen. Keith Alexander advocates a better way for companies, large and small, to deal with cyber threats

Lockheed Martin to Establish Asia-Pacific ICT Engineering Hub in Australia (Product Design and Development) Lockheed Martin has announced it is establishing an Asia Pacific Information Communications Technology (ICT) engineering hub in Melbourne in close partnership with the government of Victoria

Archimedes Global and Teammate CRGT Win a Position on INSCOM Global Intelligence Contract (PRWeb) INSCOM IDIQ Acquisition valued at up to $2.16 billion over five years

Netskope's Gary Ochs Named to CRN's "100 People You Don't Know But Should" List (PRNewswire) VP of channel and alliances recognized by list honoring unsung heroes of the IT channel

World-Renowned Experts Join Skyhigh Networks' Cryptography Advisory Board (Herald Online) Board will provide expert oversight of encryption schemes for advanced cloud security, and deliver a boost to enterprise adoption of cloud services

Facebook Won't Stop Experimenting on You. It's Just Too Lucrative (Wired) Did you hear the one about Facebook charging $2.99 per month for access?

Products, Services, and Solutions

Testing house rejects Palo Alto's "pay-for-play" accusations (CRN) NSS Labs says allegations over its objectivity and accuracy made by next-generation firewall vendor are "dead wrong"

Palo Alto Cyvera integration starts with WildFire (Tech Target) Palo Alto starts to integrate network and endpoint security by connecting the WildFire sandbox to its Cyvera acquisition

MegaCryption PC/IX v2.0 Offers Enhanced Cryptographic Options and Simplified End User Experience (PRWeb) Advanced Software Products Group, Inc. (ASPG) has released version 2.0 of MegaCryption PC/IX, the fastest growing encryption tool for file cryptography on the Windows, Unix, and Linux platforms

Alert Logic Introduces ActiveWatch for Alert Logic Log Manager (Virtual Strategy) Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, today announced the availability of Alert Logic ActiveWatch for Log Manager, a managed service that delivers 24x7 analytics and monitoring of a company's log data, identifying potential security and compliance issues that could impact their organization

Intralinks Heads Off NSA Fears by Handing Crypto Keys to Customers (Infosecurity Magazine) Secure collaboration firm Intralinks has launched new capabilities designed to allow its customers to unilaterally manage their own encryption keys, ensuring that any cloud-based data can't be accessed without their permission

Tenable Network Security Customers Gain Fast Advantage over Shellshock (PRWire) New plugins, wizard and dashboard for Tenable's popular Nessus and Security Center products help businesses stay ahead of emerging threat

Fortscale Introduces User Behavior Analytics Solution That Enhances Security Teams' User-Related Threat Mitigation (Virtual Strategy) Fortscale is officially introducing its innovative flagship product that helps enterprise security analysts identify user-related threats, malicious insiders, compromised accounts, suspicious behavior and risky access to data by extracting Big Data repositories with user behavior analytics

Free tool tracks DNS changes in DNS zone files (Help Net Security) Incorrect edits to DNS can have catastrophic consequences such as disconnecting an entire company website or its email servers and causing costly downtime

Technologies, Techniques, and Standards

NIST releases Smart Grid Framework 3.0 (Help Net Security) The National Institute of Standards and Technology (NIST) has published its NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0, a document that reflects advances in smart grid technologies and developments from NIST's collaborative work with industry stakeholders. Revisions to its guidelines for smart grid cybersecurity are available as well

NIST Special Publication 1108r3: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0 (NIST) Since the release of the last edition of the NIST Smart Grid Framework and Roadmap for Interoperability Standards (Release 2.0), in February 2012, significant technological advances in smart grid infrastructure have been implemented, supported by standards development across the entire smart grid arena

Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities (Commonwealth of Pennsylvania) Cybersecurity is the responsibility of every employee; however, there are basic questions to which executives and employees should know the answers

Apple's Encryption Will Slow, Not Stop, Cops And Spies (Bloomberg) While the newest Apple Inc. (AAPL) and Google Inc. (GOOG) smartphones will automatically encrypt data stored on them, that won't keep U.S. law enforcement and intelligence agencies from obtaining evidence linked to the devices

Software Defined Perimeter (SDP) Prevailing after Hackathon Kickoff at Cloud Security Alliance Congress 2014 (CBS 8) The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing, today announced that Software Defined Perimeter (SDP) has yet to be hacked after 2.9 billion packets fired from 104 countries attempting breach of the SDP protected public cloud

Are Docker Containers Essential To PaaS? (InformationWeek) Platform-as-a-service is changing along with the rise of next-generation applications, but is Docker crucial? Interop panelists debate

Why Deep Packet Inspection still matters (Tech Republic) Deep Packet Inspection (DPI) is a technology that should offer much more weight than SPI (Stateful Packet Inspection)

What do we need to make IoT security a reality? (TechTarget) As standards and security models emerge, security professionals can take steps today to improve Internet of Things security

Modes of defense against security breaches in healthcare (Help Net Security) It's no secret that data security has serious implications for healthcare providers. A major breach can seriously undermine public trust — and result in hefty fines

CSAM: My Storage Array SSHs Outbound! (Internet Storm Center) Kuddos to Matthew for paying attention to egress traffic. We keep emphasizing how important it is to make sure no systems talk "outbound" without permission. Just this last week, various Shellshock exploits did just that: Turn devices into IRC clients or downloading additional tools via HTTP, or just reporting success via a simple ping

Continuous file assessment gives security the edge in finding malware (ProSecurityZone) Terry Greer-King, Director of Cyber Security at Cisco explains Advanced Persistent Threats and the ability of modern security software in assessing vulnerabilities

Research and Development

DARPA seeks ideas on cyber vulnerabilities and recoveries (FCW) The Innovation Information Office (I2O) at DARPA is interested in research on near-term cybersecurity threats and new resiliency strategies

DARPA Director Discusses Cyber Security Challenges (DoD News) The Defense Advanced Research Projects Agency is working on new ways to protect information and systems that use the Internet, said Arati Prabhakar, the agency's director

Academia

National Counterterrorism Expert Joins Rutgers School of Criminal Justice (Rutgers Today) John Cohen will teach and advise Rutgers' new Institute for Emergency Preparedness and Homeland Security

Legislation, Policy, and Regulation

Over 90 million hacker attacks registered in Russian Internet since 2010 (TASS) It is obvious that today we need to develop and implement a range of additional measures in the area of information security, Russian President Vladimir Putin says

Russia to Issue Ban and fines for Cryptocurrency Use (Bitcoin EU) Russia's Ministry of Finance has put forward what many were expecting yet also unable to believe: a ban on the use of digital currency, and the implementation of fines as an appropriate deterrent

Security stoush settled by one flex of Julie Bishop's muscles (Melbourne Herald Sun) There was a blue in Canberra this week over whether or not Australia's security, law enforcement and intelligence agencies ought to be rolled into a super-department, something like the behemoth Department of Homeland Security in the United States.

DoD helping other countries build cybercommands, says official (FierceGovernmentIT) The Defense Department is working with foreign militaries on cyber "capacity building" by helping them stand up offensive and defensive capabilities in the cyber domain, said a DoD official during an Oct. 1 event hosted by the Washington Post

The CIA Spy Ban Is for Show (American Conservative) Keeping tabs on Turkey alone is justification enough for Langley to relax its new rules on targeting Europe

Police want back doors in smartphones, but you never know who else will open them (Washington Post) The government's increasingly loud complaints about Apple and Google's tough new forms of smartphone encryption have sidestepped a crucial fact: The same security measures that make it hard for police to get into electronic devices also deters other — be they foreign governments, business rivals or creepy guys looking to steal your photos and post them on the Internet

Rapid Equipping Force to Expand Reach Globally (National Defense) The Rapid Equipping Force cut its teeth during the wars in Iraq and Afghanistan rushing new technology to troops in days or weeks instead of months or years. Now, with fewer boots on the ground in the Middle East, the REF will turn to other parts of the globe, said its director Oct. 2

NGA gears up for new director (Federal Times) The National Geospatial Intelligence Agency is preparing for a changing of the guard as director Letitia Long prepares to step down as the agency's director

Litigation, Investigation, and Law Enforcement

New Zealand PM Responds To Snowden Surveillance Claims (HS Today) Prime Minister John Key refuted claims that the New Zealand Government Communications Security Bureau (GCSB) is spying on the nation's citizens. The GCSB undertakes cybersecurity operations to protect individual public and private sector entities from the increasing threat of cyber attack

National Change of Address Program (USPS Office of Inspector General) Security controls over the COA manual processes and NCOALink data are not sufficient to protect the confidentiality and integrity of customer information

Interpol opens global 'nerve centre' to tackle cyber crime (V3) Interpol has opened a Global Complex for Innovation (IGCI) information centre that it hopes will become an international nerve centre in the fight against cyber crime

Silk Road Lawyers Poke Holes in FBI's Story (Krebs On Security) New court documents released this week by the U.S. government in its case against the alleged ringleader of the Silk Road online black market and drug bazaar suggest that the feds may have some 'splaining to do

How hackers accidentally sold a pre-release XBox One to the FBI (ITWorld) Group member Dylan Wheeler said the FBI ended up buying a mockup of the XBox One for $5,000

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

NGA Cyber Security Day (Springfield, Virginia, USA, October 6, 2014) The National Geospatial-Intelligence will be hosting the 2014 Cyber Security Day at the NGA Headquarters in Springfield, VA. Featuring government and industry speakers, the focus will include such topics...

Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, October 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Technology & Cyber Security Day (Hill Air Force Base, Utah, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent...

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.