skip navigation

More signal. Less noise.

Daily briefing.

Anonymous claims successful hacks of Chinese government Websites (defacements and data leaks) in solidarity with Hong Kong pro-democracy activists. Reports that Hong Kong authorities have arrested suspected members of Anonymous suggest the claims may be more than the collective's usual gasconade.

Sandworm, the Russian group that long exploited now-patched Windows vulnerability CVE-2014-4114, will continue to prey upon unpatched systems, then turn to fresh exploits. Attribution remains provisional, but few doubt that Sandworm's working for Russian security services.

A team of cyber security companies takes action against exploit kits used by the Hidden Lynx group (run by Chinese security organs). Symantec, one of the teammates, calls the action "creation of comprehensive, multi-vendor protection." See also Cisco's profile of "Group 72 for more insights into Chinese threat actors. CrowdStrike notes that another group, Hurricane Panda, has just had its favorite vulnerability (Windows CVE-2014-4113) patched.

The SSLv3 bug, long rumored and much tweeted over, is finally disclosed. The Google researchers who discovered it have given it the tortured acronym "POODLE" (Padding Oracle on Downgraded Legacy Encryption). Opinions about POODLE's severity differ sharply, but the SANS Internet Storm Center's advice is direct: "Disable SSLv3."

Dropbox continues to reassure users that it wasn't hacked, that the reported breach isn't real, and owes its appearance to third-party problems and poor password hygiene (basically, password reuse).

JPMorgan tells investors it sees no elevated fraud levels post hacking incident, which leaves the continuing puzzle: what were the attackers after?

Much industry talk of threat intelligence and its uses.

Notes.

Today's issue includes events affecting China, Israel, NATO, Republic of Korea, Poland, Russia, Taiwan, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

#OpHK: Anonymous Takes Down Chinese Government Websites, Leaks Data (Hack Read) In support of pro-democracy protests in Hong Kong, the online hacktivist Anonymous previously announced 'Operation Hong Kong' against the government and its supporters

The "Sandworm" malware — what you need to know (Naked Security) You may have heard or seen mention of the latest catchily-named malware attack: "Sandworm"

Russian hackers suspected of Kremlin ties used Windows bug 'to spy on west' (Guardian) Cyber-threat intelligence firm iSight says 'Sandworm Team' used unknown bugs from 2009 to steal EU and Nato documents

Security vendors take action against Hidden Lynx malware (Symantec Security Response) A coordinated operation involving Symantec and a number of other security companies has delivered a blow against Backdoor.Hikit and a number of other malware tools used by the Chinese-based cyberespionage group Hidden Lynx. Dubbed Operation SMN, this cross-industry collaboration has seen major security vendors share intelligence and resources, resulting in the creation of comprehensive, multi-vendor protection which may significantly blunt the effectiveness of this malware. The organizations involved in this operation include Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, ThreatConnect, Tenable, ThreatTrack Security, and Volexity

Security vendors claim progress against Chinese group that hacked Google (PCWorld) A group of security companies say a collaborative effort has helped counter several hacking tools used by a China-based group most known for provoking strong condemnation from Google four years ago

Threat Spotlight: Group 72 (Cisco Blogs) Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors

'Hurricane Panda' hackers used Microsoft zero-day, CrowdStrike says (PCWorld) One of the zero-day flaws patched by Microsoft on Tuesday had been used for some time by a group with suspected Chinese government ties that targets technology companies, CrowdStrike's chief executive said Tuesday

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue (Threatpost) A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and CRIME, and can enable an attacker to retrieve a supposedly secure cookie

SSL broken, again, in POODLE attack (Ars Technica) Yet another flaw could prove to be the final nail in SSLv3's coffin

Dreaded SSLv3 bug no monster, only a POODLE (CSO) Hype for the vulnerability in SSLv3 was all bark and little bite

There Is a New Security Vulnerability Named POODLE, and It Is Not Cute (Wired) On a day when system administrators were already taxed addressing several security updates released by Microsoft, Oracle, and Adobe, there is now word of a new security hole discovered in a basic protocol used for encrypting web traffic. Its name is POODLE, which stands for Padding Oracle on Downgraded Legacy Encryption, and it was discovered by three Google security researchers — Bodo Moller, Thai Duong, and Krzysztof Kotowicz

Don't believe the Dropbox breach hype (CSO) A thread posted on Reddit today claiming a massive hack of 7 million Dropbox accounts. The post contained hundreds of usernames and passwords as a tease to "prove" the veracity of the claim. Dropbox, however, says the claims are false

Dropbox Blames Security Breach on Password Reuse (Wall Street Journal Digits) Dropbox urged users to enable a security measure called two-step authentication amid reports that the login credentials for millions of its users had been compromised

Hacked Snapchat Website Demands Bitcoin to Talk About Getting Hacked (Motherboard) If you run a third-party site that was just accused of allowing thousands of private videos — some of them likely to be child porn — to be hacked from your server, do you A) fess up and apologize, B) go into hiding and let the thing blow over, or C) demand Bitcoin in exchange for interviews about how you f[**]ked up?

BRIEF-JPMorgan CFO: no elevated fraud seen due to cyber attack (Reuters) JPMorgan Chase & Co Chief Financial Officer Marianne Lake and Chief Executive Jamie Dimon held a call with journalists to discuss third-quarter earnings. These are some highlights

Fallout coming from JPMorgan hack attack (Washington Examiner) The large-scale hacking attack against Wall Street this summer was more significant than the public realizes, analysts say

Cybersecurity mystery at JPMorgan Chase: What were hackers after? (Yahoo! News) The massive online security breach at JPMorgan Chase has confounded investigators because only customers' contact information appears to have been taken. And there is no evidence that funds were stolen

FDIC to Banks: Prep for "Urgent" Threat of Cyberattacks (JD Supra) Financial institutions are facing an "urgent" threat of hacks and cyberattacks causing regulators to take a closer look at banks' efforts to combat such concerns, the Federal Deposit Insurance Corporation (FDIC) Chairman recently cautioned

FinFisher Shell Extension and Drivers Analysis (Coding and Security) As requested on reddit and twitter, this time I'm going to analyze final pieces of FinFisher malware: shell extension, driverw.sys and mssounddx.sys. No time to waste, so let's begin

CMS Plug-Ins Put Sites At Risk (Dark Reading) Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms

The Evolution Store suffers data breach (CSO) When I first read about this breach I could not help but to think of various Darwin related jokes. I opted not to run with them in the end. A data breach is no laughing matter

Spammers spreading new Wolf of Wall Street scam (Help Net Security) Millions of penny stock spam emails have been flooding inboxes, spreading a new 'Wolf of Wall Street' scam and inflating the stock values of a mineral deposit company, according to Bitdefender's Antispam Lab

Personal info of 850k Oregon jobseekers potentially compromised (Help Net Security) 85, 322 individuals who used Oregon Employment Department's WorkSource Oregon Management Information System (WOMIS) will soon be receiving notices that they information might have been compromised due to a recently discovered vulnerability

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn (Naked Security) A Facebook page set up to chronicle the extremely short life of a baby with the rare, terminal condition of anencephaly was hijacked within days of the infant's death and set to display lewd images

Security Patches, Mitigations, and Software Updates

OpenSSL Releases OpenSSL 1.0.1j, 1.0.0o and 0.9.8zc (Internet Storm Center) This update to the OpenSSL Library addresses 3 vulnerabilities. One of these is the "POODLE" vulnerability announced yesterday

SSLv3 POODLE Vulnerability Official Release (Internet Storm Center) Finally we got an official announcement. For all the details, jump straight to the original announcement

Mozilla Releases Security Updates for Firefox and Thunderbird (US-CERT) The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a man-in-the-middle attack, or execute arbitrary code

Microsoft Releases October 2014 Security Bulletin (US-CERT) Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass

Oracle Releases October 2014 Security Advisory (US-CERT) Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products

Adobe Releases Security Updates for ColdFusion and Flash Player (US-CERT) Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system

Cyber Trends

Cost Of A Data Breach Jumps By 23% (Dark Reading) Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds

The threat intelligence problem (FierceITSecurity) Dave Aitel argues that 'threat intelligence' recycles a dead security product model

From scaremongering to business enablement: reframing the cyber security debate (Information Age) Security must move from 'cleaning up after the breach' to 'empowering digital businesses'

Marketplace

Startup Risk I/O secures $4M for data-driven security intelligence, names new CEO (Silicon Angle) Risk I/O today announced that it has raised an additional $4 million as part of its Series A financing round, bringing the company's total capital raised to date to $10.5 million. The startup also today announced that it has named Silicon Valley security veteran Karim Toubba as its new CEO

ZeroFOX Joins Black Hat as a Sustaining Partner (ZeroFOX) ZeroFOX is thrilled to support the global cyber security community as a Black Hat sustaining partner. Black Hat is an innovative hub of industry experts and thought leaders, and ZeroFOX is excited to facilitate the conversation around social media and its associated risks

Officials: Cooperation needed to meet cyber jobs' demands (Gazette.Net) Education, government and business leaders must collaborate to take advantage of the region's standing as a national leader in cyber security job openings, officials said during a meeting in Silver Spring last week

RiskIQ Appoints Arian Evans Vice President of Product Strategy (Herald Online) Leading provider of customer facing threat detection technology taps former WhiteHat Security executive to head up innovation development

Products, Services, and Solutions

How one company is getting smartphones to rat out their criminal owners (ZDNet) Digital forensics firm Cellebright has moved from copying contacts on mobile phones to digital forensics, helping police collar the bad guys along the way

Demand for Cyber Security Qualifications Dictates Course Offering in IT Governance's Autumn-Winter Catalogue (EIN) IT Governance has reported that the selection of courses in its autumn-winter catalogue has been informed by the growing demand for cyber security qualification

HP, Webroot Partner for Predictive Threat Intelligence (MSPMentor) The Webroot BrightCloud IP Reputation Service will now be offered as part of the HP Enterprise Security Products portfolio

Cyber Squared Inc. Partners with Centripetal Networks to Deliver Superior Threat Intelligence Solution (Sys-Con Media) Cyber Squared Inc., provider of security services and the leading Threat Intelligence Platform, ThreatConnect®, announced a partnership with Centripetal Networks to integrate ThreatConnect's customizable threat intelligence into Centripetal's RuleGate® appliance

Vorstack Accelerates Adoption of Threat Intelligence Strategies (Virtual-Strategy Magazine) Vorstack, a provider of a new breed of enterprise security products, announced today during the FS-ISAC Fall Summit in Washington D.C., that it is demonstrating Version 5.0 of the Vorstack Automation and Collaboration Platform (ACP)

Drew Morin: TCS-LR Kimball Team to Offer Gov't Agencies Net Security Services (ExecutiveBiz) TeleCommunication Systems has partnered with CDI Engineering Solutions' infrastructure services business unit L.R. Kimball to offer cybersecurity services for government customer networks at the state and local levels

FlowTraq partners with A10 Networks to speed and automate DDoS attack detection and mitigation (CSO) Partnership combines FlowTraq's high volume network traffic analysis capabilities with A10's traffic shaping expertise

Duo Security Introduces API Edition of Its Two-Factor Authentication Service (Dark Reading) Enables developers to quickly add strong authentication to Web and mobile apps

U.S. Army Testing Lockheed Martin Upgrades To Battlefield Intelligence Enterprise (MarketWatch) The U.S. Army's primary intelligence system is testing software developed by Lockheed Martin LMT, -1.06% that will help them sort through terabytes of intelligence gleaned from manned and unmanned sources, improving their ability to efficiently analyze data

The secure smartphone that won't get you beaten with rubber hoses (Ars Technica) A new take on the secure smartphone, with a secure messaging app to go with it

Technologies, Techniques, and Standards

ONC interoperability road map draft outlines governance, certification standards goals (FierceHealthIT) An updated draft version of the Office of the National Coordinator for Health IT's 10-year road map to interoperability, published online late Monday, outlines goals for governance and certification standards and calls for "unprecedented collaboration" in ensuring that technology can seamlessly support the health of patients on a day-to-day basis

HIMSS seeks specific guidance from NIST on cybersecurity framework (FierceHealthIT) The healthcare industry needs the National Institute of Standards and Technology (NIST) to get specific about how to implement its cybersecurity framework, HIMSS writes in a letter to NIST Acting Director Willie E. May

Oil and Gas Industry Unites to Pull Plug on Cyberintruders (TheStreet) Companies in the U.S. oil and gas industry are moving to work together to fight the onslaught of cybersecurity marauders infiltrating their computer network systems

Questioning the chain of trust: investigations into the root certificates on mobile devices (Bluebox) All SSL connections rely on a chain of trust. This chain of trust, a part of PKI, is established by certificate authorities (CAs), which serve as trust anchors to verify the validity of who a device thinks it is talking to

Leveraging network intelligence for cybersecurity (GSN) When it comes to cybersecurity, boldface security organizations can seem just as susceptible to hacks as anyone else

Mastering Security Analytics (Dark Reading) Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?

New rules aim to prevent IoT devices from taking down mobile networks (PCWorld) The dream of an Internet of things could turn into a nightmare for mobile operators, if sloppily written apps or chatty smartmeters were to overload their networks with signaling traffic. To avert such a scenario, a number of operators are backing a new set of network usage guidelines for device manufacturers and app developers

Protecting Point-of-Sale Devices in the Face of Attacks (SecurityWeek) In recent years, point-of-sale (PoS) systems have become a point of emphasis for attackers looking to steal credit and debit card information

5 steps to lock down your webmail account (Naked Security) For most people, webmail is their main personal account — used for everything from keeping in touch with friends and relatives to dealing with banks, government, shopping sites and other online services

Research and Development

New tech transforms transparency into privacy (CSO) Preserving privacy by keeping information secret isn't working. Consumers give away precious data for online baubles. Data breaches, large and small, spill data all over the Web. Marketers indiscriminiately gather details about the online lives of people in their target markets

Academia

Grooming Students for A Lifetime of Surveillance (Model View Culture) The same technologists who protest against the NSA's metadata collection programs are the ones profiting the most from the widespread surveillance of students

Schoolgirl aged 15 left humiliated when teachers showed her bikini photo in assembly (Hot for Security) Remember when you were a teenager? And you had thousands of friends on Facebook?

Legislation, Policy, and Regulation

EU-Funded Study: Electronic Mass Surveillance Fails — Drastically (Just Security) Electronic mass surveillance — including the mass trawling of both metadata and content by the US National Security Agency — fails drastically in striking the correct balance between security and privacy that American officials and other proponents of surveillance insist they are maintaining

New Russian Cyber Spying Campaign Bolsters Need for Continued NSA Use of Software Holes (Washington Free Beacon) Former NSA official says Windows vulnerability shows Russian cyber attack capabilities

Air Force to step up recruiting, shorten training for cyber airmen (Air Force Times) The Air Force may shorten the training time for cyber airmen to move them into their jobs faster — and airmen with existing cyber certifications would get a head start

Litigation, Investigation, and Law Enforcement

Cybercrime is a 'freebie' for thieves in other countries attacking Americans: FBI (New York Daily News) FBI Director James Comey warned that most cyberthieves are operating in countries where they're immune from U.S. prosecution. In an interview Sunday on CBS' '60 Minutes,' he said the FBI is working with other countries to tackle the problem

Debate: Does Mass Phone Data Collection Violate The 4th Amendment? (NPR) The Fourth Amendment to the U.S. Constitution guarantees that "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated"

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online...

NICE 2014 Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices,...

INFILTRATE Security Conference (Miami Beach, Florida, USA, April 16 - 17, 2015) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot...

Upcoming Events

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.