skip navigation

More signal. Less noise.

Daily briefing.

Hong Kong's umbrella protesters embrace Evernote against censorship, a surprising use that suggests censorship's futility.

The security consortium conducting "Coordinated Malware Eradication" of Chinese-deployed RATs reports progress against Moudoor and Hikiti.

Trend Micro sees a SCADA angle to Sandworm (attributed to Russia by essentially everybody except Mr. Putin): "this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform's CIMPLICITY HMI solution suite."

Researchers find modular malware designed for use against OSX.

Fortinet develops and demonstrates a proof-of-concept attack that hides Android malware in images. (Other researchers, including Lastline's co-founder, note that evasive behavior is an increasingly significant marker of advanced malware.)

Real-time ad bidding is a key enabler of ongoing cyber espionage malvertising against US defense contractors.

Dreyza/Dyre banking malware evolves into a Bitcoin-targeting form distributed by the Cutwail botnet.

New versions of Tor and Tails are out.

The FBI pushes for more lawful intercept capability.

Notes.

Today's issue includes events affecting Australia, Bahrain, Canada, China, Egypt, Ethiopia, European Union, Republic of Korea, Poland, Russia, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

The new anti-censorship tool in China: Evernote (Quartz) Mainland Chinese readers may have found one way around China's tight grip over news and information about the pro-democracy protests that have swept Hong Kong for the last three weeks — a California-based app best known for its personal to-do lists, clipping web-pages, and sharing notes between coworkers

FireEye, Microsoft, Cisco team up to take down RAT-flinging crew (Register) Tired of living in the, er, Shadow of Moudoor

MSRT October 2014 — Hikiti (Microsoft Malware Protection Center) The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats

Sandworm to Blacken: The SCADA Connection (TrendLabs Security Intelligence Blog) On October 14th, a report was publicly released regarding the Sandworm team. After beginning an investigation into the affiliated malware samples and domains, we quickly came to realization that this group is very likely targeting SCADA-centric victims who are using GE Intelligent Platform's CIMPLICITY HMI solution suite. We have observed this team utilizing .cim and .bcl files as attack vectors, both of which file types are used by the CIMPLICITY software. As further proof of the malware targeting CIMPILICITY, it drops files into the CIMPLICITY installation directory using the %CIMPATH% environment variable on the victim machines

Exploring the 'insecure by design' blind spot in industrial systems (EnergyWire) While cyberattackers and defenders duel for advantage in ever-more-complex digital battlegrounds, a set of basic vulnerabilities affecting power grids, factories and pipelines has gone largely unaddressed

The Internet of Things: 7 Scary Security Scenarios (Dark Reading) The IoT can be frightening when viewed from the vantage point of information security

The Ventir Trojan: assemble your MacOS spy (Securelist) We got an interesting file (MD5 9283c61f8cce4258c8111aaf098d21ee) for analysis a short while ago. It turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose: an ordinary 64-bit mach-o executable contained several more mach-o files in its data section; it set one of them to autorun, which is typical of Trojan-Droppers

Top 6 threats to iOS devices (CSO) Given the recent iOS update and iPhone announcement, a security group provides tips to fend off threats to your device

New technique allows attackers to hide stealthy Android malware in images (IDG via CSO) A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play's own malware scanner

Check Point Researchers Uncover Potential Next Generation Android Attacks (MarketWired) The Binder exposes Android devices to data and information leaks

Updates, changes to security, could lessen POODLE's bite (SC Magazine) POODLE will do less damage if SSL v3.0 is finally put to rest. Is Poodle's bark worse than its bite? Only time will tell if attackers will wreak havoc by exploiting the flaw in the widely supported SSL v3.0 cryptography protocol

Will new 'Poodle' web threat affect health data security? (HealthITSecurity) Cyber security is crucial for many organizations, and the healthcare industry is no different. While the most recent discovery of a security bug in numerous types of web encryption technology is not seen as serious as past threats, it's still important for healthcare organizations to keep themselves up-to-date

Hackers strike defense companies through real-time ad bidding (PCWorld) A major change this year in how online advertisements are sold has been embraced by hackers, who are using advanced ad-targeting capabilities to precisely deliver malware

'The Snappening': stolen Snapchat photos site defaced, details of site owner published (Naked Security) When thousands of Snapchat pictures got published online last week, they were hard to get at for those who went looking

Snapchat breach exposes flawed premise, security challenge (Reuters) The prospect of tens of thousands of potentially racy Snapchat photos hitting the Internet has driven home a simple fact: the mobile app's core feature — delivering photos and videos that vanish seconds after viewing — is flawed

CUTWAIL Spambot Leads to UPATRE-DYRE Infection (TrendLabs Security Intelligence Blog) A new spam attack disguised as invoice message notifications was recently seen spreading the UPATRE malware, that ultimately downloads its final payload — a BANKER malware related to the DYREZA/DYRE banking malware

Old Adobe Vulnerability Used in Dyreza Attack, Targets Bitcoin Sites (TrendLabs Security Intelligence Blog) Cybercriminals and threat actors often use tried-and-tested vulnerabilities in order to infect user systems and consequently, penetrate an enterprise network. This highlights the importance of patching systems and keeping software and applications up-to-date

Black Hat Keynoter: Beware of Air Gap Risks (InfoRiskToday) Using an air gap — a computer network that's disconnected from other local networks and the Internet — has long been a recommended defensive strategy for use in highly secure environments. But at the opening keynote on Oct. 16 for the Black Hat Europe conference in Amsterdam, cryptographer Adi Shamir described how a malware-infected, all-in-one printer could be used to infiltrate and exfiltrate data from air-gapped networks, using a long-distance laser to send data into the environment and the video camera on a drone to get it out. He dubbed the vulnerability "Scangate"

Whisper executive says tracking happens, but the data isn't exact (CSO) Whisper app has to log location data in order for it to work

Ebola Phishing Scams and Malware Campaigns (US-CERT) US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system

Security Patches, Mitigations, and Software Updates

Tor Browser 4.0 is released (Tor Project) The first release of the 4.0 series is available from the Tor Browser Project page and also from our distribution directory

Tails 1.2 is out (Tails) Tails, The Amnesic Incognito Live System, version 1.2, is out

New OpenSSL updates fix POODLE, DoS bugs (Help Net Security) The OpenSSL Project has pushed out new releases of the popular homonymous open-source cryptographic library, which fix four serious vulnerabilities, including the POODLE (Padding Oracle On Downgraded Legacy Encryption) problem

Apple Updates (not just Yosemite) (Internet Storm Center) Apple yesterday released the latest version of its operating system, OS X 10.10 Yosemite. As usual, the new version of the operating system does include a number of security related bug fixes, and Apple released these fixes for older versions of OS X today

'Silent' Fix For Windows USB Bug? (Dark Reading) Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS

Cyber Trends

Cyber attacks an increasing threat for Mideast oil and gas (Gulf News) Cyber attacks are increasingly becoming a cause for concern for oil and gas companies operating in the Middle East

Cyber thieves turning data to cash (HealthcareDIVE) Right now, healthcare data security is not, shall we say, a model for other industries. Experts in the field warn that not only can hackers get into many networks, they can slip into your medical devices — from infusion pumps to MRIs — and cause them to do nasty things. To my knowledge, no one has been killed by a marauding cyber-attacker messing with a device, but given how easy it is to do, it's only a matter of time

National Cybersecurity Month: Experts and Analyst Comment on Recent Security Breaches (CNN Money) Investorideas.com, a global news source covering leading sectors including cybersecurity and biometrics, issues commentary from industry experts and analysts on recent security breaches (including Home Depot and JP Morgan) as National Cybersecurity Month drives even more awareness to the issue

Marketplace

Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious (Dark Reading) MeWe offers free, secure, and private communications

Telstra snaps up Bridge Point in strategic product push (ZDNet) Telstra is working to bolster its position in Australia's managed network and security services markets with the acquisition of Queensland's Bridge Point

Digital Guardian enters world of mobile and cloud data security with Armor5 acquisition (Boston Business Journal) Waltham-based security software firm Digital Guardian, which rebranded from Verdasys this past August, said Thursday that it acquired California-based mobile security startup Armor5 as the company moved into securing data on mobile devices

As Cyber Crime Grows, Buy This Firm? (Wall Street Daily) Every year, this threat costs companies and consumers $100 billion in losses

Remembering Shon Harris: Logical Security founder passes away (TechTarget) Shon Harris, founder and CEO of Logical Security and recognized security certification training expert, died Oct. 8, 2014, after a long illness. SearchSecurity pays tribute to her contributions to the information security field

Products, Services, and Solutions

This new "Apple SIM" could legitimately disrupt the wireless industry (Quartz) Perhaps the most interesting news about Apple's new iPad Air 2 tablet is buried at the bottom of one of its marketing pages: It will come pre-installed with a new "Apple SIM" card instead of one from a specific mobile operator

iboss aims to plug school security holes (MicroScope) Schools are increasingly coming under attack from hackers and are facing greater security challenges as pupils and staff bring their own devices into the classroom and look for more mobile access

Porticor Improves Cloud Data Protection (Newsfactor Bu$iness Report) Porticor improves cloud data protection for former Gazzang Customers with new buyback program — former Gazzang customers can benefit from Porticor's software-defined encryption key management for total security of cloud data

MobileIron And FireEye Join Forces To Proactively Secure Mobile Devices Against Emerging Threats And Malicious Apps (Benzinga) MobileIron (NASDAQ: MOBL [FREE Stock Trend Analysis]), the leader in enterprise mobility management (EMM), and FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today announced an integration between MobileIron and the FireEye® Mobile Threat Prevention™ (MTP™) solution

ThreatTrack Security Simplifies Malware Defense with VIPRE Business Premium 7.0 (Business Journals) Industry-leading antivirus adds cloud management for off-network endpoints, automated policy assignment, and faster scanning to bolster security and user productivity

WatchGuard's APT Blocker Named Advanced Persistent Threat Security Solution of the Year by Computing Security Awards (MarketWatch) Just seven months on the market, WatchGuard's advanced malware solution wins against industry-leading solutions such as FireEye, Fortinet's FortiSandbox and Palo Alto's WildFire

Egress Software Named Winner at the Computing Security Awards and the Digital Entrepreneur Awards (IT News Online) Egress Software Technologies has won 'Encryption Solution of the Year' at the 2014 Computing Security Awards and 'Software Innovation of the Year' at the 2014 Digital Entrepreneur Awards, in two separate ceremonies held on Thursday 9th October. In addition, the Computing Security Awards also saw Egress come first runner up in the 'Security Service Provider of the Year' and 'Security Project of the Year — Public Sector' categories

InsiderThreatDefense.Com (ITD) Releases Insider Threat Program Training Course For U.S. Government Agencies / Businesses (MMD Newswire) Insider Threat Defense (ITD) announced that it has developed and is offering a specialized Instructor Led Insider Threat Program (ITP) Training Course. The ITP Training Course was developed in response to the many recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach) and businesses. The course provides organizations with a proven and comprehensive enterprise framework for mitigating Insider Threats

Technologies, Techniques, and Standards

POODLE: Turning off SSLv3 for various servers and client. (Internet Storm Center) Before you start: While adjusting your SSL configuration, you should also check for various other SSL related configuration options

Voiceprints Are Collected by Major Banks to Identify Fraudsters (Softpedia) Acoustical anomalies can help detect fraud attempts

CISOs should hire behavioural psychologists to beat the insider threat (SC Magazine) Two information security consultants believe that the much-publicised insider threat — where a company employee leaks data intentionally or unconsciously — could be countered by building employee loyalty and hiring behavioural psychologists

Bankers Association steps up educational efforts on identity theft (FierceCIO) Retailers have been among the most visible victims of escalating cybercrime this year, but the financial services industry remains among the most heavily targeted

Tips for mitigating the financial impact of identity theft (Help Net Security) With a number of large retailers and banks reporting massive data security breaches in the last year, leaving hundreds of millions of consumers' personal information compromised, it seems inevitable that one's identity and personal information will be stolen at some point

Don't let hackers attack: 15 tips to minimize cyber exposure (PropertyCasualty360) October is Cyber Security Awareness month. Help yourself and your customers with these tips for general, mobile and home network security

How security-wary retailers can prepare for the holiday season (Help Net Security) Retailers are beside themselves with worry as the spate of data breaches among them continues. With Black Friday approaching, what can retailers still do to protect themselves from these cybercrooks?

Design and Innovation

Data artist in residence: Why your data needs an artist's touch (IT World) A growing number of companies are looking at new ways to display their data and turning to the art world for assistance

Adobe CSO offers Oracle security lesson: Go click-to-play (Register) Pots and kettles in heated argument at Oz security confab

Lessons learned developing Lynis, an open source security auditing tool (Help Net Security) If you've been involved with information security for more than a decade, you've probably heard of Rootkit Hunter or rkhunter, a software whose primary goal is to discover malware and local exploits on Unix and Linux

Research and Development

Recognizing Evasive Behaviors Seen as Key to Detecting Advanced Malware (Threatpost) Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We've seen malware samples that determine if they're being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until analysis passes. Other samples use layers and layers of encryption packers, frustrating intrusion detection systems and analysts' attempts to get a peek at malware behavior

Can quantum key distribution improve smartphone and tablet security? (TechTarget) Application security expert Michael Cobb explains how quantum key distribution works, and whether it is a viable method of improving the security of smartphones and tablets

Academia

End of support for Windows Server 2003 tests college security (eCampusNews) Microsoft is ending support for Windows Server 2003 on July 14, 2015 — colleges and universities should start planning now if they need to upgrade, experts say

Northrop Grumman Advances Cyber Research with University of Colorado (MarketWatch) Northrop Grumman Corporation NOC, +0.26% has provided $70,000 to the University of Colorado, Colorado Springs (UCCS) to conduct research on cyber protection. Under the nine-month pilot program, the UCCS College of Engineering and Applied Science will explore and develop technology for enhancing data security and resiliency applicable to Defense Department networks

Legislation, Policy, and Regulation

Netizen Report: From Egypt to the EU, Calls for Social Media Censorship in Name of National Security (Global Voices) Global Voices Advocacy's Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. We begin this week's report in the world of social media, where major platforms are facing pressure to change their practices in order to mitigate threats to state power

Conservatives to give spy agency more powers to track terrorism suspects (Globe and Mail) The Canadian Security Intelligence Service is getting new legislation from the Conservative government, amid the spy service's complaints that a Federal Court judge has created blind spots in its efforts to track Canadian terrorism suspects travelling in the wider world

MP urges companies to adopt cyber security audits to prevent being exposed (Worcester News) West Worcestershire MP Harriett Baldwin has called on companies to audit their cyber security as a wave of cyber thefts hits the online community

FBI director: Tech companies should be required to make devices wiretap-friendly (Washington Post) FBI Director James B. Comey on Thursday called for the law to be changed to require technology companies to provide investigators with a way to gain access to encrypted communications, warning that without reform, Americans would see cases in which murderers, rapists and terrorists could more easily elude justice

U.S. to Boost Security for Government-Issued Debit Cards (Wall Street Journal) Obama to announce measures Friday, amid concern over secure financial data

Army Electronic Warfare 'Is A Weapon' — But Cyber Is Sexier (Breaking Defense) "Electronic warfare is a weapon," fumed Col. Joe Dupont. But as the Army's project manager for EW programs — and its recently declassified offensive cyber division — Dupont faces an uphill battle against tight budgets and Army culture to make that case

Litigation, Investigation, and Law Enforcement

Two spy suspects arrested in Warsaw (Polskie Radio) A civilian and a Polish army officer have been arrested under suspicion of spying for a foreign state, with unofficial reports suggesting Russian espionage is involved

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place,' FBI Director Says (Threatpost) FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals

Privacy International Files Criminal Complaint Against FinFisher Spyware Company (HackRead) Spying on people through malware has become the order of the day. Numerous stories surface on privacy intrusions, either through government intelligence agencies or hackers or private institutions; security on online platform is indeed a myth

Cybercrime statistics offer a glimpse into the underworld (We Live Security) National cybercrime statistics from Canadian police forces have offered a unique insight into how cybercrime affects a large population — including the damage it causes, and how often the perpetrators are brought to justice

A.G. Schneiderman Announces Multi-state Settlement With TD Bank Over Data Breach (FierceITSecurity) Attorney General Eric T. Schneiderman today announced a multi-state settlement with TD Bank, N.A. that resolves an inquiry into a 2012 data breach in which 1.4 million files were compromised. The $850,000 settlement requires the bank to reform its practices to help ensure that future incidents do not occur. New York State will receive $114,106.11 under the settlement

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Upcoming Events

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.