skip navigation

More signal. Less noise.

Daily briefing.

ISIS tries to up its opsec game in cyberspace as its sympathizers remain on the offensive (notably against some German sites).

Cyber rioting over Kashmir spreads as the Pakistani side attracts Arab adherents.

Reports suggest that, as China's government tightens censorship and surveillance in Hong Kong, its intelligence services are systematically subverting iPhone security. Observers believe the delay in approving iPhone sales in that country may bought time for the organs to develop and stage exploits. There are also reports of Chinese probes of US utility networks showing up in a Missouri ICS honeypot.

Cyber relations between the US and China remain frosty, as China responds to FBI warnings with tu quoques and stern counsel that the Americans should reflect on their cowboy ways. (But matters stand better with the EU, which has decided not to pursue anti-competitive investigations of Huawei and ZTE.)

Ecuador accuses Colombia of conducting cyber attacks, or at the very least of harboring anti-Ecuadoran hackers.

Researchers warn of an Android binder flaw. Other researchers describe techniques of exfiltrating data via video. US defense companies remain on malvertising alert.

POODLE is now generally thought more lapdog than attack dog (still, a yappy, nippy lapdog that needs muzzling).

Imperva believes it discerns an increase in attacks against Amazon Web Services. ThreatTrack sees the RIG exploit kit using WordPress to drop CryptoWall 2.0.

Many report problems with four of last week's Microsoft patches. Microsoft has pulled one of them.

Insurers warn general liability coverage won't necessarily do for cyber.

Notes.

Today's issue includes events affecting Australia, China, Colombia, Ecuador, European Union, Germany, India, Iraq, Pakistan, Russia, South Africa, Syria, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Isis closes the cyber blackout blinds to avoid attack (Financial Times) When bombs rained down before the internet age, targets pulled curtains shut and dimmed their lights. But for the jihadis of the Islamic State of Iraq and the Levant, Isis, more modern countermeasures apply: stopping tweets and scrubbing metadata

Cyber attack — hackers IS Send messages to German sites (Football Examiner) A hacker group has attacked several German websites and Islamist messages disseminated. Whether the attacks are in fact politically motivated, is unclear

Arab Warriors Team Announces Operation Kashmir (HackRead) After Pakistani hackers, the hackers from Arab world have decided conduct cyber attacks on India, vowing to help Kashmir to be free

China may be hacking every iPhone user in the country (Quartz) Chinese authorities just launched "a malicious attack on Apple" that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports. With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud

Hong Kong's cyber battlefield (Business Spectator) The past weekend saw the Occupy Central movement take a surreal turn, almost mutating into Occupy Tsim Sha Tsui as gangsters swelled the streets of this traditional triad turf and Hong Kongers witnessed sights rarely seen since the Seventies

The Chinese truly are attacking our critical infrastructure (Control) There have been many reports of the Chinese and others attacking our critical infrastructure

Colombia hackers carrying out cyber attacks against Ecuador: Correa (Colombia Reports) President Rafael Correa of Ecuador said Thursday that his government had detected cyber attacks against his administration and the armed forces originating from Colombian territory, according to local media

Binder Flaw Threatens to Blow Apart Android Security (Infosecurity Magazine) Security researchers have warned of a serious security flaw in Android which could potentially leave every device open to attack

APTS Target Victims with Precision, Ephemeral Malvertising (Threatpost) Advanced persistent threat groups are using malvertising in order to compromise the networks of their adversaries in what appears to be an example of high-level, nation-state attackers borrowing tactics from the typically less sophisticated cybercriminal arsenals. Attackers are also borrowing from the corporate marketing world by leveraging a form of high-speed advertisement placement known as "real-time ad-bidding"

In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video (Dark Reading) Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security

Alert (TA14-290A) SSL 3.0 Protocol Vulnerability and POODLE Attack (US-CERT) All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios

Are POODLE Security Fears Barking Up the Wrong Tree? (CIO Today) For all the hoopla over POODLE (Padding Oracle on Download Legacy Encryption) earlier this week, it turns out this security Relevant Products/Services hole may be less bothersome than an overexcited gray-curly-haired dog. That doesn't mean you shouldn't take action

Poodle — a bigger threat in theory (Secunia Blog) There has recently been a lot of attention given to the security issue commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption) against the SSL v3 protocol

Imperva WAAR Report Shows Increase in Attacks on Amazon Web Services (VPN Creative) There is an alarming increase in the number of hacking attempts launched from Amazon's cloud based servers, as shown by the WAAR report by Imperva

Cyberattack at JPMorgan Chase Also Hit Website of Bank's Corporate Race (New York Times) The JPMorgan Chase Corporate Challenge, a series of charitable races held each year in big cities across the world, is one of those feel-good events that bring together professionals from scores of big companies

RIG Exploit Kit Dropping CryptoWall 2.0 (ThreatTrack Security Labs) ThreatTrack Security Labs today observed spammers exploiting vulnerable WordPress links to redirect users to servers hosting the RIG Exploit Kit, which takes advantage of any number of vulnerabilities in unpatched Silverlight, Flash, Java and other applications to drop CryptoWall 2.0

Hordes of cable modems, Web cams, printers can become DDoS launch platforms (NetworkWorld) Advisory: Millions of badly configured, maintained devices are ripe for the picking

Sourcebooks suffers credit card data breach (CSO) It wouldn't be a Friday afternoon without a company sharing that they had suffered a data breach. Normally, I'm the first person to be sympathetic in this type of situation but, I have seen enough of these Friday disclosures that I'm starting to call bull spit on these

Where is Apple Pay Vulnerable? John Sarreal, 41st Parameter Weighs In (PYMNTS) With the forthcoming launch of Apple Pay on October 20th, everyone's favorite topic of conversation is variations on a single questions — how is Apple going to change payments as the world knows it today? For all the conversation, however, there is one element of the discussion that is conspicuously missing — transacting via the browser — online, which as of yet Apple doesn't address

Spike in Malware Attacks on Aging ATMs (KrebsOnSecurity) This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad

Kids a cyber threat to parents' wallets (BusinessTech) 18% of Internet users in South Africa have lost either money or important information as a result of their children's online activity, according to joint research by Kaspersky Lab and B2B International

What a hacker can learn about your life from the coffee shop’s Wi-Fi network (Quartz) We often shift between a phone signal, private internet connections, and public Wi-Fi networks

Bulletin (SB14-293) Vulnerability Summary for the Week of October 13, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

KB2949927 Has Been Pulled (WindowsITPro) UPDATE: Microsoft has now confirmed that the update has been pulled while they investigate the actual problems. The security advisory has been updated to reflect the action

Four more botched Microsoft patches: KB 3000061, KB 2984972, KB 2949927, KB 2995388 (InfoWorld) Windows users are reporting significant problems with four more October Black Tuesday patches

Microsoft Changing Detection of Adware and Browser Modifiers (Threatpost) One of the not-so-great side effects of the transition to virtually everything being done in the Web browser now is that advertisers, attackers and scammers constantly are trying to get their code to run in users' browsers, any way they can. A lot of this is done through extensions and browser objects, some of which modify the browser settings and prevent users from making their own changes

Dropbox Updated For iPhone 6 And 6 Plus, Gains Touch ID Support (TechCrunch) A week after popular file-sharing site Dropbox confirmed user accounts were compromised but denied claims of its own servers being breached, the company has rolled out an update to its iOS application which introduces support for Apple's Touch ID. With this change, iOS 8 users will now have the option to unlock and access their Dropbox accounts using their own fingerprints

PHP has fixed several vulnerabilities allowing remote code execution (E Hacking News) The PHP development team has released new versions in order to fix three security vulnerabilities — one of them is said to be a critical one and leads to remote code execution

Cyber Trends

The impact of disconnected security strategies (Help Net Security) 39% of organizations' IT departments are spending too much time managing their security network and manually tackling threats, according to McAfee

Yet another Proofpoint for Network and Endpoint Security Integration (NetworkWorld) Network/Endpoint integration initiatives gaining traction at advanced organizations driven by threat management and security analyst teams

MSSPs Find Advanced Threat Services, Incident Response Tied To Log Analysis (CRN) Managed security providers say they have finally gotten the message

Internet Of Things Will Turn Networks Inside-Out (InformationWeek) If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today

Fighting the Globalization of Cybercrime (BankInfoSecurity) "Cybercrime as a service" and the globalization of attacks are two of the trends noted by cyber-intelligence firm Group-IB in its third annual High-Tech Crime Report. Now, security firms and law enforcement agencies throughout the world are focused on capturing the leaders behind the organized crime groups believed to be pushing these trends, says Alexander Tushkanov, who leads content protection for Moscow-based Group IB

Average company now compromised every four days, with no end to the cybercrime wave in sight (ZDNet) Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organisations

A hole in the fence: is there a "partial preparedness" to cyberthreats? (Kaspersky Lab) Can a business be "partially" prepared to ward off cyberthreats? It's definitely a subject of debate. Here's our take

Marketplace

Why You Shouldn't Count On General Liability To Cover Cyber Risk (Dark Reading) Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk

Symantec To Face Further Struggles, Could Be Acquisition Target (CRN) Symantec's security portfolio is anchored with a quickly aging endpoint protection suite and a product portfolio that may have too many gaps and little growth potential to enable executives to acquire startups that are demanding a premium, according to analysts with an eye on the financial market and security startups

Sophos aims for unified cloud security nirvana with Mojave acquisition (TechRepublic) With the purchase of Mojave Networks, Sophos seeks to combine cloud security, endpoint security and advanced filtering to deliver hybrid protection for real-time scenarios

Malvern cyber company supplies the Government — and that's official (Shuttle) Malvern technology specialist Deep-Secure has been appointed a supplier of cyber security products to the British government

GSA unveils 'FedRAMP Ready' systems (FCW) The General Services Administration will unveil its newest category for the Federal Risk and Authorization Management Program on Oct. 17, showcasing cloud service providers ready to perform assessments and authorizations with potential agency customers

Products, Services, and Solutions

Mastercard launches first thumbprint biometric card (Guardian) Company says cards will be offered to UK banks, with the first expected to be in wallets this time next year

Telefonica to share cyber intelligence with Microsoft (Telecompaper) Telefonica has bolstered its cyber-security offer with a number of new products and services, including a global strategic agreement with Microsoft to combat digital crime through intelligence sharing

Facebook's new Safety Check lets you tell friends you're safe when disaster strikes (Naked Security) Heads up, all you privacy-hugging Facebook haters!

Industrial Firewall suits operational technology environments (Thomasnet) Combining protection of stateful firewall with intrusion prevention and application visibility and control, Achilles Industrial Next Gen Firewall inspects, secures, and tracks industrial protocol traffic

Technologies, Techniques, and Standards

UK banks urged to share more intel on cyber-threats (SC Magazine) Cyber security and banking experts say that British banks and other financial institutions must share intelligence on threats if they are to beat cyber-criminals and protect critical assets

Managing industrial control system cybersecurity (InsuranceNewsNet) Proper cybersecurity keeps industry running efficiently

Continuous monitoring demystified (TechTarget) A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response

Taking aim at stealthy attacks (GCN) By now you no doubt have heard about SandWorm, the cyberespionage campaign against NATO and other high-value targets, attributed by researchers at iSight Partners to Russian hackers

When Remote Access Becomes Your Enemy (Infosec Island) As convenient as it would be for businesses to have all their IT service providers working on-site, just down the hall, that's not always possible. That's why secure remote access is a component frequently found in the digital toolboxes of service providers that offer maintenance, troubleshooting and support from locations other than where the product or system is being used

Building Ultimate Anonymous Malware Analysis and Reverse Engineering Machine (Coding and Security) In this article, I'll show you my malware analysis environment and setup. I have to say that all software and configurations written in this article are totally my personal preference, this is my configuration and I like it, but please don't hesitate to share your ideas

Facebook Automates Fight Against Hackers (InformationWeek) Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked

Academia

School systems work to develop cyber security curriculum (Augusta Chronicle) Staying abreast of global trends in the digital world, educators in Richmond and Columbia counties are working to create new coursework that will train high school students to protect computer networks from security threats

Legislation, Policy, and Regulation

Cyber warfare needs a 'Geneva Convention': Israel's Space Agency chairman (ChannelNewsAsia) Professor Isaac Ben-Israel, Chairman of the Israel Space Agency and Israel National Council for Research and Development, says it may be years yet before rules governing cyber warfare to make it more "human" can be thrashed out on an international level

China says US must change 'mistaken policies' before deal on cyber security (Guardian) Resuming cyber security cooperation between China and the United States would be difficult because of "mistaken US practices", China's top diplomat has told the secretary of state, John Kerry

Russia's Nuclear Missile Forces Create Cybersecurity Units: Defense Ministry (Atlantic Council) From RIA Novosti: Sopka teams, tasked to detect and prevent cyberattacks, have been created within the Russian Strategic Missile Forces (SMF), the ministry's Strategic Missile Forces spokesman Col. Igor Yegorov told journalists Thursday

Clapper worries about cyber threat from Russia (The Hill) Director of National Intelligence James Clapper said he worries "a lot more about the Russians" over the Chinese when it comes to cybersecurity

U.S. Calls for Limits on Foreign Communication Intercepts (Bloomberg) U.S. intelligence agencies should adopt safeguards that limit how they use information they collect on foreigners, including purging material that isn't relevant to national security after five years, the Office of the Director of National Intelligence said

Interim Progress Report on Implementing PPD-28 (IC on the Record) As the President said in his speech on January 17, 2014, "the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world"

U.S. Data Breach Notification Law Unlikely in 2014 (GovInfoSecurity) With time running out, other legislation takes priority

Obama's Chip and PIN Move Is 'Meaningless,' Analysts Say (American Banker) An executive order signed by President Obama on Friday that mandated the adoption of chip and PIN technology in government cards and enabled its use in facilities like Post Offices is a "meaningless gesture" that smacks of politics over substance

Pentagon Needs to Build Cybersecurity into the Acquisition Process (Nextgov) If you were asked to name one of the most pressing issues facing the Pentagon in the next five years, chances are you wouldn't specify the intersection of cybersecurity, acquisition and the sometimes small but always vital electronic components that make up battlefield systems

Leaked TPP IP Chapter Would Lead To Much Greater Online Surveillance… Because Hollywood Still Hates The Internet (TechDirt) We already wrote a big piece about the latest leaked copy of the Trans Pacific Partnership (TPP) agreement text. However, there were a few additional areas in the leaked text that deserve further scrutiny, so we'll be having a few more posts. One significant concern is how the TPP is likely to lead to much greater surveillance by ISPs on your online surfing habits — all in the name of "copyright" of course

Litigation, Investigation, and Law Enforcement

EU opts not to investigate on China's telecommunications imports (China Daily) Brussels has made final decision on Saturday that it will not launch anti-subsidies investigation on Chinese telecommunications equipment makers Huawei Technologies Co. and ZTE Corp

Exclusive: NSA reviewing deal between official, ex-spy agency head (Reuters via Yahoo! News) The U.S. National Security Agency has launched an internal review of a senior official's part-time work for a private venture started by former NSA director Keith Alexander that raises questions over the blurring of lines between government and business

US government fines Intel's Wind River over crypto exports (Register) New emphasis on encryption as a weapon?

How Microsoft Appointed Itself Sheriff of the Internet (Wired) It was 7 o'clock in the morning when the knocking on Dan Durrer's front door woke him up

Hacker-hunters finger 'Keyser Soze' of Russian underground card sales (Register) Report claims user named 'Rescator' is mastermind

The FBI Director's Evidence Against Encryption is Pathetic (The Intercept) FBI Director James Comey gave a speech Thursday about how cell-phone encryption could lead law enforcement to a "very dark place" where it "misses out" on crucial evidence to nail criminals

Australian spookhaus busted for warrantless tap of own phones (Register) Stop laughing: it also messed up civilian telecoms intercepts and is about to get more powers

Media Companies Republishing Google Right-To-Be-Forgotten Links (SearchEngineLand) Critics on all sides unhappy with RTBF implementation so far

Four online romance scammers jailed — don't get sucked in to Advance Fee Fraud! (Naked Security) Advance Fee Fraud, or AFF, is an age-old scam that goes back at least to the 16th century

Florida court: Come back with a warrant to track suspects via mobile phone (Ars Technica) Florida Supreme Court says drug suspect did not "voluntarily" give up location

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.