skip navigation

More signal. Less noise.

Daily briefing.

Several updates on China's infiltration of dissidents' sites and devices — essentially the government is conducting a man-in-the-middle campaign.

US office supply retailer Staples has suffered a data breach, has reported it to law enforcement, and is investigating. Banks noticed a pattern of credit card fraud and determined that the common factor was purchases at Staples stores in the US states of New York, New Jersey, and Pennsylvania.

Tiger Security believes it sees a large distributed denial-of-service campaign (probably criminal in origin and motive) originating from China. The Italian security firm has named it "Distributed Dragon." (Bitdefender thinks DDoS has become an increasingly fashionable criminal tool, "the new black.")

The FBI now believes this summer's attack on JPMorgan Chase was a criminal operation, not direct Russian government retaliation against nations sanctioning it for its incursions into Ukraine. That said, the criminals' motive remains unclear, as the expected markers — patterns of fraud, sale of card data on black markets — have yet to appear.

Apple customers, however much they feel their privacy may be enhanced by recent encryption upgrades, are unsettled by the amount of information OS X Yosemite is reporting back to Cupertino.

US and European officials warn of heightened risks to financial transactions. The recent US Executive Order on financial security represents an attempt to get the Government to "lead by example." SIFMA offers some terse, cogent advice on how policy might help financial sector cyber security.

Thoughts, inter alia, on ISIS vulnerability to information operations, from War on the Rocks.

Notes.

Today's issue includes events affecting Australia, China, European Union, Iraq, New Zealand, Philippines, Russia, Syria, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

How About Some Unconventional Warfare? Thoughts on Countering ISIL. (War on the Rocks) The past month's media cycle has certainly articulated the strengths of the Islamic State of Iraq and the Levant (ISIL) as it has expanded control and governance across eastern Syria and western Iraq

China executes MITM attack against iCloud and Microsoft account holders (Help Net Security) China-based Internet users are in danger of getting their iCloud and Windows Live accounts hijacked and all the information in them slurped up by the Chinese authorities, web censorship watchdog Great Fire reported on Monday

Bogus iCloud log-in page fools Chinese Apple users (ITPro) Probably not looking for nude celebs this time

Banks: Credit Card Breach at Staples Stores (KrebsOnSecurity) Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating "a potential issue" and has contacted law enforcement

Staples customers likely the latest victims of credit card breach (Help Net Security) International office supply chain store Staples is likely the latest retailer to have suffered a credit card breach

Staples confirms data breach investigation (CSO) In a statement, company stresses that they're working to resolve the situation

Operation Distributed Dragons, thousands of machine compromised worldwide (Security Affairs) Operation Distributed Dragons — Tiger Security firm has discovered a series of DDoS attacks from China and that appear as run by a structured organization

Distributed Denial of Service in the Cloud or the 'New Black' of cyber-criminals (Bitdefender) Distributed Denial of Service (DDoS) attacks have started to grow in intensity and sophistication as more companies rely on web-based applications for their daily business operations. In the past few months, such attacks have become the weapon-of-choice for cyber criminals in every corner of the world because they hardly ever miss their target(s). Taking the analogy further, I would say that these insidious attacks are as precise and merciless as a DSR-50 riffle is for a trained sniper

Operation DeathClick Targets US Defense Sector (Infosecurity Magazine) When it comes to advanced persistent threats (APTs), bad actors are adding a new weapon to their arsenal: malvertising. One attack, dubbed Operation DeathClick, is a particularly virulent ongoing campaign against US defense companies

Russia ruled out as culprit in Chase cyber security breach, U.S. officials say (Reuters) The Russian government has been ruled out as sponsor of a cyber attack on JPMorgan Chase & Co disclosed in August, U.S. law enforcement officials said on Monday

Cyber-espionage is more difficult to pin to a state than spying in the physical world (The Conversation) Who's in your network, checking out your data? The latest invasive digital creature is Sandworm, a piece of malware discovered to be using a previously unknown Windows vulnerability to infiltrate government networks, spying on systems at NATO, the European Union, the Ukrainian government and others

Officials warn 500 million financial records hacked (USA TODAY) Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building

Targeted Attacks: Stealing Information Through Google Drive (TrendLabs Security Intelligence Blog) Using cloud-based sharing sites is not a new routine for bad guys. Aside from providing free storage for their malicious files, these legitimate sites are used to evade security vendors and researchers

How Can Android Smart Lock Be Attacked? (Infosec Institute) When official details of the new features in Android 5.0 Lollipop were released last week, Android Smart Lock piqued my interest. It's a lock screen controlling feature that uses Bluetooth connectivity between a user's Android 5.0 devices to unlock phone, tablet, and smartphone screens when they're within the broadcast range of another Android 5.0 smartwatch or Android Auto embedded system

Encountering the Wild PUP (Malwarebytes Unpacked) The Internet is full of dangers; threats like malware, phishing attacks, hackers and drive-by exploits are some of the most commonly mentioned

Whisper chief executive answers privacy revelations: 'We're not infallible' (Guardian) The chief executive of the "anonymous" social media app Whisper broke his silence late on Saturday, saying he welcomed the debate sparked by Guardian US revelations about his company's tracking of users and declaring "we realise that we're not infallible"

Bank of England launches investigation into CHAPS system failure (TechWorld) The Bank of England is to launch an independent investigation after a systems glitch forced it to temporarily suspend CHAPS transfers on Monday

9 employee insiders who breached security (ITWorld) These disgruntled employees show what can happen when an employer wrongs them

Security Patches, Mitigations, and Software Updates

Apple pushes out iOS 8.1 — kills the mobile POODLE and closes some, ahem, "backdoors" (Naked Security) Hot on the heels of Apple's OS X Security Update 2014-005 comes iOS 8.1

Mac OS X Yosemite sends location, search data to Apple [Updated] (Ars Technica) Apple reportedly collects location and search data via Mac's Spotlight feature

Cyber Trends

European online transactions under cyber attack, says payment council (ComputerWeekly) European merchants need to pay more attention to securing electronic payments, warns the Payment Card Industry Security Standards Council (PCI SSC)

Are You Protected Against Loss Of Earnings After A Cyber Attack? (Shropshire Live) Reports of a cyber attack on businesses across the world — from SMEs to multi-million pound corporations — surprises no-one in 2014

Cost of Cybercrime in U.S. Reaches $12.7 Million per Organization (eSecurity Planet) The number of cyber attacks per week surged by 176 percent over the past five years, according to the Ponemon Institute

Half of Holiday Shoppers Say They'll Avoid Stores That Got Hacked, Survey Finds (Huffington Post) As another holiday shopping frenzy nears, a new survey suggests that many consumers plan to avoid the growing number of retailers that have been hacked

GCHQ Spokesman Says Cyber Terrorism is 'Not a Concern' (Tripwire: the State of Security) Ever since September 2001, I've been asked by the media about the potential for terrorists to launch a devastating attack via the Internet

The Software Assurance Marketplace: A response to a challenging problem (Help Net Security) With the steady proliferation of wearable devices and the emergence of the Internet of Things, everyone and everything will eventually be connected by some piece of software. The growing reliance on software makes us all vulnerable and susceptible to cyber attacks

Marketplace

Cyber insurance: Worth it, but beware of the exclusions (CSO) Cyber insurance can offset the costs of a major data breach. But experts caution that it can only ease the pain, not eliminate it

Global cloud security market to reach $8.71 billion by 2019 with CAGR 15.7% (WhaTech) Cloud Security is a strong growing market. This market witnessed the growth, particularly after 2010, when majority of organizations started adopting cloud services for cost cutting, agility and flexibility of IT infrastructure. Also, this era experienced the emergence of cloud specific threats

BAE Systems to acquire SilverSky cyber security group (IHS Jane's Defence Industry) BAE Systems announced on 21 October an agreement to purchase commercial cyber services provider Perimeter Internetworking Group (which operates as SilverSky) for USD232.5 million

Products, Services, and Solutions

Some Samsung Mobile Devices Get NSA Approval (Wall Street Journal) Some devices cleared to carry classified information

Senetas Corporation's data encryptors notch NATO certification (ProactiveInvestors Australia) Senetas Corporation (ASX:SEN) should trade higher after its high-speed data encryptors received NATO information security product certification

Vorstack Accelerates Adoption of Threat Intelligence Strategies with 5.0 Launch (Dark Reading) ISAC Members can shorten time to discovery with Vorstack Automation and Collaboration Platform

CounterTack Announces New Release of CounterTack Sentinel (BusinessWire) CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced the general availability of its new version of CounterTack Sentinel

Tenable Incorporates Top Four ASD Strategies in Latest Release of SecurityCenter Continuous View Dashboard (CSO) Tenable Network Security, Inc., the leader in continuous network monitoring, today released the latest version of its SecurityCenter Continuous View™ (SC CV) dashboard

Technologies, Techniques, and Standards

Will new commercial mobile encryption affect BYOD policy? (FCW) While law enforcement is up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility as well

NIST cybersecurity framework needs more guidance on implementation (FierceHealthIT) The National Institute of Standards and Technology's cybersecurity framework would be "more useable and more prescriptive" for healthcare entities if it gave more specific guidance on implementation, according to the Healthcare Information and Management Systems Society's Lee Kim

CSAM Month of False Positives: Ghosts in the Pentest Report (Internet Storm Center) As part of most vulnerability assessments and penetration tests against a website, we almost always run some kind of scanner. Burp (commercial) and ZAP (free from OWASP) are two commonly used scanners

Compliance Is A Start, Not The End (Dark Reading) Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure"

Passwords Not Going Away Any Time Soon (eSecurity Planet) While biometric authentication and other password alternatives abound, traditional passwords remain the go-to method of authentication due to low cost

Forgotten Passwords Cost Companies $200,000 a Year (eSecurity Planet) 'Bottom line, it's time to kill passwords,' says Centrify CEO Tom Kemp

Facebook prowls the internet looking for your password (Naked Security) These days, pilfered logins are falling like autumn leaves (only last week it emerged that thousands of Dropbox logins had been stolen from a third-party service for example)

Defending Against Government Intrusions (GovInfoSecurity) Government intelligence agencies' information security offensive capabilities may far outstrip businesses' collective defenses, but organizations can still tap a variety of techniques to defend themselves against many types of intrusions

How to Stop Apple From Snooping on Your OS X Yosemite Searches (Wired) Today's web users have grudgingly accepted that search terms they type into Google are far from private. But over the weekend, users of Apple's latest operating system discovered OS X Yosemite pushes the limits of data collection tolerance one step further: its desktop search tool Spotlight uploads your search terms in real time to Apple's remote servers, by default

Insider Threats: Breaching The Human Barrier (Dark Reading) A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within

Librarians Are Dedicated to User Privacy. The Tech They Have to Use Is Not. (Slate) Adobe has made it extremely easy for unwanted eyes to read over the shoulders of library patrons. Last week reports surfaced about how Adobe's Digital Editions e-book software collects and transmits information about readers in plain text. That insecure transmission allows the government, corporations, or potential hackers to intercept information about patron reading habits, including book title, author, publisher, subject, description, and every page read

The security challenges of BYOPC (CSO) The advent of Bring Your Own Device (BYOD) was a revolution in the way that employees access corporate resources on their smartphones and tablets and, although initially resisted by IT departments, most organizations now allow employees to use their own smart devices for work. However, for most users, smartphones/tablets are purely consumption devices. For real work users revert to using their PCs, and in most organizations they will need to use Windows

Best practices for moving workloads to the cloud (CSO) With data floating around in the clouds, it is good that you know how to secure it all

Research and Development

Players picked for first federally-funded R&D center for cybersecurity (C4ISR & Networks) With cyber attacks being volleyed at U.S. infrastructure daily, the National Cybersecurity Center of Excellence (NCCoE) has awarded the first federally-funded research and development center (FFRDC) contract designed specifically to enhance the nation's cybersecurity

Academia

2014 CyberPatriot National Youth Cyber Defense Competition Draws More Than 2,100 Teams, Breaks All Time Registration Record (PRNewswire) The Air Force Association announced today that CyberPatriot, the National Youth Cyber Defense Competition, closed out their registration period with more than 2,150 teams hailing from all 50 states, Canada and DoD Dependent Schools in Europe and the Pacific. CyberPatriot is beginning its seventh competition season with a 40 percent increase in total registrations from last year, reaching thousands of students in the United States and beyond

Whatcom Community College plays critical role in nation's cyber defense (Bellingham Herald) FBI Director James Comey recently stated on the television program "60 Minutes" that it is impossible to estimate the economic impact of cyberattacks on the U.S. economy, but it is in the "billions"

How to keep online advertisers away from your kid's grades, detention records, and yearbook photos (Quartz) When it comes to the US public education system, big data is already firmly entrenched. School districts know what your child scored on all her tests, how many days she has been absent from school, whether your income qualifies her for subsidized meals

Legislation, Policy, and Regulation

GCHQ head says agency was 'never involved in mass surveillance' (SC Magazine) Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks"

UK considering imprisoning 'cowardly, venomous trolls' for up to 2 years (Naked Security) A few days after trolls threatened to rape British fitness instructor Chloe Madeley, Justice Secretary Chris Grayling told the Mail on Sunday that sentences for web trolls would be quadrupled to two years in proposed changes to current law

ITU gets underway (FierceGovernmentIT) Representatives from 175 countries will discuss topics such as Internet governance, online security and privacy, and the Internet of Things, as the United Nations' International Telecommunications Union, or ITU, kicked off three weeks of meetings Oct. 20 in Busan, South Korea

36th International Conference of Data Protection and Privacy Commissioners (Executive Committee of the International Conference of Data Protection and Privacy Commissioners) Resolutions adopted

Big Data and Consumer Trust: Progress and Continuing Challenges (US Federal Trade Commission) Remarks Before the International Conference of Data Protection and Privacy Commissioners: Good afternoon. I am pleased to have the opportunity to discuss privacy and big data with this distinguished audience

Executive Order — Improving the Security of Consumer Financial Transactions (The White House Office of the Press Secretary) Given that identity crimes, including credit, debit, and other payment card fraud, continue to be a risk to U.S. economic activity, and given the economic consequences of data breaches, the United States must take further action to enhance the security of data in the financial marketplace

FACT SHEET: Safeguarding Consumers' Financial Security (The White House Office of the Press Secretary) Today, the President is signing a new Executive Order directing the government to lead by example in securing transactions and sensitive data

Banks offer cybersecurity advice to government (The Hill) An influential advocate for banks and financial services on Monday released 10 principles it believes the government should follow when issuing new cybersecurity regulations

'Crypto wars' return to Congress (The Hill) FBI Director James Comey has launched a new "crypto war" by asking Congress to update a two-decade-old law to make sure officials can access information from people's cellphones and other communication devices

Apple, Boyd, and Going Dark (Just Security) Apple's recent announcement that it will encrypt its newest iPhones is again pushing to the fore the question of whether the law should be updated to require companies to have systems that would enable them to comply with court orders for information. In other words, does the law properly balance privacy and security in this area?

Litigation, Investigation, and Law Enforcement

Facebook: Dear DEA, please don't set up fake profiles to trap criminals (Naked Security) Facebook isn't happy with the US Drug Enforcement Administration (DEA)

Task Force Takes 'Whole Government' Approach (FBI) Hackers compromising banking and retail networks to steal consumers' personal information. Foreign actors virtually accessing our trade secrets. Criminal groups lining their pockets by exploiting any online vulnerability they can find. In today's virtual world, it is well known that cyber crime can jeopardize our privacy, our economy, and even our national security. Less well known is an organization — the National Cyber Investigative Joint Task Force (NCIJTF) — that is working around the clock to fight the threat

'LulzSec leader Aush0k' found to be naughty boy not worthy of jail (Register) 15 months home detention leaves egg on feds' faces as they grab for more power

California woman charged with possessing cellphone spyware and using it to intercept law enforcement communications (UPDATED) (PogoWasRight) Kristin Nyunt was charged by information today with two counts of illegal wiretapping and the possession of illegal interception devices, announced United States Attorney Melinda Haag and FBI Special Agent in Charge David J. Johnson

Court orders Kim Dotcom to reveal how much money he has (Ars Technica) It's the second blow to Dotcom's legal team in two days

Hackers make companies' phones call premium-rate numbers, cost them billions (Help Net Security) Attackers hacking into companies' phone network, using it to place mass phone calls to premium-rate telephone numbers is not a new occurrence

Humberside Police 'not prepared' for a large-scale cyber crime attack (Hull Daily Mail) Humberside Police are not prepared to respond to the threat of a large-scale cyber incident, according to a new report

Virginia Police Have Been Secretively Stockpiling Private Phone Records (Wired) While revelations from Edward Snowden about the National Security Agency's massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.