skip navigation

More signal. Less noise.

Daily briefing.

ISIS stays on message, burnishing its image through varied information operations.

Local disputes give rise to cyber-rioting in the Balkans and the Caucasus.

Chinese cyber espionage continues apace, with Australian lawyers (whose networks after all contain significant client data, including sensitive business information) noticeably in the crosshairs. Subversion of iCloud in China also continues, and observers note that whoever's responsible has an appetite for login credentials.

"Pawn Storm," which Trend Micro calls "an active economic and political cyber-espionage operation," has a target list strongly suggestive of Russian security services as the guiding intelligence. Further investigation of "Energetic Bear" and "Dragonfly" leads some (like F-Secure) to conclude that pharma and biotech were at least as significant targets as energy, and that the cyber campaign's goal may have been preparation for large-scale economic disruption.

Windows zero-days CVE-2014-6352 and CVE-2014-4114 (Sandworm) continue to be exploited in the wild. (Microsoft has made a Fixit available, and HP urges everyone to install it.)

A new Koler worm variant infests Android systems, spreading by SMS.

Widespread malvertising on many networks — AOL and Yahoo among them — is distributing CryptoWall ransomware.

A remote code execution vulnerability is reported in Cisco's Ironport WSA Telnetd.

NIST issues its Federal cloud roadmap.

The judge presiding over alleged SilkRoad kingpin Ross Ulbricht's trial is subjected to unusually vicious darknet doxing whose stated goal is helping drug cartels to kill her and her family.

Baltimore artist Claire Girodie is commissioned to create a work of art for November's Women in Cyber Security reception.

Notes.

Today's issue includes events affecting Albania, Armenia, Australia, Azerbaijan, Belgium, Chile, China, European Union, Iraq, Poland, Russia, Serbia, Syria, Turkey, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

The Islamic State's media warfare (al Monitor) When Abu Bakr al-Baghadi, the Islamic State's (IS) leader and self-styled caliph, appeared July 4 for the first time in Mosul, a symbolic venue was chosen by those who manage the media strategy of the world's most wanted terrorist group

The Cyber-Attacks And Fears Of Cyber-War To Come (In Serbia) Following the drone and flag incident that plagued what should have been a friendly and peaceful football match, the majority of Serbian news media websites were the victims of a direct distributed denial-of-service (DDoS) attack by hackers apparently working for Albanian interests, causing all but one such media website and associated servers to go offline for hours before being restored

Websites of Azerbaijani Embassies Hacked by Armenian Hackers (HackRead) Armenian hackers from Monte Melkonian Cyber Army (MMCA) are back in action with yet another high-profile hack. This time the group has hacked and defaced the official website of Azerbaijan Association of judges of specialized courts, Azerbaijan Bank training Center, Azerbaijan embassy in Belgium and Poland

Chinese APT groups targeting Australian lawyers (Register) Have a bit of sympathy, people: lawyers hold YOUR data and juicy stuff about big deals

iCloud users in China under attack. But who could be after their passwords? (We Live Security) Earlier this week, an organisation that monitors internet censorship in China reported what appears to have been a concerted effort to steal the login credentials of Apple iCloud users

Operation Pawn Storm: The Red in SEDNIT (TrendLabs Security Intelligence Blog) Pawn Storm is an active economic and political cyber-espionage operation targeting a wide range of entities, mostly those related to the military, governments, and media

Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear (Dark Reading) New research says the compromised companies were suppliers for OEMs that served pharma and biotech

Malware directs stolen documents to Google Drive (Help Net Security) Researchers have uncovered a new type of information-stealing malware that is apparently used in campaigns targeting government agencies and can syphon files from compromised computers to Google Drive

Vulnerability in Microsoft OLE Could Allow Remote Code Execution (Microsoft Security Tech Center) Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed

Attackers Exploiting Windows OLE Zero Day Vulnerability (Threatpost) Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file

CVE-2014-6352 OLE packager vulnerability and a failed patch for SandWorm (HP) A few days ago, Microsoft disclosed a new vulnerability related to the Microsoft Office OLE object (CVE-2014-6352) that looks like a variant of the SandWorm vulnerability (CVE-2014-4114). While the original vulnerability was patched with MS14-060, Microsoft has released a FixIt for this new vulnerability - and we recommend you install it to protect yourself from this attack

New CVE-2014-4114 Attacks Seen One Week After Fix (TrendLabs Security Intelligence Blog) Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), we are still seeing new attacks related to this flaw. These attacks contain a new routine that could prevent detection

Koler worm spreads via SMS, holds phones for ransom (Help Net Security) A new variant of the Android malware Koler now spreads by text message and holds infected users' phones hostage until a ransom is paid

Hackers have violated ticketing system based on NFC in Chile (Security Affairs) Unknowns have hacked the NFC based electronic payment system used in Chile, the "Tarjeta BIP!", spreading an Android hack that allows users to re-charge cards for free

WYSIWYG Editors Could be an Avenue for XSS Attacks, Warns Researcher (Tripwire: the State of Security) Many websites have a WYSIWYG editor. You may not even realise that you are using one, but — if you think about it — chances are that many of the sites that you visit allow you make forum posts, publish blog entries, post private messages, update wiki entries, submit support tickets, create signatures or leave comments

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware (IDG via CSO) Malicious advertisements made their way last week to almost two dozen popular websites and used browser-based exploits to infect computers with CryptoWall, a nasty file-encrypting ransomware program

Alert (TA14-295A) Crypto Ransomware (US-CERT) Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This Alert is the result of Canadian Cyber Incident Response Centre (CCIRC) analysis in coordination with the United States Department of Homeland Security (DHS) to provide further information about crypto ransomware

Cisco Ironport WSA telnetd Remote Code Execution (Packet Storm) The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code. Cisco WSA Virtual appliances have the vulnerable telnetd daemon enabled by default

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability (Internet Storm Center) We received the following vulnerability advisory for a remote code execution vuln identified and reported in Cisco's Ironport WSA Telnetd

Insecure Protocol Puts 1.2M SOHO Devices At Risk (Dark Reading) Enterprises should take care to prohibit NAT-PMP traffic on untrusted network interfaces

Hostile Subdomain Takeover using Heroku/Github/Desk + more (Detectify (h/t Team Cymru)) Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected

Spam Campaign Taking Advantage of Ebola Scare May Lead To Malware Infections (Trustwave SpiderLabs) Cybercriminals have inevitably taken advantage of the publicization of the Ebola virus in the news for several months. We've spotted a couple of malicious spam samples that reference the Ebola virus in the last week. The image below shows an example of one such e-mail purporting to be from the World Health Organization

U.S. government probes medical devices for possible cyber flaws (Reuters) The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers, a senior official at the agency told Reuters

April 911 Outage Affected 3.5 Percent of U.S. Population (Threatpost) In the early hours of April 10, a series of errors led to a massive, multi-state outage in the emergency call management centers (ECMCs) that handle 911 calls in seven geographically dispersed states. The incident originated at an obscure but critical call routing hub in Englewood, Colo., and ended up knocking out the emergency communication infrastructure for more than 11 million citizens

Security Patches, Mitigations, and Software Updates

Microsoft misses Windows bug, hackers slip past patch (Computerworld) Last week's security update 'not robust enough,' say researchers who co-reported flaw

Windows Update drivers bricking USB serial chips beloved of hardware hackers (Ars Technica) The move to combat counterfeit chips leaves hobbyists stuck in the middle

Apple to stop SSL 3.0 support for push notifications soon (IDG via CSO) Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday

Cyber Trends

Cyber Threats: Information vs. Intelligence (Dark Reading) Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?

Open-Source Software Brings Bugs To Web Applications (Dark Reading) An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode

Shellshock & Why EHRs Need Updating (InformationWeek) Nearly half of all security breaches occur in healthcare, and outdated medical records systems make data more vulnerable. An up-to-date EHR system can help solve security concerns, save money, and improve patient care

Think before you share that file (Help Net Security) It's hard to read through the news nowadays without stumbling upon some type of data breach or leak. Recently, Apple's iCloud service has been in the limelight, following the theft and distribution of celebrities' private photos

The Dawn of World War IV: America Under Cyber Attack (Huffington Post) Einstein was wrong. World War IV will not be fought with sticks or rocks. It will be fought with bits and bytes, Trojans and bots, APTs and zero-days — it's already started and we're already losing

Marketplace

Cybersecurity Stock Directory Update for National Cyber Security Awareness Month (PR Newswire) Investorideas.com, a global news source covering leading sectors including cybersecurity releases its updated cybersecurity stock directory for investors following the sector in conjunction with National Cyber Security Awareness Month

A Closer Look at CloudFlare and Incapsula: Next Generation CDN Services (Smart Data Collective) Content delivery networks (CDNs) are online services that were traditionally used to help accelerate the distribution of web content and ensure business continuity

The "Soft and Chewy Centers" That Put Your Data at Risk (MIT Technology Review) A security startup called Illumio launching today has already signed up Yahoo and other large companies that need new ways to protect their data centers

Gartner Positions Wombat Security Technologies as "Leader" in Magic Quadrant for Security Awareness Computer-Based Training Vendors (MarketWired) Wombat Security Technologies (Wombat), a leading provider of cyber security awareness and training solutions, today announced Gartner, Inc. has positioned Wombat as a "Leader" in its 2014 Magic Quadrant for Security Awareness Computer-Based Training Vendors report

Cyber security firm Alert Logic opens in Cardiff (BBC) A US cyber security company is officially opening its European HQ in Cardiff, creating almost 130 jobs

Securonix Appoints Former Bank of America Executive as Chief Scientist to Further Advance the Use of Machine Learning for Cyber and Insider Threat Detection (MarketWired) Securonix today announced the appointment of Igor Baikalov as Chief Scientist to lead the research and analytics division at Securonix

Products, Services, and Solutions

How Apple Pay security controls may mitigate payment card breaches (TechTarget) The newly launched Apple Pay mobile payment system could deliver the most secure shopping experience for U.S. customers yet, though it still may not be perfect

Duo Security announces U2F authentication support (ZDNet) U2F is Universal 2nd Factor, the first FIDO Alliance standard for two-factor authentication. The goal: simple systems to combat phishing and other credential breaches

3eTI's New Cyber Device Improves Security Of Critical Infrastructure (HS Today) As the world continues to become rapidly interconnected, organizations are struggling to develop new technologies fast enough to meet the constantly evolving security concerns accompanying the growth of the Internet of Things. With the vulnerabilities created by wider connectivity, critical infrastructure has become an increasingly attractive target for cyber attackers

ForeScout CounterACT Receives Five-star Rating in SC Magazine Group Test (MarketWatch) CounterACT named top NAC solution and 'Best Buy' for second year in a row

Technologies, Techniques, and Standards

Final NIST cloud roadmap sets 'action plans' for gov't cloud adoption (FierceGovernmentIT) The National Institute of Standards and technology Oct. 21 published a final version of its U.S. Government Cloud Computing Technology Roadmap

Special Publication 500-293: US Government Cloud Computing Technology Roadmap Volume I — High-Priority Requirements to Further USG Agency Cloud Computing Adoption (NIST) The National Institute of Standards and Technology (NIST), consistent with its mission, has a technology leadership role in support of United States Government (USG) secure and effective adoption of the Cloud Computing model to reduce costs and improve services. This role is described in the 2011 Federal Cloud Computing Strategy as "… a central one in defining and advancing standards, and collaborating with USG Agency CIOs, private sector experts, and international bodies to identify and reach consensus on cloud computing technology & standardization priorities"

In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust (Register) Step 1: Don't get owned. Step 2: Use HTTPS. Step 3: … NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website

INSA promoting dialogue on cyber threat intelligence with new white paper, blog, NIST RFI (INSA) Many senior executives and managers are not receiving the right type of cyber intelligence to efficiently and effectively inform their organizations' risk management processes, according to a new white paper published today by the Intelligence and National Security Alliance's Cyber Intelligence Task Force

Operational Cyber Intelligence (INSA) The third white paper in the "Levels Of Cyber Intelligence" series — While much attention has been paid to cyber attacks against organizations of all sizes and from across all sectors, there has been less discussion of how organizations can strengthen their risk management processes in such a diverse and evolving threat climate. Operational cyber intelligence encompasses an understanding of both tactical means — how cyber threats function to disrupt and/or degrade an organization's networks and cyber capabilities — and the broader strategic motivations of potential adversaries

Fight fire with fire: Using speed and sophistication to combat cyber attacks (IT Pro Portal) During a cyber attack, every second counts. While an attack can happen in an instant, it can take months to remove it from an organisation's infrastructure. For some organisations, there can be more attacks in one hour than a well-staffed security team can address in an entire day. That's a big problem

How to defend against brute-force router attacks from Sality malware (TechTarget) The Sality malware has reemerged with new capabilities: brute-forcing passwords on wireless access points. Enterprise threats expert Nick Lewis explains how to

Cloud Security: Shared Responsibility in Action (Trend Micro) Security in the cloud is a shared responsibility. I've written about this before, but with AWS re:Invent right around the corner, now is a good time to explore this idea further and see what the model looks like when applied in production

Design and Innovation

Baltimore Artist, Claire Girodie, Selected to Create New Work for Inaugural Women in Cyber Security Event (Maryland Art Place) Maryland Art Place (MAP), one of the State's leading support organizations for emerging and mid-career artists, announced today that Baltimore artist Claire Girodie was selected for a special commission. Girodie will be creating a new work of art for CyberPoint International's inaugural Women in Cyber Security reception, to be held on November 12th, 2014 in Baltimore's Inner Harbor. Bringing together women from across the region and all different points on the career spectrum, the reception is aimed at creating connections among those working in the academic, government, business and technical arenas of cyber security

Legislation, Policy, and Regulation

EU group: NSA's 'balance' of security, privacy in surveillance sucks (Networkworld) Three SURVEILLE teams of EU-funded experts studied NSA mass surveillance techniques for the purpose of a counter-terrorism investigation and basically found the surveillance 'failed drastically in striking the correct balance between security and privacy'

SURVEILLE Paper Assessing Surveillance in the Context of Preventing a Terrorist Act (European Union via Just Security) SURVEILLE deliverable D2.8 continues the approach pioneered in SURVEILLE deliverable D2.6 for combining technical, legal and ethical assessments for the use of surveillance technology in realistic serious crime scenarios

Where's the NSA reform? Our view (USA TODAY) Despite outcry, government still collects your phone data

Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System (Wired) Senator Ron Wyden thought he knew what was going on

Former NSA chief on cyber attacks: 'We've got to work together' (Fortune) Keith Alexander, the former director of the U.S. National Security Agency, says there ought to be fewer secrets between businesses and government agencies

Key Republican says cyber bill has 80 percent chance of passage (The Hill) House Homeland Security Committee Chairman Michael McCaul (R-Texas) says his cyber information sharing bill has an 80 percent chance of becoming law during Congress's lame-duck session

They're Tracking When You Turn Off the Lights (Wall Street Journal) Municipal Sensor Networks Measure Everything From Air Pollution to Pedestrian Traffic; Building 'a Fitbit for the City'

Mary McCord, Anita Singh, Luke Dembosky Appointed to Leadership Roles at DOJ's Security Org (ExecutiveGov) The U.S. Justice Department has appointed three new executives within the agency's national security division and renamed an internal program for coordinating counterterrorism initiatives

Litigation, Investigation, and Law Enforcement

Judge in Silk Road case gets threatened on Darknet (Ars Technica) "I hope some drug cartel that lost money will murder this lady and her family"

Documentary 'Citizenfour' tracks Edward Snowden's surveillance disclosures (San Jose Mercury News) Many documentaries aim to kick-start environmental movements, reverse death sentences or change legislative policy. But few come with the kind of ambition of the Edward Snowden film "Citizenfour," a movie of grand scope that tells an intimate, personal story about the weighty issue of government surveillance of U.S. citizens

Edward Snowden Said Targeted Surveillance Could've Prevented the Boston Marathon Bombings (BostInno) In a streamed interview at Harvard, Snowden explains how mass surveillance inadvertently led to tragedy

From one in the know: Snowden is a traitor and likely ‘agent of Vladimir Putin’ (World Tribune) Charlie Speight is a retired executive from the National Security Agency, which he joined in 1975. During his time at the NSA, he was a National Intelligence Officer, analyst, watch officer, operational staff officer, interagency liaison, senior editor in the Strategic Communications Directorate, and communications officer for the NSA Director

Hacked and ashamed? C'mon, Brits ? report that cybercrime (Register) Gov.uk campaign: Consumer security led to '£670m losses'

FDA computer network vulnerable to data breaches (FierceHealthIT) Systems don't enforce account lockout, error messages reveal sensitive information and more

Penetration Test of the Food and Drug Administration's Computer Network (Department of Health and Human Services Office of the Inspector General) This report provides an overview of the results of our penetration test of the Food and Drug Administration's (FDA) computer network. It does not include specific details of the vulnerabilities that we identified because of the sensitive nature of the information. We provided more detailed information and recommendations to FDA so that it could address the issues we identified

VA: Hackers Never Siphoned Data out of its Systems (Nextgov) The Department of Veterans Affairs' computer networks and systems remain under constant threat — including from attacks by foreign actors — but no data has been "exfiltrated" as a result of attacks, Stephen Warren, the department's chief information officer said at a media roundtable yesterday

Leader of Team Digi7al sentenced today to serve twenty-four months in federal prison (Office of Inadequate Security) Daniel Trenton Krueger, one of two leaders of the computer hacking group known as Team Digi7al, was sentenced today to serve twenty-four months in federal prison for hacking the U.S. Navy, National Geospatial-Intelligence Agency, and over 50 public and private computer systems, U.S. Attorney Danny C. Williams Sr. announced

NOAA National Weather Service Employee Indicted for Allegedly Downloading Restricted Government Files (FBI Cinncinnati Division) Xiafen "Sherry" Chen, 59, of Wilmington, Ohio, was indicted in U.S. District Court for allegedly accessing restricted U.S. Government files. Chen is a hydrologist currently employed at the National Oceanic and Atmospheric Administration's (NOAA) facility located in Wilmington, Ohio

Seattleland: 'Kidnapped' Russian Hacker Facing New Charges (Seattle Weekly) On the humid morning of July 5, 30-year-old Roman Seleznev was passing through security screening at Malé International Airport in the Maldives, about 400 miles southwest of India in the Indian Ocean, when he was asked to step out of the line

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase...

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources...

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online...

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When...

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring...

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build...

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday,...

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates...

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users...

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges...

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the...

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society,...

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code...

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest...

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive...

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in...

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research...

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows...

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective...

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important...

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused...

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial...

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.