skip navigation

More signal. Less noise.

Daily briefing.

An internecine Islamist information war brews in the subcontinent: al Qaeda launches an Indian branch in a bid to recover leadership from its more radical competitor ISIS.

JPMorgan internal investigations find the bank's stolen data were exfiltrated to servers in Russia. Investment analysts worry that reputational damage will spread beyond JPMorgan Chase to financial ETFs.

The officially still-potential Home Depot breach moves so close to confirmed actuality as to make no difference. The retailer's hired Symantec to mitigate whatever's potentially gone on; it's also offered customers credit protection services. Observers suspect Backoff point-of-sale malware behind the incident.

Goodwill, the eleemosynary used-article retailer, seems to have been the victim of Rawpos, a less-capable Backoff competitor.

Apple, reeling from the iCloud selfie leak, announces steps to improve its cloud's security. The unidentified hacker skates on thin ice, anonymously crowing about the months (and skillz) needed to pull off the theft — once identified, he/she/they will receive lots of police attention. Elcomsoft acknowledges that pirate versions of its password-cracking forensic tool, widely suspected in the iCloud hack, circulate in criminal markets.

In the US, Healthcare.gov acknowledges a successful hack, but says no data were lost. Observers see a configuration error at the root of the incident; some say malware was installed.

FireEye discovers an OSX version of APT backdoor XSLCmd (the work of "GREF"). Netresec finds a man-in-the-middle campaign running between Chinese universities and Google.

Congratulations to the National Cyber Security Hall of Fame class of 2014: Mssrs. Bellovin, Cerf, Kocher, Clarke, and Zimmermann.

Notes.

Today's issue includes events affecting Brazil, China, Colombia, Estonia, India, Iraq, Russia, Sweden, Syria, United Kingdom, United States.

Looking forward two weeks, remember that the CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events.

Cyber Attacks, Threats, and Vulnerabilities

India on high alert as Al Qaeda launches local branch (The National) India ordered several provinces to be on increased alert on Thursday in response to Al Qaeda's launch of a new branch in the Indian subcontinent. In a video posted online, Al Qaeda leader Ayman Al Zawahri promised to spread Islamic rule and "raise the flag of jihad" across the Indian subcontinent

Al-Qaeda overshadowed by Islamic State's influence (USA TODAY) Al-Qaeda's call Thursday for a jihad (holy war) in India is the latest sign of how the terror group is battling to stay relevant in the face of the rival Islamic State's savage rampage in Iraq and Syria

Computers for Hire Send JPMorgan Data to Russia (Bloomberg) JPMorgan Chase & Co.'s own investigators have found clues that a global network of computers available for hire by sophisticated criminals was used to reroute data stolen from the bank to a major Russian city, according to people familiar with the probe

Chase Breach Investigation: Any Answers? (BankInfoSecurity) Even an unconfirmed incident can hurt bank's brand

Will Cyber Attack Halt Rally in Financial ETFs? (Zacks) After a stretch of rough trading, financial stocks showed a strong run-up in their prices last month primarily fuelled by a surge in banking stocks. This is because near-record bank profits in the second quarter, solid loan growth, steadily improving credit quality, litigation settlements, and heightened M&A and IPO activities spread optimism in the broad sector

Mounting evidence points towards Home Depot breach (Help Net Security) Still officially unconfirmed, a Home Depot hack looks increasingly likely to have happened

Home Depot breach a near certainty, yet Backoff remains a question (Ars Technica) Significant link found between retail locations and card owners' zip codes

Home Depot hires Symantec, FishNet to probe data breach (AP via the San Jose Mercury News) Home Depot says it's offering free identity protection services, including credit monitoring, to those customers who might be potentially hurt by a possible data breach at the home improvement chain

Feared Home Depot Breach Sparks More Interest in Backoff PoS Malware (Threatpost) Naturally, early speculation on the malware culprit behind the possible Home Depot data breach has leaned toward Backoff

Goodwill payment systems compromised (CSO) Just when you might have thought there wasn't anymore staying power in the parade of stories about point of sale systems being hacked we find that even Goodwill isn't immune

BackOff Not To Blame For Goodwill Breach (Dark Reading) Rawpos, a "very low risk" infostealer, is responsible for the compromise of roughly 868,000 credit cards

Apple CEO says iCloud security will be strengthened (IDG via CSO) Apple, still reeling from the nude celebrity photo incident, plans to soon strengthen security around its iCloud storage service, according to CEO Tim Cook in a news report Thursday

Alleged Hacker Behind Massive Leak Of Nude Celebrity Photos Says It Took 'Several Months' To Pull Off (Business Insider) A hacker who says he or she is responsible for uncovering nude photos of more than 100 celebrities including Jennifer Lawrence and Kate Upton says the mobile hit job was plotted by multiple people and took months to pull off

The Russian-made tool that grabs nude selfies from iCloud accounts (IDG via CSO) Elcomsoft said it is aware pirated copies of its Phone Password Breaker software are circulating in the underground

Celeb nude photos now being used as bait by Internet criminals (Ars Technica) Tweets with fake links to #JLaw photos revive oldest trick in Web malware book

Brazilian, U.S. Web Users Targeted by Router-Hacking Group (eWeek) Criminals use Javascript to brute-force guess a user's router password, change DNS settings and redirect victims to a banking scam

Hacker Breached HealthCare.gov Insurance Site (Wall Street Journal) A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials. Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said

Hacker breached HealthCare.gov website, planted malware on "ObamaCare" (Graham Cluley) The Wall Street Journal is reporting that a hacker managed to break into the US Government's HealthCare.gov health insurance comparison website in July, and managed to implant malware

Cyber-hoodlum tripped, fell, landed in Obama's Healthcare.gov server (The Register) That's exactly how it happened, honest, says US govt, and no medical records stolen

Configuration errors lead to HealthCare.gov breach (CSO) HHS confirms server breach, but says that personal information was not compromised

OS X version of Windows backdoor spotted (Help Net Security) A recently discovered backdoor aimed at Mac computers is likely wielded by a long-standing APT group that has previously been known to target US defense firms and organizations, electronics and engineering companies around the world, and non-government organizations with interests in Asia, say FireEye researchers

Forced to Adapt: XSLCmd Backdoor Now on OS X (FireEye Blog) FireEye Labs recently discovered a previously unknown variant of the APT backdoor XSLCmd — OSX.XSLCmd — which is designed to compromise Apple OS X systems. This backdoor shares a significant portion of its code with the Windows-based version of the XSLCmd backdoor that has been around since at least 2009

Analysis of Chinese MITM on Google (Netresec Blog) The Chinese are running a MITM attack on SSL encrypted traffic between Chinese universities and Google. We've performed technical analysis of the attack, on request from GreatFire[dot]org, and can confirm that it is a real SSL MITM against www.google[dot]com and that it is being performed from within China

Malware Bypasses Chrome Extension Security Feature (TrendLabs Security Intelligence Blog) Originally created to extend a browser's functionality, browser extensions have become yet another tool for cybercriminals' schemes. Earlier this year, Google has addressed the issue of malicious browser extensions by enforcing a policy that only allows installations if the extensions are hosted in the Chrome Web Store

TorrentLocker now targets UK with Royal Mail phishing (We Live Security) Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims' documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute "package tracking information". In August, only Australians were targeted with fake Australian Post package-tracking page

Are rogue cell towers snooping on your calls? (Tripwire: State of Security) The number of calls made from cell phones every day is absurd. Let's just say it exceeds the population of every country where residents have access to cell phones and be done with it

Security experts weigh in on mystery cell-phone towers (WND) There's been an uproar this week following a Popular Science report that revealed the existence of more than a dozen cell phone-type towers across the United States for which no owner could be located or operator identified

Vulnerability numbers easing but Heartbleed still lingers: IBM (CSO) Despite a spate of high-profile security attacks, the number of new security vulnerabilities is expected to decline this year for the first time since 2011, according to the latest figures from IBM's X-Force managed security team

The roots of 'Anonymous,' the infamous online hacking community (PBS) As online hacking becomes more common, interest in the individuals and groups behind such cyber attacks rises. Hari Sreenivasan speaks with David Kushner of The New Yorker on the origins of one of the most infamous hacking groups, "Anonymous"

5 things you should know about email unsubscribe links before you click (Naked Security) We all get emails we don't want, and cleaning them up can be as easy as clicking 'unsubscribe' at the bottom of the email

Security Patches, Mitigations, and Software Updates

Microsoft Security Bulletin Advance Notification for September 2014 (Microsoft Security TechCenter) This is an advance notification of security bulletins that Microsoft is intending to release on September 9, 2014

Just 4 Bulletins Expected for September Patch Tuesday (Lumension) Microsoft will release 4 bulletins on Patch Tuesday next week; one rated as critical and the remaining three rated important. The light month is good news for otherwise very busy IT departments

Back-to-school Patch Tuesday: Critical updates for Internet Explorer, Adobe Reader (Register) Syadmins, brace yourselves

New Box Security Features Give Companies Far Greater Control Over Documents (TechCrunch) Box made its name being a user-focused company. Ease of use took priority over everything else, and while they've achieved a huge user base in this fashion, a big criticism of the company has been on the security side. It was never secure enough for some IT pros. A series of announcements today at the BoxWorks customer conference should go a long way towards alleviating those concerns

Why is Google sending insecure browsers back in time? (Naked Security) The Google search home page is famously simple and, well, famous

Cyber Trends

Are breaches inevitable? (Computerworld) Security managers have to do a lot more to stay a step ahead of determined hackers

Debate: Data in the cloud is more secure than on premises. (SC Magazine) Experts debate whether data in the cloud is more secure than data that's housed on an organization's premises

Cybersecurity technologies being developed, implemented to advance smart grid, new report says (FierceGovernmentIT) Technologies with built-in cybersecurity functions are in development and in some cases rolling out across the nation's electricity grid as it's being transformed into a smart grid, according to the Energy Department's new status report

The Security Implications of Wearables, Part 1 (TrendLabs Security Intelligence Blog) The Internet of Everything has given rise to new gadget categories in every electronics retailer shop. Smart wearables are rapidly becoming more commonplace than you think. While not everyone has Google Glass, you can bet that a lot of people have fitness trackers and even smart watches

Vulnerable "Smart" Devices Make an Internet of Insecure Things (IEEE Spectrum) According to recent research [PDF], 70 percent of Americans plan to own, in the next five years, at least one smart appliance like an internet-connected refrigerator or thermostat

Internet of Things a Potential Security Disaster (eSecurity Planet) Experts believe the Internet of Things will be highly insecure, at least in the early days

4 Hurdles To Securing The Internet Of Things (Dark Reading) Why locking down even the tiniest embedded devices is a tall order

Growing security threats put focus on CISO role (FierceCIO) This week Home Depot became the latest in the growing list of major organizations that are the apparent targets of cybercriminals. Indeed, cybercrime seems rampart and cyberdefenses appear woefully inadequate. Both of these place greater focus on the need for chief information security officers

Bitcoin, The Cryptography-based Currency Continues To Rely On Banks For Security (Forbes) Reddit's r/bitcoin is a popular forum where BTC enthusiasts shared news links and anti-establishment jokes. The site was so influential among the community that a recent book about Bitcoin called The Anatomy of a Money-like Informational Commodity discussed the viability of using the number of registered members of the forum as a way to gauge the market sentiment

One in Five Massachusetts Residents Breached in 2013 (Threatpost) Roughly one in five Massachusetts residents were affected by a data breach last year, according to numbers released today by the Commonwealth's Office of Consumer Affairs & Business Regulation

Marketplace

This has been a huge year for US IPOs, and it's just warming up (Quartz) Talk of the death of the IPO may be premature

Phoenix's BeyondTrust Software acquired by Veritas Capital (Phoenix Business Journal) BeyondTrust Software Inc., a Phoenix-based cyber security software provider, is being acquired by Veritas Capital for an undisclosed price

Pre-IPO Shareholders Of A10 Networks Could Be Eager To Sell At IPO Lockup Expiration (Seeking Alpha) September 16 will mark the end of the 180 day lockup period on ATEN that began with the application networking technologies firm's March 20 IPO

Construction of New CYBER/ISR Facility (FedBizOps) The 175th Wing, Maryland Air National Guard, located at Warfield Air National Guard Base, Baltimore, Maryland, intends to issue a Request for Proposal (RFP) to award a single firm fixed-price contract for Construction of a CYBER/ISR Facility

Twitter Taps HackerOne To Launch Its Bug Bounty Program (TechCrunch) Following security breaches that have shook confidence in many online services, Twitter today announced the launch of its bug bounty program that will pay security researchers for responsibly reporting threats through HackerOne, a bug bounty program provider. Twitter will pay a minimum of $140 per threat reported

Cyber Security Jobs: They're Secure, They Pay Well And There's Not Much Competition Right Now (redOrbit) If you're like a lot of students who are headed to college, you have no idea what your major should be. Your parents might have some suggestions, but of course, not everyone can be a doctor or a lawyer. One career track that’s hot right now is cyber security. You should expect some rigorous training, but once you're ready, you won't have a hard time finding a job. Plus, the jobs you'll find often pay well, and they're more in demand than many other private sector jobs

Products, Services, and Solutions

For Sale Soon: The World's First Google Glass Detector (Wired) Earlier this summer, Berlin-based artist and coder Julian Oliver released Glasshole.sh, a simple and free piece of software designed to detect Google Glass and boot it from any local Wi-Fi network. That DIY idea, says Oliver, was so popular among Glass's critics that he's now offering his cyborg-foiling hack to the masses in a much more polished form: an easy-to-use commercial product selling for less than $100

A10 Networks Expands DDoS Protection Appliance Range (CRN) The company has launched Thunder 3030S TPS, a dedicated DDoS protection appliance for medium-sized networks with 5-10 Gbps Internet connections

WhiteHat Security Partners with Tasktop to Provide Real-Time Integration with Application Lifecycle Management Tools (Insurance News Net) WhiteHat Security, the web security company, today announced it has partnered with Tasktop, the leader in Application Lifecycle Management (ALM) and software development tools integration, to OEM Tasktop Sync

Prelert Anomaly Detection Released for Big Data Analysis (Programmable Web) Prelert, the anomaly detection company, has announced the release of an Elasticsearch Connector to help developers quickly and easily deploy its machine learning-based Anomaly Detective® engine on their Elasticsearch ELK (Elasticsearch, Logstash, Kibana) stack

Technologies, Techniques, and Standards

Scared of brute force password attacks? Just 'GIVE UP' says Microsoft (Register) Choose simple password, reuse it, ignore password strength meter and pray

Hackers attack Namecheap accounts — are you still reusing passwords? (Hot for Security) Popular domain registrar and web-hosting provider Namecheap has announced that hackers launched a determined attack against its systems over the weekend, attempting to break into users' accounts

Don't get caught with your pants down: 9 ways to not be seen naked on the internet (PCR) The leaking of several Hollywood celebrities' nude photos onto the internet has sparked BitDefender into action — here are its top tips for not being seen naked online

When Authentication Fails, Back Up With Authorization Controls (Trustifier Webworld) I had a chance to meet Brian Shields, an intrusion threat analyst, when he came to Ottawa to participate on a panel discussion of APT at a local security event. Brian had been one of the Nortel investigators quite a few years ago, when it was revealed that much of their network had been breached, supposedly by adversaries from China. The theory that stolen Nortel IP used by a competitor contributed to their demise is fairly well known. After Nortel, Brian continued to investigate network breaches. He and the panel really painted a bleak picture. None of the panelists had any real answers when asked about how to stop "APT" — targeted attacks, outside of best practices, being vigilant, and trying to detect breaches as quickly as possible to contain damage

Phishing Safety: Is HTTPS Enough? (TrendLabs Security Intelligence Blog) It was recently reported that Google would improve the search ranking of HTTPS sites in their search engine. This may encourage website owners to switch from HTTP to HTTPS. Cybercriminals are also taking part in this switch. For example, we recently spotted a case where users searching for the secure version of a gaming site were instead led to a phishing site

Network vulnerabilities IT admins can use to protect their network (Help Net Security) Being able to adapt to change is one of the most important abilities in security today, mostly because attacks to defend against are able to do the same. The sophistication of current threats is mainly seen in their skill to adjust based on the weaknesses of the environment they are targeting

5 tips for security behavior management programs (Help Net Security) Security awareness has long been a point of frustration for information security professionals. While many organizations conduct awareness training of some kind, they have struggled to develop effective training, as posters and knick-knacks urging employees to change passwords frequently have failed to improve their security behavior

Design and Innovation

National Cyber Security Hall of Fame Announces Inductees for the Class of 2014 (National Cyber Security Hall of Fame) Mike Jacobs, Chairman of the selection process of the National Cyber Security Hall of Fame, released the names of 5 innovators who will be enshrined in the Hall of Fame on Thursday, October 30th at a gala at the Four Seasons in Baltimore, MD

Academia

Cyber Security Education: Remove The Limits (InformationWeek) Low-level technical and high-level strategic education must come together to achieve cyber security goals

UK Gov, Rolls-Royce and Teach First join forces for STEM (ComputerWeekly) The government has partnered with Rolls-Royce and Teach First to train 75 new science, technology, engineering and maths (STEM) teachers, announced by the Chancellor of the Exchequer, George Osborne, during his Great British Brands tour

Forum: Higher education a major key to defending U.S. cyberspace (Ames Tribune) Stronger cyber security education for both businesses and consumers could be the key to creating better data protection was the message that came from an Iowa State University symposium on Thursday

One in four Americans with college degrees shouldn't have bothered (Quartz) Roughly 25% of those with bachelor's degrees in the US derive no economic benefit from their diplomas

Reginald Hyde Joins University of Alabama Cyber Institute as Executive Director; Joe Benson Comments (Government Executive) Reginald Hyde, former Defense Department deputy undersecretary for intelligence and security, has joined the University of Alabama's Cyber Institute as executive director

Student benefits from special summer program (Southtown Star) While most college students put their studies on hold when they get a summer job, Illinois Wesleyan University student Tom Simmons was able to continue his academic pursuits and get paid this summer when he became a part of the Eckley Summer Scholar and Artist Program

Legislation, Policy, and Regulation

Holder, spy chief support Senate NSA reform bill (The Hill) Attorney General Eric Holder and Director of National Intelligence James Clapper are lending their support to the Senate's effort to rein in the National Security Agency, a boost for advocates of reform

NSA could learn from police officers' strategy (Milwaukee Journal-Sentinel) Throughout my 15 years in Wisconsin law enforcement, I've learned that the best weapon for fighting crime is good, old-fashioned investigative police work: identifying suspects, chasing down leads, collecting evidence to support those leads

Megan Smith named new Federal CTO, Alexander Macgillivray to assume deputy CTO role (ExecutiveGov) Megan Smith, most recently vice president of the Google X research arm, has been appointed to succeed Todd Park as federal chief technology officer and assistant to President Barack Obama

Colombian Officials to Fight Cybercrime in Eastern Europe (Latin Post) Nine government officials from Colombia are headed to Estonia to learn about cyber defense training, according to Colombia Reports

Litigation, Investigation, and Law Enforcement

Verizon to Pay Largest Ever Consumer Privacy Settlement (Threatpost) Verizon will pay the Federal Communications Commission $7.4 million as part of a settlement over the company's failure to adequately inform and obtain consent from customers before using their personal information to develop thousands of tailored marketing campaigns. Officials say this fine constitutes the largest consumer privacy settlement in FCC history

Google to pay $19,000,000 compensation for taking candy from kids (Naked Security) The US Federal Trade Commission (FTC), which looks after consumer rights in the US, has announced a settlement with Google

Finjan Provides Litigation Update — Proofpoint Motion To Stay Denied (MarketWatch) Finjan Holdings, Inc. FNJN, +0.00% a technology company committed to enabling innovation through the licensing of its intellectual property, today provides an update on the case Finjan, Inc. v. Proofpoint, Inc. et al., Case No. 5:13-cv-05808-BLF

Mass NSA Phone Metadata Collection in Federal Appeals Court Crosshairs (Reason) A trio of judges Tuesday heard the American Civil Liberties Union's challenge that the federal government's mass collection of telephone metadata is unconstitutional

Target says banks can't sue over massive data breach (FierceITSecurity) Target wants a Minnesota federal judge to throw out a consolidated class action lawsuit brought by banks over the retailer's massive data breach. Target argues that the bank plaintiffs cannot sue for negligence because they do not have a direct relationship with Target

FBI offers help to game developers suffering harassment, death threats (Ars Technica) There's been a swell of online harassment, and the authorities have noticed

Celebrity iCloud hacking turns into child abuse case over Maroney pictures (Guardian) Lawyers for US Olympic gymnast demand pictures removed from pornography website, claiming she was under 18 when photos were taken

Celebrity Hacker Could Face Lengthy Prison Sentence If Caught (National Cybersecurity) The person who leaked naked photos of about 100 female celebrities this past weekend, including the actress Jennifer Lawrence and the model Kate Upton, could face an array of criminal charges and dozens of years in prison if caught

Nude celeb selfies doxing prompts 4chan to change policy (Naked Security) 4chan, the slap-happy imageboard that's spawned or popularized internet memes such as Rickrolling and lolcats and more recently served as a launchpad for the doxing of 100 celebrities' nude selfies, has decided to revise its policies to deal with similar foul-ups

Coalition Asks Spyings Effect On Journalism (NetNewsCheck) The Reporters Committee for Freedom of the Press and a coalition of 24 news organizations have asked the Privacy and Civil Liberties Oversight Board to investigate whether national security surveillance programs are compromising journalists' attempts at newsgathering

National security reporter shared drafts with CIA press office, emails reveal (Russia Today) Emails released by The Intercept on Thursday between an American national security reporter and the Central Intelligence Agency's public affairs staff shows the existence of "a closely collaborative relationship," the news site reported

Bitcoin Exchange CEO Pleads Guilty to Enabling Silk Road Drug Deals (Wired) The former CEO of a top Bitcoin exchange and one of his customers pled guilty today in Manhattan on charges relating to operating an unlicensed money exchange that provided Bitcoins to customers buying illegal drugs on the Silk Road

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with...

BalCCon2k14 (Balkan Computer Congress) (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking...

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference...

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has...

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers,...

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander,...

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.