skip navigation

More signal. Less noise.

Daily briefing.

Two significant cyber campaigns are disclosed. IBM Trusteer has detected a large, highly targeted campaign using Citadel malware against Middle Eastern petrochemical companies. Citadel, designed originally as an evasive form of financial malware, has evolved into a tool capable of use against targets in other sectors.

Bromium has announced its own discovery of a different campaign, this one a waterhole attack designed to infect viewers of a technology startup in the oil and gas sector. The waterhole was established immediately after the startup announced significant new funding; the attackers seem to have believed the news would draw high-value targets.

"Tinybanker" malware, whose source code was leaked in July, is now active against US financial institutions.

The German government is under Wikileaks-driven criticism for its alleged role in fostering or at least tolerating Gamma's development and sale of FinFisher.

Post mortems on the JPMorgan, Home Depot, and Goodwill hacks continue.

An Amazon cross-site-scripting issue is reported and quickly addressed. A Twitter vulnerability to credit card theft is similarly reported and fixed.

A new exploit kit, "Archie," is targeting Adobe and Silverlight vulnerabilities.

Android malware is found using SSL-based evasion techniques.

SANS deplores, in a more-in-sorrow, we-told-you-so mood, cyber criminals' avid purchases of space in new top-level domains (".support," ".club," etc.).

Three stories give reason to think thrice about selling old hardware: children's tablets, smartphones, even servers. They're harder to sanitize than one might think.

Apple has added two-step verification to iCloud. Adobe patches Reader.

US cyber legislation looks unlikely this year.

Notes.

Today's issue includes events affecting Australia, China, European Union, Germany, Iceland, Israel, Japan, Russia, Turkey, United Kingdom, United States.

Dateline Billington Cybersecurity Summit 2014

5th Annual Billington Cybersecurity Summit: Innovations in Cyber Resiliency (Billington CyberSecurity) The 5th Annual Billington Cybersecurity Summit: Innovations in Cyber Resiliency [was] held on Sept. 16 at the Capital Hilton in Washington DC and is the leading Fall forum on cybersecurity

NSA Director Rogers Urges Cyber-Resiliency (Threatpost) In his keynote address at the Billington Cybersecurity Summit, NSA Director and Commander of U.S. Cyber Command, Admiral Mike Rogers, explained that the Defense Department and corporate information security teams must focus on cyber-resiliency rather than total network protection

US bolstering cyber defense with new corps: NSA chief Michael Rogers (Economic Times) The US military is building a new cyber defense corps that can be used to protect the nation and possibly for offensive purposes, the commander of the unit said Tuesday

The National Conversation No One Wants to Have (Billington Cybersecurity Summit 2014) First, an easy risk management problem

Cyber Attacks, Threats, and Vulnerabilities

Massively Distributed Citadel Malware Targets Middle Eastern Petrochemical Organizations (Security Intelligence) Recently, IBM Trusteer researchers identified targeted cyber attacks on several Middle Eastern petrochemical companies. They have identified a campaign in which attackers are using a variant of the evasive Citadel malware. Citadel was originally created for the purpose of stealing money from banks and has been massively distributed on users' PCs around the world

Pirates of the Internetz: The curse of the waterhole (Bromium Labs Call of the Wild Blog) Last week the Bromium Labs team was contacted by a Fortune 1000 customer that detected an interesting attack via one of their installed LAVA sensors. We get such events frequently from our customers; however this attack was a bit different. The attack was a classic waterhole attack targeting potential viewers of a technology startup in the Oil and Gas sector. Interestingly, this attack occurred days after the company announced a sizable funding grant. It's likely that the attackers were expecting more traffic to the website and hoped to increase their chances of a successful infection. The names of the companies involved are redacted and they have confirmed that the infection has been remediated and both have confirmed that no sensitive information was leaked

'Tiny banker' malware targets US financial institutions (Computerworld) Its source code was leaked in July, which may have broadened its use among cybercriminals

Wikileaks releases FinFisher files to highlight government malware abuse (Guardian) Germany has been criticised by the whistleblowing site for failing to block a 'weaponised malware' dealer selling to regimes with poor human rights records

Home Depot Data Hacks Caused By Outdated Information System, Low Security Level, Executives Allegedly Refused To Upgrade Security System (Franchise Herald) Former members of Home Depot's security group revealed that the payment system that the retailer uses was not a system that encrypts data from credit and debit cards. This window could allow potential hackers to take advantage of the customers' data

JP Morgan denies that system blueprints were stolen in June cyber attack (Computing) More details have emerged about the attack on banking giant JP Morgan, which saw sensitive banking systems hacked and details about clients and deals apparently transmitted to systems in Russia

Breach at Goodwill Vendor Lasted 18 Months (Krebs on Security) C&K Systems Inc., a third-party payment vendor blamed for a credit and debit card breach at more than 330 Goodwill locations nationwide, disclosed this week that the intrusion lasted more than 18 months and has impacted at least two other organizations

Amazon.com Stored XSS via Book Metadata (B.FL7.DE) Amazon's Kindle Library, also known as "Manage Your Content and Devices" and "Manage your Kindle", is, at the time of writing, vulnerable to Stored Cross-Site Scripting (XSS) attacks. (Update 2014-09-16: Apparently, Amazon fixed the issue earlier today.) Malicious code can be injected via e-book metadata; for example, an e-book's title

Archie Exploit Kit Targets Adobe, Silverlight Vulnerabilities (Threatpost) A relatively new exploit kit that borrows modules copied from the Metasploit Framework and exploits any older versions of Adobe Flash, Reader and, Silverlight the user may be using has begun to make the rounds

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it (Naked Security) Independent security researcher Rafay Baloch has written about a security bug in the Android Browser app that allows one website to steal data from another

Android Malware Use SSL for Evasion (TrendLabs Security Intelligence Blog) Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are designed to provide a secure, encrypted connection between a client and a server online

AppLock Vulnerability Leaves Configuration Files Open for Exploit (TrendLabs Security Intelligence Blog) We have previously discussed about certain file locker apps that fail to hide files properly

From the Labs: VBA is definitely not dead — in fact, it's undergoing a resurgence (Naked Security) Earlier this year, Principal Researcher at SophosLabs, Gabor Szappanos (Szappi) published an excellent paper, "VBA is not dead", on the re-emergence of Visual Basic code in malicious documents

The Prevalence of Crypto-Ransomware (TrendLabs Security Intelligence Blog) Cryptolocker, a refinement of Ransomware with file-encryption capabilities emerged in the wild last October 2013. It continuously evolves as seen in the inclusion of new tactics and methods to avoid early detection and convinces unsuspecting users to pay the 'ransom' to get their files back

FreeBSD Denial of Service advisory (CVE-2004-0230) (Internet Storm Center) A vulnerability has been discovered by Johnathan Looney at the Juniper SIRT in FreeBSD (base for Junos and many other products) in the way that FreeBSD processes certain TCP packets

https[:]//yourfakebank.support — TLD confusion starts! (Internet Storm Center) Pretty much ever since the new top level domain (TLD) ".biz" went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live

Vulnerability Allows Attacker to Delete Credit Cards from Any Twitter Account (HackRead) An Egyptian security researcher Ahmed Mohamed Hassan Aboul-Ela has found a critical vulnerability in Twitter that allows hacker to delete credit card details from any account

Back-and-Forth with Google Led to Disclosure of Android Browser Flaw (Threatpost) The researcher who originally discovered the same-origin policy bypass in the Android browser said he reported the vulnerability to Google some time ago, but that the company's Android security team said it was unable to reproduce the issue

Why it's a bad idea to sell your child's cheap tablet on eBay (Guardian) Difficulties wiping data could lead to privacy problems including recovery of children's data and passwords

No old iPhone is left behind in this Shenzhen market (IT World) Dealers in Shenzhen are making a business re-selling and refurbishing old iPhones

Man buys old servers, accuses Ernst & Young of data breach (Naked Security) A Canadian who calls himself the owner of a used-computer dealership in Calgary (one that apparently doesn't have a website) says he's sitting on a pile of data for Ernst & Young's customers, stored on servers he bought in 2006

Beware overdue invoice malware attack, wrapped in an .ARJ file! (We Live Security) If you've been messing around with technology for a while, you may remember the good old days of acoustic couplers, ZModem, and Bulletin Board Systems (BBSes)

Security Patches, Mitigations, and Software Updates

Apple adds two-step verification for iCloud, effective immediately (Naked Security) Apple really is listening, and doubly so! The company backed down over the "foistware" U2 album that you recently received via iTunes, like it or not

Adobe Gets Delayed Reader Update Out the Door (Threatpost) Adobe has straightened out issues it spotted during regression testing that caused a Reader and Acrobat update to be postponed last week

Big Batch of Bugs FIxed in Various Versions of IDA (Threatpost) The makers of the popular IDA disassembly and debugging tool have fixed more than a dozen security vulnerabilities in a variety of versions. Some of the vulnerabilities are a couple of years old, and patches are provided for versions from 6.1 up through 6.6

Cyber Trends

M-Payments — New Ways and New Risks in Moving Money (Willis Wire) Electronic payment systems are nothing new. The first electronic payments were made over telegraph wires in the 19th century, hence still referring to 'wire transfers' today

Cyber Risk As Board Room Agenda (Business World) With the high pace growth of Information Technology and now disruptive technologies, in the business world today, cyber risk is a crucial issue for the business leaders

Looking for the Key to Security in the Internet of Things (IEEE Spectrum) As the number of Internet connected-devices in any home skyrockets from a few, to a few dozen, to perhaps even a few hundred — including interconnecting thermostats, appliances, health and fitness monitors and personal accessories like smart watches — security concerns for this emerging Internet of Things (IoT) will skyrocket too

Marketplace

Imagine if Gmail bought Facebook and they were both owned by the president's buddy (Quartz) Mail.ru, Russia's most popular email provider, this morning announced that it has paid $1.47 billion for the 48% that it did not already own of VKontakte, Russia's most popular social network. Mail.ru already owns Odnoklassniki, the second-most popular network. It's as if Gmail (if it were an independent company) were to buy Facebook

Startup Spotlight: Threat Detection Specialist ThetaRay (eSecurity Planet) Israeli security startup ThetaRay promises to detect zero-day attacks, hidden APTs and other threats in seconds by simultaneously analyzing all security and operational data sources

The Security Skills Shortage No One Talks About (InformationWeek) Lack of soft skills in information security is an even bigger problem than the shortage of technical expertise

Products, Services, and Solutions

Cisco unveils threat-focused next-generation firewall (Help Net Security) Cisco introduced a threat-focused Next-Generation Firewall (NGFW). Cisco ASA with FirePOWER Services provides the full contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence, and optimize defenses to protect all networks

Porticor Fosters HIPAA Compliance, Cloud Security (NewsFactor) Porticor®, a leading cloud data security company delivering the only cloud-based key management and data encryption solution that infuses trust into the cloud and keeps cloud data confidential

Biometric security: giving cyber criminals the finger (Finextra) Last week, Barclays committed to a progressive future in banking security with the launch of the Barclays Biometric Reader

Cyveillance Launches Cyber Threat Center for Security, Cyber, and Risk Professionals (PR Newswire) The Cyveillance Cyber Threat Center combines web search, social media monitoring, global intelligence reports, and a suite of investigative tools and databases in an easy-to-use, cloud-based portal

Meet The Next Next-Gen Firewall (Dark Reading) Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times

Spirent Federal's New Proof of Concept Facility Helps Federal Agencies and Integrators Prepare for Offensive and Defensive Security Operations (Herald Online) New facilities offer realistic environments used to demonstrate cyber ops teams to defend assets and attack targets

SurfWatch Labs Announces Availability of Cyber Risk Business Intelligence Application that is Purpose-Built for C-Level Executives and Board Members (InsuranceNewsNet) SurfWatch Labs, a provider of cyber risk intelligence solutions, announced the general availability of SurfWatch C-Suite, an interactive dashboard application designed specifically to give corporate executives and board members the ability to easily and immediately understand cyber risk KPIs

Technologies, Techniques, and Standards

New CVE Naming Convention Could Break Vulnerability Management (Dark Reading) MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014

Testing Security Controls for Logic Based Attacks (CSO) A lot of attention is being focused on cryptography and other security controls being manipulated by attackers who are exploiting poor implementations, lack of maintenance and seemingly unforseen omissions in the controls coding. This can lead to a trusted security control being turned into a weapon of choice. I overheard a group of people discussing software controls testing and the various methods being used, commercial code analysis tools, in-house scripts and test packs and also the ingenuity of pen testing. After a while, the conversation turned to the testing of logic based attacks on security controls and it seemed to be agreed there was nothing you could really do to get ahead of these sophisticated attacks

In Defense Of Passwords (Dark Reading) Long live the password (as long as you use it correctly along with something else)

Avoid Hybrid Cloud Gotchas — Part 1 (Equinix Interconnections) Over the last year, cloud deployments represented one third of our new Equinix business and we expect to see more and more hybrid cloud migrations as this business continues to grow

Avoid Hybrid Cloud Gotchas — Part 2: Data Security (Automated Trader) As the 12 security breaches that shaped history illustrates, information theft was going on long before the birth of Edward Snowden or the cloud. In fact, one of the most famous traitors of the 1600s, England's Guy Fawkes, is the now the face of this century's most infamous and "anonymous" hacker network

Design and Innovation

Internet giants band together to improve open source programs (Help Net Security) A group of companies that includes Facebook, Google, Dropbox, GitHub and Khan Academy has announced a new collaboration that will focus on making open source "easier for everyone"

Research and Development

The Quantum of Cryptography: Australia's Role in New Unbreakable Encryption (Techly) Spies aren't the only ones who need to encrypt data; in an increasingly privacy and security-conscious world, consumers would do well to consider their own cryptography needs

Just how much information can be squeezed from one week of your metadata? (Naked Security) Because of Edward Snowden, we've been hearing a lot about metadata for the past 15 months

Academia

Students Study a Rampant Virus at University Cybersecurity Lab (EdTechMagazine) The new Maine facility provides a closed network for finding defenses against cyberattacks

Legislation, Policy, and Regulation

GDS unveils 'Gov.UK Verify' public services identity assurance scheme (ComputerWeekly) The government's system for proving users' identities when using public services online will be launched under the brand name "Gov.UK Verify"

EU data protection reform threatens NHS record-sharing plans (ComputerWeekly) Proposed changes to European Union (EU) data-sharing legislation could obstruct the NHS' plans for seamless data integration across GP surgeries and hospitals

'You can play with you bitcoins, but you can't pay with them': Russia may ban cryptocurrencies by 2015 (Russia Today) Russia is set to become the latest country to restrict virtual currencies such as Bitcoin, after a top official announced that a law will be passed banning their exchange into real money by next spring due to their use by criminals and terrorists

Privacy, diversity and cybersecurity take center stage in new intel strategy (Washington Times) Director of National Intelligence James R. Clapper will roll out a National Intelligence Strategy this week. This will be the third such document, after reports by John D. Negroponte in 2005 and Dennis C. Blair in 2009

NSA reform bill stalled with Congress headed toward fall recess (IDG via ComputerWorld) Members of Congress are set to leave Washington for an extended fall recess in a few days

The FTC's expanding cybersecurity influence (Fed Scoop) The answer to who is in charge of the federal effort to bolster the nation's cybersecurity posture may not be as difficult to uncover as previously thought

Coming soon: Computer monitoring for highly-cleared contractors (Politico) Federal contracting companies will soon be required to use enhanced computer monitoring techniques on employees that access classified networks, under new Pentagon rules designed to stop the next Edward Snowden or Pvt. Chelsea Manning from making off with intelligence or military secrets

Army investing in Soldiers, civilians to fight war against hackers (Bayonet and Sabre) The commander who oversees the Army's cyber world spoke at the monthly breakfast of the Association of the U.S. Army on the 13th anniversary of 9/11, saying the information technology that company commanders have at their disposal today is equivalent to what a division commander had in 2001

Litigation, Investigation, and Law Enforcement

Google Piles Pressure On Congress With Latest Transparency Report (Forbes) Government requests for user data are still rising, says Google — up 19 percent in the US from six months ago and 250 percent since the company started publishing the figures in 2009

Apple questioned on Watch privacy by state attorney general (Naked Security) Apple WatchApple's calling its new Apple Watch its "most personal device ever"

Double latte with your bogus tax refund? Feds win guilty plea in Detroit scam (Detroit Free Press) Free Wi-Fi at Starbuck's helped produce $1.8 million in bogus tax refunds for some Detroit customers

China's ambassador to Iceland has been allegedly detained for leaking secrets to Japan (Quartz) Chinese ambassador to Iceland Ma Jisheng and his wife, Zhong Yue, have been arrested by Beijing on suspicion of leaking national security secrets to Japan, according to a Chinese-language media report

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures,...

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions,...

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive,...

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology...

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will...

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave...

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel...

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and...

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic...

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and...

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides...

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013...

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical...

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis,...

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Indianapolis SecureWorld (Indianapolis, Indiana, USA, October 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute,...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.