skip navigation

More signal. Less noise.

Daily briefing.

Privateers, useful idiots, or intelligence services — take your pick, but F-Secure and others are attributing the BlackEnergy attacks on Ukraine to a Russian operation.

Chinese security services, facing widespread discontent and civil disobedience (particularly in Hong Kong) is using iFrame-based redirection attacks to install remote-access Trojans into the networks of not-for-profits and NGOs active in or around China. (FireEye devotes its customary attention to Chinese cyber ops.) The government is also cracking down on social media in Hong Kong; activists there work to evade censorship and monitoring.

Over the weekend the SANS Internet Storm Center raised its "InfoCon" to "Yellow" in response to the proliferation of Shellshock-exploiting worms and botnets across the Internet. Vendors and hackers are currently engaged in a race to control the holes Shellshock opened, and observers expect this to continue for the foreseeable future. Much advice on mitigating Shellshock risk is on offer, starting with ways of determining how vulnerable your systems may be.

Apple security receives scrutiny, some but not all of it Shellshock-related. The brand is heavily phished, and its latest iOS anti-phone-tracking feature may not work quite as expected.

Trendy social medium Ello sustains a successful denial-of-service attack.

A third-party point-of-sale vendor may be implicated in the recent Jimmy John's breach. Observers advise the vendor's other customers to look to their security.

The US financial sector announces a new collaborative approach to developing threat intelligence product.

Law firms in the UK consider their cyber vulnerability, and also their more general "duty to inform."

Notes.

Today's issue includes events affecting Australia, Canada, China, France, Germany, Laos, Oman, Russia, Turkey, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

BlackEnergy Cyber Attacks Against Ukrainian Government Linked to Russia (International Business Times) A Russian cybercrime gang called Quedagh is behind a persistent cyber-attack against the Ukrainian government that harvested sensitive information

Ruskies use commercial crimeware to mask 'patriotic' Ukraine hacks (Register) Political hack-attacks are being made to look like bread-and-butter financial fleecing scams, according to researcher F-Secure, after watching Russian hacker collective Quedagh's use of the popular BlackEnergy exploit kit

iFrame-based redirection attacks used to monitor Chinese organizations (Security Affairs) Security Experts at FireEye discovered a new malicious campaign which is targeting Chinese organizations with iFrame traffic redirection to serve RAT

Aided Frame, Aided Direction (Because it's a redirect) (FireEye) On September 24 2014, FireEye observed a new strategic web compromise (SWC) campaign that we believe is targeting non-profit organizations and non-governmental organizations (NGO) by hosting iframes on legitimate websites

Amid Crackdowns, Protestors In Hong Kong Take To Tech To Publicize #OccupyCentral and #OccupyHK (TechCrunch) Amid reports of a crackdown by the Chinese Government on social media outlets like Instagram in mainland China to suppress distribution of images of student protests in Hong Kong, the hashtag #OccupyCentral has become one of the top trends on Twitter

Hong Kong has entered a state of mass civil disobedience (Quartz) Tens of thousands of pro-democracy demonstrators are surging through the streets of Hong Kong to protest against Beijing's influence over how the semi-autonomous territory elects its top officials

Arab Twitter users dislike Iran even more than they dislike the US (Quartz) After decades of bombings, invasions, and other military interventions, it's no surprise that attitudes toward the United States are overwhelmingly negative in the Arab world. But according to a recent study, there's at least one country that's less popular than the US in the region — that would be Iran, at least on Twitter

Why We Have Moved to InfoCon:Yellow (Internet Storm Center) At the Storm Center, we are strict and judicious on moving the InfoCon status. We felt, after dialog, that Yellow is warranted in this case as we are seeing signs of worm/botnet activity. This combined with so many systems are impacted [worm], with no signs of letting up [met]

Malicious Shellshock Traffic Invades the Web (Infosecurity Magazine) Security experts are urging firms to patch the Shellshock bug as soon as possible, after spotting a "significant amount" of malicious traffic exploiting the Bash vulnerability made public last week

Bash Bots Waste No Time (AppRiver Blog) It took less than one day after the news was publically released about a major flaw in the bash command line interpreter before a botnet leveraging this flaw, referred to as ShellShock, has been spotted in the wild

Shellshock Exploit Attempts Continue in China (TrendLabs Security Intelligence Blog) It seems like the floodgates have truly opened for Shellshock-related attacks. We have reported on different attacks leveraging the Bash bug vulnerability, ranging from botnet attacks to IRC bots

First Shellshock botnet attacks Akamai, US DoD networks (SC Magazine via IT News) Wopbot on the rampage

Attackers quick to exploit Bash bug, security industry responds quicker (SC Magazine) Attackers moved quickly to exploit the 'Bash Bug,' or Shellshock, security researchers said, but the industry moved quicker, issuing patches after the vulnerability was revealed this week

Attacks against Shellshock continue as updated patches hit the Web (CSO) From Thursday on, several security firms reported a drastic uptick in the number of attacks that leverage the recently disclosed vulnerability in GNU Bash (CVE-2014-6271), widely known as Shellshock

VoIP phone systems at risk of Shellshock Bash attacks (CSO) Companies should check whether their VoIP system's SIP server has the widespread vulnerability

Shellshock: A Technical Report (Trend Micro) On September 24, 2014, Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions, as described in CVE-2014-6271

Still more vulnerabilities in bash? Shellshock becomes whack-a-mole (Ars Technica) Latest patch fixed one test case, but more vulnerabilities remain, say experts

Shellshock Vulnerability: What Mac OS X Users Need to Know (Intego) The vulnerability is called Shellshock, and it has rocked the security industry to its core. A flaw in the "Bash" shell — the command line interpreter for Unix-based systems including Linux and Mac OS X — has sent server administrators scrambling to patch their systems

Bash "Shellshock" bug: Who needs to worry? (Help Net Security) As expected, attackers have begun exploiting the GNU Bash "Shellshock" remote code execution bug (CVE-2014-6271) to compromise systems and infect them with malware

Shellshocked: A Future Of 'Hair On Fire' Bugs (Dark Reading) Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us

Why Shellshock Bug Is Way Nastier Than Heartbleed (eWeek) Expert says that if your operating system is not patched automatically, install an update as soon as possible

The Internet Is Broken, and Shellshock Is Just the Start of Our Woes (Wired) Brian Fox drove from Boston to Santa Barbara, with two tapes stashed in his trunk

5 More Mac Malware Myths and Misconceptions (Intego) There are plenty of myths about malware in general, but Macs especially seem to attract an extra dose of mythos due to a smug sense of invulnerability among the Mac community

Apple suffers more phishing attacks than any other internet company, says new report (Independent) Apple's susceptibility to attacks has come under increased scrutiny after high profile attacks

Ello Users Experience Further Downtime After DDoS Attack (TechCrunch) The suddenly hip social networking site Ello experienced its first major outage today, suffering a Distributed Denial of Service attack that brought it down for approximately 45 minutes. The company says that it was able to fix the issue by blocking the IP addresses responsible for the attack

Nisa is rocked by password thefts (Sunday Times) Preparations for Nisa Retail's annual meeting tomorrow have been disrupted by a damaging leak of members' data

Signature Systems Breach Expands (Krebs On Security) Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving some 216 Jimmy John's sandwich shop locations, now says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants across the country that use its products

Viator breach highlights susceptibility of online payments: CipherCloud (Reseller) Cloud information protection company points to weak encryption as the reason for the intrusion

Beyond Home Depot: Cyberthieves target smaller companies (CNBC) Data breaches at big retailers including Home Depot and Target may be grabbing attention, but mom-and-pop businesses shouldn't feel like they're in the clear. Hackers also have their eye on smaller businesses, according to experts

The Fappening 3: More Nude Photos of Jennifer Lawrence Leaked Online (Hack Read) It seems as if hackers are not happy with the Hollywood celebrities

Bulletin (SB14-272) Vulnerability Summary for the Week of September 22, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

Check Point Protects Customers Against Shellshock (Sys-Con Media) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), the worldwide leader in securing the internet, today announced that it has issued an IPS protection against the GNU Bourne Again Shell (Bash) 'Shellshock' Vulnerability, securing the integrity of its customers' network data

Microsoft exec: 'Windows 9' to be announced next week (PCWorld) Although Microsoft is widely expected to reveal Windows 9 next week, the company is staying tight-lipped on its exact plans for the September 30 press event

Apple's new feature to curb phone tracking won't work if you're actually using your phone (Washington Post) A highly praised privacy function in Apple's latest operating system that is designed to thwart tracking may not be as effective as originally thought, according to a new post from Bhupinder Misra, a principal systems engineer of the WiFi analytics firm AirTight Networks

National Security Agency Locked Out of Apple iPhone (International Business Times) After the release of the iPhone 6 models, the internet is a buzz trying to bring down the product. If it is not the iOS flaws, it is the bendgate or the problems faced with the Touch ID. There is some negative concern or the other regarding these smartphone models

Cyber Trends

US Banks Get Serious on Security Information Sharing (Infosecurity Magazine) The US financial services industry is finally getting tough on cybercrime, with the announcement of a new body to be tasked with developing threat intelligence products

Insurers look to secure digital borders without inhibiting growth (PropertyCasualty360°) Insurers trying to contain cyber risks face a tricky balancing act between the desire to build an impenetrable digital fortress and demands from staff, intermediaries, and consumers for faster and easier data access

Cyber security peer panel: A duty to inform (The Lawyer) The Information Commissioner's Office has intensified its focus on lawyers with respect to data breaches, and mandatory breach notification is on the way

Microsoft's security chief in Nashville: Data security responsibility has moved 'up the chain' (Nashville Business Journal) Bret Arsenault, chief information security officer for Microsoft, has a pretty clear idea of his job's culpability

Q&A: Southeast Asian governments face advanced persistent threats online, says FireEye (Techgoondu) Hardly a week passes these days without news of yet another high-profile cyber attack or a potential loophole being exploited by increasingly sophisticated online criminals

Call for awareness to prevent cyber security frauds (Times of Oman) The Muscat Chapter of the Institute of Chartered Accountants of India (ICAI) organised an information technology seminar at the College of Banking and Financial studies

Marketplace

State IT suppliers face cyber security requirement (Contractor UK) All businesses must from next month meet a cyber security standard if they want to bid for government contracts involving handling information and providing IT services

Maritime Security Market to Grow 8.4% Through 2019 (ExecutiveBiz) A new MarketsandMarkets report forecasts the maritime security market to reach $20.87 billion in value in 2019 at a compound annual growth rate of 8.4 percent over the next five years

Stephane Chazelas: the man who found the web's 'most dangerous' internet security bug (The Age) It was a bug that lurked in software found on hundreds of millions of devices for 21 years, leaving them vulnerable to hackers, who may have known of its existence

Wave Of Selling Hits Stocks; IPO CyberArk Extends Gains (Investor's Business Daily) Buyers were in short supply in early-afternoon trading Thursday as another wave of institutional selling hit the Nasdaq

CyberArk Software: Growth, Growth Prospects And Profits, But Appeal? (Seeking Alpha) CyberArk Software witnessed a very successful public offering this week

Proofpoint Receives Average Recommendation of "Buy" from Brokerages (WKRB) Proofpoint (NASDAQ:PFPT) has been given an average recommendation of "Buy" by the fourteen analysts that are covering the stock, StockRatingsNetwork reports

Duo Security VC round caps season (Crain's Detroit Business) It was a good summer for Dug Song, CEO and co-founder of Duo Security Inc., an Ann Arbor-based, fast-growing provider of highly secure, cloud-based authentication services for companies

Spy Agencies Urge Caution on Phone Deal (New York Times) An obscure federal contract for a company charged with routing millions of phone calls and text messages in the United States has prompted an unusual lobbying battle in which intelligence officials are arguing that the nation's surveillance secrets could be at risk

Cisco tops in security, but McAfee, Fortinet, Check Point make strides (Channel Partners) Cisco once again topped Infonetics Research's "Network and Content Security Vendor Scorecard," which profiles, analyzes and ranks the eight leading global vendors of network and content security solutions. But the Silicon Valley giant better watch its back

We're arriving at the endgame for BlackBerry (Quartz) The BlackBerry was the first truly modern smartphone, the king of Personal Information Management On The Go. But under its modern presentation lurked its most fatal flaw, a software engine that couldn't be adapted to the Smartphone 2.0 era

Symantec Appoint Michael Brown As CEO (ValueWalk) The Mountain View, California-based company have given the interim CEO the job on a permanent basis, marking the end of a six month search

Products, Services, and Solutions

Lookingglass Cyber Solutions Now Available on NETCENTS-2 Contract Vehicle (BusinessWire) Lookingglass expands ability to support U.S. Government through threat intelligence

Symantec gives IT pros a simulated strategy for preventing cyber crimes (Financial Post) When a company is under cyber attack, it may be the first time its security personnel have a chance to do anything that even resembles real-world investigation, or to see what the bad guys are actually up to. That may handicap them in their investigations

Prelert's Machine Learning Analytics to be Included in Alert Logic's Security-as-a-Service (Inside Big Data) Prelert, the anomaly detection company and Alert Logic, a leading provider of Security-as-a-Service solutions for the cloud, has announced an OEM partnership

ESET Announces Remote Administrator Plug-in for Kaseya (Channelnomics) Anti-virus firm ESET has announced the general availability of its Remote Administrator plug-in for Kaseya's Virtual System Administrator (VSA)

Apps to easily encrypt your text messaging and mobile calls (Gizmag) Mobile phone users are becoming more savvy to the potential security risks of standard, unencrypted text messaging and wary of government intrusion into everyday communications

ScoutBot (LANSec) ScoutBot is a must have application for penetration testers who are looking for an easy and inconspicuous way of gathering info on a target's network

Drozer — Security Testing Framework for Android (Ethical Hacking) Unquestionably we can say that Android is one the leading mobile operating system, but nobody is secure; so Android also has vulnerabilities and there are methods to exploit them. Since there are vulnerabilities, so we have a reason to study and fix them. Drozer can make your life easy because it is a framework to test the security of Android OS

MITMF — Framework for Man-in-the-Middle Attacks (SecTechno Blog) MITMF is another framework that can be used for man-in-the-middle attack. the tool is python based and have several plugins that adds more functionality during a penetration test

One way to tell whether incredible news you read online is really true (Quartz) Did you hear the thing about the Florida woman who implanted a third breast in order to be "unattractive to men"? The one who is filming "her daily life in Tampa to show the struggles she faces because of her surgery"?

Technologies, Techniques, and Standards

Shellshock: Vulnerable Systems you may have missed and how to move forward (Internet Storm Center) By now, I hope you are well on your way to patch your Linux systems for the bash code injection vulnerabilities. At this point, you should probably dig a bit deeper and try to find more "hidden" places that may be vulnerable. First of all, a quick list of things that are not vulnerable

How to Mitigate Shellshock Risks (BankInfoSecurity) Security leaders outline response strategies

Shellshock: How to protect your Unix, Linux and Mac servers (ZDNet) The Unix/Linux Bash security hole can be deadly to your servers. Here's what you need to worry about, how to see if you can be attacked, and what to do if your shields are down

Safe from Shellshock: How to protect your home computer from the Bash shell bug (PCWorld) On the surface, the critical "Shellshock" bug revealed this week sounds devastating. By exploiting a bug in the Bash shell command line tool found in Unix-based systems, attackers can run code on your system

Deep Discovery — Alerting you to Shellshock exploits (Trend Micro: Simply Security) Today we are releasing new Deep Discovery rules to detect attacks attempting to exploit the recently exposed Shellshock (CVE-2014-6271 and CVE-2014-7169) vulnerability

What have Bash and Heartbleed Taught Us? (Internet Storm Center) Two significant vulnerabilities affecting a wide range of systems that couldn't be patch fast enough were released in the past few months

When Layers On Layers Of Security Equals LOL Security (Dark Reading) Defense-in-depth is often poorly executed when architecture is not carefully considered

Breach Awareness Made Easy (Dark Reading) What if companies had to disclose breach history in the same way food companies display nutritional information?

My iOS 8 Update-Gate Survival Story (InformationWeek) Like many others, I fell victim to Apple's botched update to iOS 8. Here's how I brought my iPhone back to life

Make your cloud safer: How to enable two-factor authentication for the most popular cloud services (ZDNet) Step-by-step instructions to help you tighten security and dramatically reduce the risk that crucial cloud services will be compromised. If you use a Microsoft or Google account, Office 365, Dropbox, Facebook, or Twitter, keep reading

What Can Open Source Intelligence Tell You about a Threat Actor in 30 Minutes or Less? (Cyveillance) All of us who work in the risk, security, or compliance space would love a crystal ball to predict threats — to know who's trying to attack us, what their motivations are, and what tactics they'll use. In the absence of that, one of your best options to stay proactive and respond to threats quickly is by studying groups or individuals that pose a risk to your organization or industry using Open Source Intelligence (OSINT)

Beyond NERC: best practices for worst-case scenarios (IntelligentUtility) Is your utility compliant with NERC's latest bulk security requirements? Congratulations! Are you fully prepared for all potential risks to your electric grid? If complying with NERC's physical security standards is all you've done, the answer is no

Security of Third-Party Keyboard Apps on Mobile Devices (Lenny Zeltzer on Information Security) Major mobile device platforms allow users to replace built-in keyboard apps with third-party alternatives, which have the potential to capture, leak and misuse the keystroke data they process. Before enabling the apps, their users should understand the security repercussions of third-party keyboards, along with the safeguards implemented by their developers

Research and Development

Harvard researchers take aim at Shellshock-like woes with new scripting language (IT World) The Shill scripting language limits the rights of shell programs to what is necessary to get the job done

Life after server-side flash: What comes next? (Register) Flash suffers from a steadily shorter working life, slower access speed and shorter working life the smaller the actual cells the NAND become

Academia

Are we producing too few or too many science and technology grads? (Ars Technica) According to a new report, the answer is "both"

How do you stop a cyber-criminal? Think like one (CBS) In his lab at the University of Southern Maine, Charles Largay asks his classroom to identify the biggest difference between the Home Depot and Target breaches

Legislation, Policy, and Regulation

U.S., China talk cybersecurity despite military hack attack (Washington Free Beacon via the Washington Times) Chinese officials held closed-door talks in Washington last week with U.S. cybersecurity counterparts despite Beijing's formal cutoff of talks on the subject after the federal indictments of Chinese military hackers

Laos Joins Southeast Asian Neighbors in Imposing Stricter Internet Controls (Global Voices) Laos Prime Minister Thongsing Thammavong has signed a new decree imposing stricter Internet control in the country. Signed last September 16, 2014, the new regulation promotes responsible and "constructive" use of the Internet among Lao netizens

Changes to Australia's security legislation to impact privacy: CipherCloud (ARN) Cloud security company suggests local and international businesses re-evaluate their approach to data

Director of National Intelligence Unveils 2014 National Intelligence Strategy (Small Wars Journal) Director of National Intelligence James R. Clapper unveiled last week the 2014 National Intelligence Strategy — the blueprint that will drive the priorities for the nation's 17 intelligence community (IC) components over the next four years

Litigation, Investigation, and Law Enforcement

Conflict of Interest Argued in Russia Hacking Case (AP via ABC News) A federal judge is set to hear arguments on whether lawyers for the son of a Russian lawmaker charged with hacking into U.S. businesses will be allowed to stay on the case

Crimtrac Acorn system could enable cybercrime reporting by mouse click (Guardian) Police agency will launch website to enable reporting of cybercrime such as cyberbullying and illegal online material

Microsoft Reveals New Information on Government Requests for User Data (China Topix) Computer giant Microsoft on Friday disclosed substantial data about how governments around the world have requested for users' account information in the first half of the year

Using new Corvette's valet-recording tech could be a felony in some states (Ars Technica) GM is sending updated software to make Valet Mode less legally questionable

Child abuser sues Facebook and page admin over allegedly posting his address (Naked Security) A convicted child rapist in Northern Ireland is suing both Facebook and a Facebook page administrator, claiming that the admin posted his exact address to a paedophile-monitoring page

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security...

Upcoming Events

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect...

Indianapolis SecureWorld (Indianapolis, Indiana, USA, October 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute,...

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks...

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics...

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Technology & Cyber Security Day (Hill Air Force Base, Utah, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent...

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing...

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu,...

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes...

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities...

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework...

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia...

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity...

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and...

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North...

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The...

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement...

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications...

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber...

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other...

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while...

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged...

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals...

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin...

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.