The CyberWire Daily Briefing 08.20.14

Summary

By The CyberWire Staff

In the Levant, Syria's Assad regime intensifies its malware campaigns in pursuit of survival in that country's ongoing civil war. Assad's equally reprehensible opponents in ISIS remain focused on information operations through social media, specializing in atrocity videos — that is, videos of their own atrocities.

Opponents of Israeli attacks on Hamas in Gaza deface the US State of Delaware's Treasury Division websites with anti-Israeli messages.

Dark Reading follows up on "Operation Arachnophobia," a cyber espionage campaign targeting India and attributed to Pakistan's intelligence services.

The Community Health Systems breach appears to have been accomplished through exploitation of the Heartbleed vulnerability, which prompts much comment from observers on what they take to be the lax security standards prevalent in the healthcare sector. Attribution to Chinese operators seems to be holding up, but their motives remain obscure. Some (notably CrowdStrike) take the Angletonian line that the attack is intended to dredge up personal information that can be used to compromise people into spying. Others see it as criminal moonlighting — a side benefit of working for the Chinese government.

Various corners of the security industry weigh in on the Supervalu point-of-sale breach. The emerging consensus is that it's still taking too long to discover such attacks, that PCI compliance is insufficient to security, that the breach was avoidable (Lieberman Software's eponymous Philip Lieberman thinks the CEO should be fired).

Executive and board responsibility for cyber security are much on people's minds at mid-week. Hedge funds in particular seek to evolve satisfactory cyber standards.

Notes.

Today's issue includes events affecting Australia, China, Denmark, European Union, Germany, India, Indonesia, Israel, Kenya, Nigeria, Norway, Pakistan, Palestinian Territories, Russia, Saudi Arabia, Singapore, South Africa, Sweden, Syria, United Kingdom, United Nations, United States

Selected Reading

Cyber Trends

Technology Can Make Lawful Surveillance Both Open and Effective (MIT Technology Review) With cryptography, surveillance processes could be open and preserve privacy without undermining their investigative power

Healthcare IT Expert Questions Current Security Environment (Health Jobs Nationwide) One of the nation's leading experts in healthcare IT has recently written a couple of pieces critical of the status of cyber security within the healthcare industry. Dr. Mansur Hasib, a Capitol College graduate and experienced chief information officer (CIO), does not believe that security issues within healthcare are being given adequate attention from senior executives

Sound the Alarm: Legal Profession Vulnerable to Data Breaches (Willis Wire) The UK's Information Commissioner's Office recently highlighted the risks that barristers and solicitors face when handling personal information — but they apply equally to anyone in the legal profession around the world. The ICO sent out the warning after being notified of 15 breaches in the past three months

Former employees have become 'application menace' new study claims (IT World) Salesforce, PayPal, SharePoint, Facebook, Google Apps

Could sub-Saharan Africa be next cybersecurity hotspot? (FierceITSecurity) When you think of a robust cybersecurity market, you don't usually think sub-Saharan Africa. But that is changing, according to ABI Research

Nearly half of Australian businesses expect an internal security breach: Clearswift (ARN) Security vendor expects concerns about external threats to continue dropping

Singapore Web users 'targeted more heavily' by cybercriminals: Trend Micro (Channel NewsAsia) Local users clicking on malicious URLs increased 128 per cent between April to June, compared to the previous quarter, which indicates that Singaporeans are still "pretty vulnerable to online scams", says the IT security company

Legislation, Policy and Regulation

Australia and Indonesia to resume intelligence co-operation (Financial Times) Australia and Indonesia are close to signing an agreement to end a rift over revelations last year that the Australian security services tapped the phones of President Susilo Bambang Yudhoyono, his wife and close advisers

UK Firms Don’t Think New EU Regulation Will Stop Data Breaches (Infosecurity Magazine) UK organizations are the most pessimistic in Europe about the chances of the forthcoming EU General Data Protection Regulation actually helping to prevent data breaches, with the majority believing the European Commission should consult businesses more, according to Trend Micro

The Truth About Executive Order 12333 (IC on the Record) In the Aug. 14 issue of the New York Times, reporter Charles Savage describes whistleblower actions taken by former State Department employee John Napier Tye. Tye, who was the section chief for Internet freedom in the State Department?s Bureau of Democracy, Human Rights, and Labor before stepping down in April, questioned whether the rules governing certain overseas intelligence surveillance activities adequately protect information that intelligence agencies "incidentally collect" about Americans while targeting the communications of foreign nationals overseas

US: Cybercom Expands Capacity in Defense of Networks, Nation (Eurasia Review) U.S. Cyber Command continues to expand its capabilities and capacity, Navy Adm. Mike Rogers said Aug. 14

Scientists, Not Politicians, Should Regulate NSA Surveillance (Motherboard) The raging public debate over the surveillance state could actually benefit from the expertise of an unsuspecting source, a recent academic article suggests

Government's Response To Snowden? Strip 100,000 Potential Whistleblowers Of Their Security Clearances (Techdirt) Snowden just re-upped for three years in picturesque Russia, a land best known for not being a US military prison. Not exactly ideal, but under the circumstances, not entirely terrible. The government knows where Snowden is (more or less) and many officials have a pretty good idea what they'd like to do to him if he returns, but the NSA is still largely operating on speculation when it comes to what documents Snowden took

Obama Admin. Says Hackers Could Steal Personal Info if They Share Security Practices for Healthcare.Gov (AP via the Blaze) After promising not to withhold government information over "speculative or abstract fears," the Obama administration has concluded it will not publicly disclose federal records that could shed light on the security of the government's health care website because doing so could "potentially" allow hackers to break in

Senator questions airlines' data privacy practices (CSO) Jay Rockefeller raises concerns about airlines collecting and sharing personal information

Products, Services, and Solutions

Syniverse's Enterprise Messaging Services to Authenticate Global Myriad msngr App Users (MarketWatch) Managed connection services provide direct connections for Myriad to top Latin American operators

BitTorrent Aims To Make Chat More Secure With Bleep (IEEE Spectrum) BitTorrent, the company best known for making peer-to-peer software that allows users to download the same file from multiple sources simultaneously, is turning its distributed approach to chat and voice-messaging services, launching a pre-alpha version of the chat service BitTorrent Bleep last week

Facebook's route to becoming a reassurance machine (Ars Technica) The vapid viral content might die. And its death might not be good

Close to all Facebook notification emails encrypted (Threatpost) All that's missing from the organic encrypt the web movement seems to be a hashtag. Otherwise, no one can accuse major web providers of slacking as leading players such as Microsoft and Yahoo, prompted by the Snowden leaks, have made noteworthy leaps in the last 15 months to encrypt everything from keywords to data center links to email services

Symantec Consolidates Nine Norton Products Into One (SecurityWeek) Symantec announced on Monday its intention to replace its nine Norton products with one flagship solution: Norton Security

Townsend Looks to Spread 2FA Far and Wide (IT Jungle) Under normal circumstances, user authentication products don't attract a lot of attention. But thanks to Russian hackers, the Heartbleed vulnerability, and Target's security breach, millions of people are wondering if their passwords are safe (newsflash: they're probably not). With these security fears as a backdrop, Townsend Security is looking to accelerate the adoption of its new IBM i two-factor authentication (2FA) software

Microsoft Goes From Cellar to Stellar in New Antivirus Test (PC Magazine) Many independent antivirus testing labs have taken to calling Microsoft Security Essentials their baseline, separate from the products undergoing testing. If an antivirus can't do better than Microsoft, it's a poor product indeed

BitDefender Antivirus Plus vs. Kaspersky Antivirus: Great News for PC Users (Streetwise Tech) Choosing the best antivirus software is a mind boggling problem. However, having the best software provides you the best protection from getting harmed and damaged by viruses and threats. The increasing number of antivirus software was due to the new generation viruses and threats that are getting stronger as time passes by

HyTrust, Intel Partner to Add Physical Data Security to Cloud (The VAR Guy) Cloud security vendor HyTrust has developed Boundary Tools to secure the physical location of data and applications in public and private clouds using Intel Trusted Execution Technology

Panda Security launches new 2015 consumer line with XMT Smart Engineering engine (ITWeb) Panda Security has announced the launch of its new line of consumer solutions for 2015, boasting Panda's new XMT Smart Engineering engine. The range includes: Panda Global Protection 2015, Panda Internet Security 2015, Panda Antivirus Pro 2015 and Panda Mobile Security 2.0

ThreatTrack Security Partners with Global Convergence Inc. to Distribute Advanced Cyber Threat Solutions (Providence Journal) ThreatTrack Security — a leader in malware protection solutions that identify, stop and remediate advanced threats, targeted attacks and other sophisticated malware designed to evade traditional cyber defenses — today announced that it has partnered with Global Convergence Inc. (GCI) to distribute ThreatSecure, the industry's only advanced threat prevention solution that combines best-in-class detection with powerful automated remediation

Technologies, Techniques, and Standards

Forget Passwords. Now Banks Can Track Your Typing Behavior On Phones (Forbes) Password theft is an ongoing problem. Finger print and voice recognition is still years away. What's a bank to do if it wants to verify the thousands of customers using its mobile app? One way is their behavior — or at least their typing behavior

IPv6: An answer to network vulnerabilities? (FCW) However, the transition to IPv6 isn't strictly for logistical reasons

Identifying and mitigating healthcare IT security risks (Health IT Security) Being proactive in healthcare IT security means picking out risks before incidents occur, not after the fact. But the challenge is that potential risks are spread across a variety of areas within a healthcare organization

Successful strategies to avoid frequent password changes (Help Net Security) 1.2 billion passwords reportedly stolen by Russian hackers. Before that it was Heartbleed

Marketplace

Cybersecurity: How Involved Should Boards Of Directors Be? (InformationWeek) Security audit groups ISACA and IIA weigh in on what role the board of directors should play in an enterprise's cybersecurity strategies

Hedge funds look to codify cybersecurity preparedness as regulators step up scrutiny (FierceFinanceIT) The Securities and Exchange Commission held a round table March 26 to examine cyber security threats to the industry. The following month, the SEC's Office of Compliance Inspections and Examinations issued a risk alert, essentially warning the finance community about the importance of cybersecurity preparedness and outlining the agency's plans to assess the industry's preparedness

Deutsche Bank hires two IT chiefs to tackle control flaws (Financial Times) Deutsche Bank has hired two technology executives as part of an effort to deal with more scrutiny from regulators, including over control failings identified by the Federal Reserve Bank of New York

Huawei does Russian deal (Business-Cloud) High-speed Internet access is something that most governments are struggling to provide. Russian telecommunications supplier Rostelecom has turned to Huawei for help

Cyber security growth could save Sourcefire workers from Cisco layoffs (Baltimore Business Journal) Cisco Systems Inc. won't say whether plans to lay off up to 6,000 employees will affect its Columbia cyber security firm Sourcefire — but the company line is that it views security as an area for growth

iSIGHT Partners Accelerates Momentum With 24 New Enterprise Clients and 80 Percent Year-Over-Year Commercial Revenue Growth (Herald Online) iSIGHT Partners, the experts and unequivocal leader in the rapidly growing cyber threat intelligence market, today announced accelerated momentum and major milestones for the first half of 2014, including

L-3 National Security Solutions Awarded Prime Position On DHS EAGLE II Contract Vehicle (Homeland Security Today) L-3 National Security Solutions has been awarded one of multiple prime positions on the Department of Homeland Security (DHS) Enterprise Acquisition Gateway for Leading Edge Solutions II (EAGLE II) contract vehicle in the Functional Category 1 (FC1) Unrestricted (UNR) track for service delivery

US tech firm Proofpoint to create 94 jobs in Belfast (Irish Times) Invest NI offers more than £600k of support for the new jobs

Toopher Deploys At UT Austin (Texas Tech Pulse) Austin-based Toopher, the online security company headed by Josh Alexander, has scored a big win at the University of Texas at Austin

CYREN Names Michael Myshrall as Chief Financial Officer (MarketWatch) CYREN CYRN, -2.10% today announced the appointment of Michael Myshrall to the permanent role of Chief Financial Officer. Myshrall has served as interim CFO since March

Research and Development

This Android Shield Could Encrypt Apps So Invisibly You Forget It?s There (Wired) In the post-Snowden era, everyone wants to make encryption easier. Now, one group of researchers has created a tool intended to make it invisible

5 cool new security research breakthroughs (CSO) USENIX Security '14 line-up explores Apple iOS security, Web privacy and more

Security Patches, Mitigations, and Software Updates

Siemens Patches DOS Vulnerability in SIMATIC S& PLC (Threatpost) Siemens released an update for one of its automation systems late last week, patching a denial of service vulnerability in all versions of its SIMATIC S7-1500 CPU prior to V1.6

Cyber Attacks, Threats, and Vulnerabilities

Pro-Syrian Malware Increasing in Number, Complexity (Threatpost) As the civil war in Syria continues, malware targeting those who oppose the embattled regime of Bashar al Assad is increasing in number, organization and sophistication according to a new report from Kaspersky Lab's Global Research and Analysis Team

The Syrian Malware House of Cards (Securelist) The geopolitical conflicts in the Middle East have deepened in the last few years. Syria is no exception, with the crisis there taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle in their favor by exploiting cyber intelligence and using distortion

ISIS reportedly outing Middle Eastern intelligence agents (Fox News) The terrorist group ISIS is actively outing agents from Middle Eastern intelligence services — as many as 30 in the last two months — by posting their pictures and locations on social media, a counterterrorism source told Fox News

These are the stories that journalist James Foley risked his life to tell (Quartz) James Foley, a journalist who disappeared in Syria nearly two years ago, has reportedly been murdered by members of the Islamic State in Iraq and Syria

Delaware's Treasury Division Website Defaced (Softpedia) On Monday, anti-Israel and pro-Palestinian messages appeared all of a sudden on Delaware's treasury division website; hackers took over the website to express their views on the Gaza conflict

Pakistan the Latest Cyberspying Nation (Dark Reading) A look at Operation Arachnophobia, a suspected cyber espionage campaign against India

Hackers Exploited Heartbleed Bug to Steal 4.5 Million Patient Records: Report (SecurityWeek) Earlier this week, Community Health Systems, one of the largest hospital operators in the United States, announced that hackers managed to steal the records of 4.5 million patients

Heartbleed Flaw Used to Bypass Two-factor Authentication, Hijack User Sessions: Mandiant (SecurityWeek) After details of the critical "Heartbleed" vulnerability in OpenSSL emerged earlier this month, which enables attackers to steal sensitive data typically protected by TLS encryption, there has been widespread concern among system administrators, network security teams, software developers and essentially anyone with any technical connection to the Internet

'Chinese crims' snatch 4.5 MILLION patient files from US hospitals (The Register) Don't worry, says Community Health Systems, we're insured

APT Gang Branches Out to Medical Espionage in Community Health Breach (Threatpost) At first blush, the Community Health Systems data breach by Chinese hackers seems to be an anomaly. State-sponsored attackers generally target intellectual property for the purposes of military or economic gain; stealing healthcare credentials and personal patient records seems incongruous

Community Health Systems Breach Atypical For Chinese Hackers (Dark Reading) Publicly traded healthcare organization's stock goes up as breach notifications go out

Reactions to the massive breach at Community Health Systems (Help Net Security) Community Health Systems, a major group that operates 206 hospitals throughout the US, has suffered a massive data breach: personal information of some 4.5 million patients has been stolen from their systems

Healthcare organizations still too lax on security (CSO) Data breach at Community Health is symptom of broader problem, security experts say

Security Researchers: Supervalu PoS Breach 'Completely Avoidable' (Infosecurity Magazine) Late last week, news broke that a possible data breach at various supermarket chains may have affected 1,000 stores across the US, thanks to hackers being able to install malware on point-of-sale (PoS) systems. Considering that this is only the latest large PoS-related data breach to make headlines in the last few weeks, response from the security community has been less than forgiving

Target Breach: By The Numbers (Data Breach Today) Infographic shows impact to company following the incident

Back off my money — PoS malware just keeps on stealing (Cyactive) Backoff, a PoS malware, reused method and code from previous PoS and other malware to steal credit card information from up to 600 US businesses

Bugat Malware Adds GameOver Functionality (Infosecurity Magazine) The GameOver Zeus botnet, disrupted only two months ago by an international joint operation, continues to echo throughout the cybercrime landscape. For instance, IBM X-Force's advanced malware researchers have detected a new variant of the Bugat malware that uses almost identical (and somewhat upgraded) GameOver HTML injections, which is starting to spread throughout the United Kingdom and the Middle East

A Linux Trojan gets ported to Windows (Beta News) While most people consider Linux safe and secure, it isn't always the case. When the bad guys of the internet have a will, they find a way. That's why, back in May of this year, security firm Dr. Web reported a new family of Linux Trojans designed for DDoS attacks

Security Expert Discovers Hole In Satellite Communications (NBC 5 Chicago) Ruben Santamarta says satellite systems are "wide open"

Tumblr: Set to Be Next Malvertising Target? (Infosecurity Magazine) As online users rely more and more heavily on social media to stay up-to-date on current events and to share tips, links and recommendations, hackers have responded in kind with a surge in malvertising. It would appear that Tumblr, the mini-blogging site, is now poised for the next epidemic

Hackers take control of Internet appliances (USA Today via WCNC) The plundering of the Internet of Things has commenced. From a command center in a non-descript high-rise here in the heart of Silicon Valley, security start-up Norse has been gathering shocking evidence of hackers usurping control of Internet-connected appliances, everything from web cams to climate-control systems

Part 2: Is your home network unwittingly contributing to NTP DDOS attacks? (Internet Storm Center) How is it possible that with no port forwarding enabled through the firewall that Internet originated NTP requests were getting past the firewall to the misconfigured NTP server?

Why FISMA is not enough for the Internet of Things (FCW) The cybersecurity vulnerabilities uncovered in a number of the Transportation Security Administration's electronic security and personnel management devices are part of a growing problem for federal IT managers, according to the expert that discovered and reported the flaws

The Administrator of Things (AoT) — A Side Effect of Smartification (TrendLabs Security Intelligence Blog) In an earlier article, we talked about the ongoing smartification of the home — the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more and more devices are added to the homes of the ordinary consumer

New Attack Binds Malware in Parallel to Software Downloads (Threatpost) In order to solve problems — problems such as intelligence agencies or hackers infecting open source software distribution systems with malware — one must first understand how problems may be exploited

Spear Phishing: Do You Know Your Risks? (Bank Info Security) How mobile devices, social media have made hacking easier

Academia

Reading, writing and refactoring: How 7 forward-thinking countries are teaching kids to code (IT World) The importance of knowing how to program is reflected in the increasing number of countries teaching computer science in elementary school

S&T Support of Cyber Competitions Embraces Technology and Cybersecurity (Newswise) From February through April, the cyber equivalent of the NCAA's March Madness played out — keystroke by keystroke — at 180 colleges around the nation. The regional champions gathered at the National Collegiate Cybersecurity Defense Competition (NCCDC) in San Antonio Texas. While only one team emerged with the winner's trophy, everyone walked away with an increased appreciation and understanding of current cybersecurity needs and a preview of emerging technologies

Michigan City High School MCJROTC to Compete in National Youth Cyber Defense Competition (LaPorte County Life) Michigan City High School recently announced its Marine Corps Junior Reserve Officer Training Program (MCJROTC) will participation in the seventh season of CyberPatriot's National Youth Cyber Defense Competition. Beginning in October 2014, cadets will compete against other high schools from across the country. This is the second straight year Michigan City High School will be competing

Litigation, Investigation, and Enforcement

Why global efforts to combat cybercrime are so difficult (Tech Page One) Nations often have different agendas and standards; is Interpol the answer?

Researchers say you can surveil everyone and see only the criminals (Quartz) When a criminal duo labeled the "'High Country Bandits" robbed a series of Arizona and Colorado banks in 2009 and 2010, FBI investigators turned to the owners of local cell phone towers

Hackers Steal $1.65 Million in NXT from BTER Exchange (CoinDesk) According to reports from the NXT community and BTER, a rollback is no longer being actively considered. BTER announced on Twitter that it would seek to retrieve the stolen funds through other means

Ex-Times journalist escapes trial over alleged NightJack email hack (Graham Cluley) If you thought that illegal hacking was just the province of disgraced British tabloid newspapers like The News of the World, think again

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training event and Summit that brings together cyber defense practitioners focused on defensive tactics as opposed to offensive approaches to thwart cyber attackers and prevent intrusions.

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.