The CyberWire Daily Briefing 08.22.14

Summary

By The CyberWire Staff

Observers note the downside of blocking barbarism on social media. In a dilemma familiar to targeteers, when you jam adversaries, you forego an opportunity to collect against them. Some believe Western intelligence services are seeing an instance of this is Twitter's (understandable) suspension of ISIS accounts.

Hacking groups operating out of Syria, Lebanon, and Russia escalate cyber operations in Syria's civil war.

Community Health Services networks may indeed have had a Heartbleed issue, but reports say they had other problems as well, among them: Asprox, Kelihos, Conficker, Ramdo, Sality, and GamoverZeus. The FBI has issued a general hacking alert to the US healthcare sector.

The UPS point-of-sale breach post mortem continues, with UPS receiving generally positive reviews for its swift containment of the problem.

Krebs reports on the state-of-the-art in hard-to-detect ATM card skimmers — they're small and slender.

Researchers haul up a fresh catch of mobile vulnerabilities: malicious apps, expensive involuntary calls, in-app payment holes, etc.

Palo Alto's CSO offers perspective on the CSO's evolving role.

Frost and Sullivan's analysts forecast a surge in the denial-of-service mitigation market.

Colleges and universities, studies suggest, are particularly vulnerable to data breaches.

An academic study sheds light on the Chinese government's censorship goals and techniques.

Someone claiming responsibility for the recent attack on Gamma that exposed FinFisher details offers a "how-to" guide to the attack. Caveat lector, except for the following: "This is illegal, so you'll need to take same basic precautions." We would add that the basic precaution should be, "just don't."

Notes.

Today's issue includes events affecting Brazil, China, European Union, India, Lebanon, Mexico, Pakistan, Peru, Russia, Syria, United Kingdom, United States

Selected Reading

Cyber Trends

Hacker Or Military? Best Of Both In Cyber Security (Dark Reading) How radically different approaches play out across the security industry

How the role of the CSO is changing (Help Net Security) Since Steve Katz became the first CISO back in 1996, both business leaders and the security industry in general have been thinking and rethinking the need for such a person and the responsibilities that he or she should have

Brazil, Peru and Mexico rampant with malware attacks in 1H14 (BNAmericas) Brazil, Peru and Mexico saw the highest number of cyber attacks in Latin America in 1H14, especially during the World Cup, according to Russian IT security specialist Kaspersky Lab

Legislation, Policy and Regulation

Reverse-engineering censorship in China: Randomized experimentation and participant observation (Science) Existing research on the extensive Chinese censorship organization uses observational methods with well-known limitations. We conducted the first large-scale experimental study of censorship by creating accounts on numerous social media sites, randomly submitting different texts, and observing from a worldwide network of computers which texts were censored and which were not

Can Cyber Security Legislation Save the EU? (IT Governance) The fact is, the EU is not universally popular with the voters. Even the UK's rising star and media-magnet politician, Boris Johnson, has said that the UK Should Not Fear EU Exit — and he's always on the money when it comes to the voters. Ordinary people are sensing their new political power

DISA to undergo cyber-focused restructure (Federal Times) Defense Department officials are considering a reorganization at Fort Meade, Maryland, that could restructure the Defense Information Systems Agency and other cybersecurity-focused military offices in a bid to better defend DoD networks

Products, Services, and Solutions

AWS Achieves DoD Authorization for Sensitive Workloads (ExecutiveGov) Amazon Web Services has attained a provisional authorization from the Defense Department to help defense agencies process workloads in an AWS cloud platform

CBP, Maryland Prisons Look to Industy for Cellular Phone Protective Technology (SIGNAL) U.S. border patrol agents watched on surveillance videos as suspected drug smugglers chatted on cellular phones. But when agents sought phone records for investigations into the suspected nefarious activity along the Texas-Mexico divide, commercial service providers came up empty-handed. There simply were no logs. How were the smugglers evading commercial providers?

Aorato's directory services application firewall protects Active Directory from attack and abuse (NetworkWorld) The threat landscape has been shifting to more dangerous territory, and companies have been deploying more IT security solutions that are purpose-built to protect specific areas of their broad enterprise environment. One such solution brought to market by Aorato earlier this year is a directory services application firewall (DAF)

WatchGuard Firebox T10 review (IT Pro) Is the Firebox T10 the best featured small business security appliance on the market?

Cloud data security strife receives a silver bullet from HyTrust and Intel (V3) Virtualisation and cloud computing are helping companies overcome geographical barriers and establish flexible IT infrastructures without incurring excessive costs. However, as this new wave of IT grows exponentially, so too do concerns over data security and regulations. Step up HyTrust, which hopes to have solved the internal data theft issues and regulation requirements associated with use of the cloud

Bitdefender updates to Add Android Wear Support (Android Headlines) Add another app to the list of Android Wear apps. Bitdefender has just updated their app to be compatible with Android Wear. So what can you do with Bitdefender on your Android Wear smartwatch? well all kinds of things. Here's their full feature list

Android users — Sophos needs you (and you could bag a prize)! (Naked Security) Sophos is looking for beta testers for the new version of Sophos Mobile Security, our free security app for Android

Technologies, Techniques, and Standards

This Dating Site Is Teaching the Internet an Important Lesson About Anonymity (Wired) Online dating site Zoosk is rolling out a new feature that lets users verify the authenticity of profile pictures

Lessons learned from UPS Store breach (CSO) Experts have a long list of suggestions for retailers to avoid security breaches

NIST vetting guide helps in testing mobile apps (Help Net Security) While many mobile device apps such as a calendar or collaboration tools are very handy and can improve productivity, they can also introduce vulnerabilities that can put sensitive data and network resources at risk

Google Says HTTPS Is A Ranking Signal, But It’s Not Really (Search Engine Land) Is it worth it for webmasters to switch to HTTPS in light of Google's recent announcement?

BladeRunner — Adventures in Botnet Tracking (Arbor Networks) This presentation explores the 'adventurous' side of botnet tracking based on ongoing, in-depth research conducted within the world-renowned ASERT team at Arbor Networks

Six Clicks: Two factors are better than one (ZDNet) Time and again we write about security breaches that would have been prevented by two-factor authentication. What are the ways people do this in the real world?

How Blocking BYOD Leads to Shadow IT (CBR) And here's how to deal with the issue

What can we learn from the top 10 biggest data breaches? (Help Net Security) You can't blink these days without hearing about yet another data breach. While some may be suffering from "breach fatigue" and becoming jaded, we argue that it's more important than ever to take cyber threats seriously

ReMASTering Applications by Obfuscating during Compilation (Trail of Bits) In this post, we discuss the creation of a novel software obfuscation toolkit, MAST, implemented in the LLVM compiler and suitable for denying program understanding to even the most well-resourced adversary. Our implementation is inspired by effective obfuscation techniques used by nation-state malware and techniques discussed in academic literature. MAST enables software developers to protect applications with technology developed for offense

Marketplace

Increase in DDoS attack size, frequency will fuel surge in DDoS mitigation market, says Frost (FierceITSecurity) Distributed denial of service, or DDoS, attacks against enterprises are increasing in scale and frequency, prompting firms to invest in purpose-built DDoS mitigation tools

Wanted: Cloud Brokers (InformationWeek) Do you know the ins and outs of cloud software stacks and security? Got the finesse to break through cultural resistance? Then you may have found your next career

Rook Security Earns Spot on Inc. 500 List as One of the Fastest Growing Private Companies in America (BusinessWire) Rook Security, a global IT security provider that offers protection of sensitive data and brand reputation against dynamic emerging threats, today announced that it has earned a spot on the prestigious Inc. 500 list of fastest growing privately-held companies in America. Based in Indianapolis, Indiana, Rook Security achieved 942.3 percent revenue growth between 2010 and 2013

Lastline Secures $10 Million Funding Round (BusinessWire) Lastline, an advanced malware defense platform provider, has raised $10 million from new investors Dell Ventures and Presidio Ventures, as well as existing investors Redpoint Ventures and e.ventures. With the new round of funding, Lastline will continue to focus on serving its rapidly growing, global enterprise customer base as well as new and existing partnerships to improve information security and threat intelligence worldwide

Austin security software maker raises more financing (Austin Business Journal) Toopher Inc., an Austin authentification [sic] software maker, reported raising $790,599 of a planned $815,765 financing

Symantec opens $12m Sydney office (ComputerWorld) Security operations centre expanded as well

Secunia Appoints Jack Wilson as Vice President and General Manager of North America (Broadway World) Secunia, the leading provider of IT security solutions for vulnerability management, today announced the appointment of technology industry veteran Jack Wilson as Vice President and General Manager of North America

Research and Development

DARPA Uses Preteen Gamers to Beta Test Tomorrow's Military Software (Motherboard) Sieg Hall doesn't look like much from the outside. Located at the University of Washington, the building was constructed in the 1960s, when it was a focal point for Vietnam-era antiwar protests. Before renovations were carried out it had become so dilapidated that students had a tradition of taking home chunks of rock off its façade. If I didn't know better, Sieg is just another nondescript computer science building, not a front line in military research and development

Security Patches, Mitigations, and Software Updates

Amazon CloudFront Turns on Perfect Forward Secrecy (Threatpost) Amazon Web Services announced that it has turned on Perfect Forward Secrecy and other SSL improvements for its CloudFront content delivery platform

Dropbox beefs up security of shared links — for business users, at least (Tripwire: the State of Security) Earlier this year, it was discovered that Dropbox users had been unwittingly leaking sensitive information, such as their tax returns and mortgage applications because of the way the file-syncing service handled so-called "Shared Links"

Cyber Attacks, Threats, and Vulnerabilities

Twitter crackdown on terrorist group hampers U.S. intelligence efforts (Washington Times) U.S. counterterrorism officials say Twitter's crackdown on tweets from the Islamic State is complicating efforts to identify the terrorist group's key members and activities by intelligence agencies that increasingly use social media to spy on the militants

Here's The Final Email ISIS Sent To James Foley's Family (Global Post via Business Insider) American journalist James Foley was murdered by Islamic State militants, who on Aug. 19 publicized the killing in a graphic video uploaded to YouTube

Syrian Cyber-Attacks Expose Activists, Firms to Malware Infection (eWeek) Hacking groups operating from Syria, Russia and Lebanon have targeted activists on both sides of the Syrian civil war with malware campaigns, says security firm Kaspersky

Pakistani hacker hacks Indian ruling party BJP's politician L.K Advani website (Hack Read) A Pakistani hacker going with the handle of Muhammad Bilal from Pak Cyber Experts team has hacked and defaced the official website and blog of Lal Krishna Advani, an Indian politician who is a senior leader of the ruling Bharatiya Janata Party (BJP)

FBI issues cyber-attack warning to healthcare providers (Engineering and Technology Magazine) US healthcare companies have been subjected to a series of cyber-attacks targeting patient data and intellectual property information, the FBI has said

More problems emerge on the Community Health Systems network (CSO) Heartbleed was only half the battle

Firms still hemorrhaging from Heartbleed (FierceITSecurity) Although the Heartbleed bug was revealed months ago, it continues to cause security problems for companies

The UPS Store breach — what went wrong and what UPS got right (Naked Security) Data breaches at 51 UPS Stores in two dozen US states have put as many as 100,000 customers at risk of identity theft and credit card fraud, after malware was found on the stores' networks, the company said

UPS data breach: Another one bites the dust (CSO) What can brown do for you? If you're one of the unlucky customers, the answer might be that brown can compromise your credit card information. UPS revealed that it is the latest high-profile company to fall victim to a data breach resulting from a point-of-sale system compromise

UPS the 41st Company Tied to Point-of-Sale Malware in 2014 (HackSurfer) The UPS Store is just the latest in a long string of companies that have been tied to point-of-sale (POS) malware so far this year

Stealthy, Razor Thin ATM Insert Skimmers (Krebs on Security) An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week

Website Add-on Targets Japanese Users, Leads To Exploit Kit (TrendLabs Security Intelligence Blog) In the past few weeks, an exploit kit known as FlashPack has been hitting users in Japan. In order to affect users, this particular exploit kit does not rely on spammed messages or compromised websites: instead, it uses a compromised website add-on

Mobile apps could be abused to make expensive phone calls (IDG via CSO) A security precaution skipped in mobile applications such as Facebook's Messenger could be abused to make an expensive phone call at a victim's expense, a developer contends

Most popular Android apps open users to MITM attacks (Help Net Security) An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing man-in-the-middle (MITM) attacks, and occasionally additional ones, as well

Vulnerability in In-App Payment SDKs May Lead to Phishing (TrendLabs Security Intelligence Blog) Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs — Google Wallet and the Chinese payment platform Alipay — and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 and 3 and Alipay SDK 1.0

Your Anonymous Posts to Secret Aren't Anonymous After All (Wired) White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. "Is that you?" he asks

Critical Delphi and C++Builder VCL library bug found (Help Net Security) A buffer overflow vulnerability that could be exploited to execute malicious code has been discovered in the Visual Component Library (VCL) library of Embarcadero's Delphi and C++Builder application development environments, and could, therefore, also affect applications that were built by using the software and that use the affected library

A DIY Guide for those without the patience to wait for whistleblowers (Hack Back) I'm not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I'm writing this to demystify hacking, to show how simple it is, and to hopefully inform and inspire you to go out and hack sh*t. If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request

Academia

Colleges and universities among highest risk for data breaches (FierceCIO) While retailers and healthcare organizations have dominated much of the data breach media attention in recent weeks, a new study finds that the nation's colleges and universities are at even greater risk for cyberattacks

Summer program at NYU Poly teaches cybersecurity to young women (Technical.ly Boston) NYU Poly wants more women in the digital security industry. Its summer program for high school-age girls looks to expose them to cybersecurity skills, and potential careers

Litigation, Investigation, and Enforcement

FBI Probing Reported Theft of 1.2 Billion Passwords by Russian Hackers (NDTV) The U.S. Federal Bureau of Investigation is investigating a report by a US cyber-security firm that it uncovered some 1.2 billion Internet logins and passwords amassed by a Russian crime ring, the largest known collection of such stolen data

FTC Approves Final Orders Settling Charges Against Fandango and Credit Karma (FierceITSecurity) Following a public comment period, the Federal Trade Commission has approved final orders settling charges against Fandango, Inc. and Credit Karma, Inc

Kaspersky Lab Partners London Police To Tackle Cyber Crime (TechWeekEurope) Kaspersky Lab to help train the City of London Police on how to tackle the growing cybercrime menace

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

upcoming Events

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.