The CyberWire Daily Briefing 08.26.14

Summary

By The CyberWire Staff

Anonymous claims to count coup against Israeli sites with cyber operations supporting Hamas in Gaza.

Apparent ISIS supporters associated with Anonymous are being generally credited with the now-remediated Playstation denial-of-service attack, and also with the bomb threat against a Sony-executive-carrying aircraft.

South Korea's Defense Ministry discovers a cyber campaign against journalists on the defense beat. The MoD attributes the campaign to China.

European automobile manufacturers are currently under cyber attack via phishing of customer service departments — the malicious emails carry an information-stealing Trojan.

Jailbroken iPhones continue to be exploited. An Android side-channel attack could spread to other platforms.

The Kelihos botnet is criminally controlled and no hacktivist tool, but its botmasters are cloaking themselves in Russian patriotism to recruit collaborators in attacks on networks in countries that have imposed sanctions on Russia. (But it remains a criminal enterprise.)

A new variant of GameoverZeus appears in the wild, using, according to Damballa, domain generation algorithms.

In the US, Secret Service warnings of point-of-sale threats suggest Backoff malware is a coordinated criminal effort. The FBI warns healthcare providers that they've become a prime target of hackers (probably because they've proved a relatively soft target).

Healthcare cyber concerns are, of course, heightened by the recent breach of Community Health Systems. The costs of this attack are thought to be very high. There's much related discussion of the difficulty of assessing cyber risk, but consensus is that cyber is an ongoing enterprise risk still overlooked by boards. It's also overlooked during merger-and-acquisition due diligence.

Notes.

Today's issue includes events affecting Australia, China, Colombia, Germany, Finland, Israel, Italy, Republic of Korea, Netherlands, Palestinian Territories, Russia, Singapore, United Kingdom, United States

Selected Reading

Cyber Trends

Assessing The Financial Impact Of 4.5 Million Stolen Health Records (Forbes) Less than a week ago, publicly traded Community Health Systems (CHS) formally announced to the SEC what amounts to the second largest breach of health records (4.5 million) in U.S. history. According to the filing, the data was stolen between April and June of this year

Due diligence light on cyber risks (FierceCFO) Dealmakers don't pay much attention to cybersecurity when they're vetting a target company

Cyber Security: The Weak Link in M&A (Freshfields Bruckhaus Deringer) International law firm Freshfields Bruckhaus Deringer is calling for cyber risk to be evaluated like any other risk impacting the value of a target following a global survey of dealmakers. The results of the survey reveal a worrying level of complacency towards the assessment of cyber risks during M&A deals, despite increasing awareness of the cyber security risks facing businesses

Cyber Due Diligence: How and Why Investors — and the Companies They Are Targeting — Should Assess Their Cyberrisks (Risk Management Magazine) Recognition of the dangers related to computer intrusions — which rose to a level that was significant enough for President Obama to discuss the issue in his 2013 State of the Union address to Congress — is an acknowledgment long overdue

4 'cyberhealth' strategies for boards (VentureBeat) Cybersecurity made it onto the list of the top five concerns of U.S. electric utilities this year, according to a new Black & Veatch survey. And less than a third of respondents said they're equipped to handle an attack

8 ways to talk security with executive management (Help Net Security) The importance of information security and technology risk management continues to grow, but many risk and security professionals continue to struggle with non-IT executive communication

Breach Response: Are We Doing Enough? (BankInfoSecurity) One commonality of the rash of recent data breaches, including those victimizing Community Health Systems, Supervalu and UPS Stores, is that the cyberdefenses many organizations had put in place to safeguard their data and systems over the years are no longer effective. The predators have become more sophisticated at the expense of their prey

New Approaches Needed For Hyperscale Security Threats (IT Jungle) In the ongoing battle for network superiority, cybercriminals appear to be gaining the upper hand. The rise of commercial malware and the sophistication of hyperscale hacker tools are giving the bad guys incredibly powerful tools to perpetrate their crimes. Considering the disjointed approach to cyber threats in Western nations, some experts say it's time to explore fundamentally new approaches to fighting it

Technology exposing Australian businesses to "catastrophic" risk: Senetas (ARN) Security must be introduced at the outset of network design to avoid risk of cyberattack

Cyber steps up its role on the battlefield (Marine Corps Times) A platoon of Marines are on a pre-dawn Osprey raid to snatch a high-value target. But, as the crew chief leans out of the side hatch, he sees blazing lights in the town ahead. They will be illuminated for small-arms fire as they approach their landing zone

Electromagnetic Warfare Is Here (IEEE Spectrum) A briefcase-size radio weapon could wreak havoc in our networked world

Legislation, Policy and Regulation

China to change its National Security Law with extra powers (Economic Times) China is all set to beef up its National Security Law by granting sweeping powers to security agencies backed by stiff punishments for for counterespionage in the backdrop of reports of cyber-snooping by the US

Leaked Documents Reveal How the Chinese Communist Party Channels Public Opinion (Global Voices) A central government coordination body called Central Internet Security and Informatization Leading Group was established on February 27, 2014 led by the Chinese President Xi Jinping, Premier Li keqiang and head of the propaganda authority Liu Yunshan. Such high level coordination group suggests that internet information security has become the top priority of the Chinese government

Banks to meet with Treasury Department on cyber threats -sources (Fox Business via Reuters) A group of Wall Street banks plan to meet the U.S. Treasury Department and other government officials next month to talk about how to cooperate to fend off cyber attacks, people familiar with the matter told Reuters

Report summary: securing the electric grid (Intelligent Utility) The electrical grid is often described as the "most critical of critical infrastructure." Given its importance to modern society and our way of life, it is an obvious target for a wide range of actors who would seek to do harm to the United States

Securing the U.S. electrical grid (Help Net Security) The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather

Switchboard: White House agrees with its cybersecurity czar, says he doesn't need to code (Washington Post) Does the White House's cybersecurity czar need to be a coder? He says no

It Does Matter That The White House Cybersecurity Czar Lacks Technical Chops (Forbes) Michael Daniel, the White House cybersecurity coordinator or "cyber czar", made comments recently that being a coder or "being too down in the weeds at the technical level could actually be a little bit of a distraction." This statement raised concerns in the cybersecurity community. A quick examination of his background elevated those concerns. Mr. Daniel has never been involved with cybersecurity before; he has a strong background in policy and budgeting but nothing in even the basics of cybersecurity. This seems to be a problem just for the government cybersecurity community, but it has farther reaching impacts

NSA built 'Google-like' search engine to share data (USA Today) The National Security Agency built its own search engine and shares hundreds of billions of digital records with federal law enforcement and several other U.S. government agencies, The Intercept investigative site reported Monday

Products, Services, and Solutions

Security appliance and router for industrial networks (ProSecurityZone) The Magnum 10RX router and security appliance from Belden has been designed for use in industrial control systems for providing protection to infrastructure objects

Tool restores SynoLocker-encrypted files (Help Net Security) Security company F-Secure has created a tool that could help SynoLocker victims get their files back, but it only works if they have received — bought — the correct decryption key

Panda Internet Security 2015 (PC Magazine) Glue together antivirus and firewall protection, tack on a few more security features, and pretty soon you've got a full-blown security suite. Panda Internet Security 2015 ($49.99 per year; $69.99 for three licenses) offers an outstanding antivirus component, but the other suite components don't all measure up

Kaspersky vs BitDefender Antivirus: The Competition ever Stops (JBG News) The rapid increase of viruses and threats that have spread out all throughout the network has brought a large number of antivirus software in the market. These programs are designed to detect and eliminate the harmful threats that can damage your system

The battle of Security — Avast vs AVG Antivirus (Streetwise Tech) Keeping your apps and software constantly up thus far is critical part in this day and age, hackers and Trojan viruses are becoming more common now we talk about a few attributes, specifications and latest upgrades to the application and software

Technologies, Techniques, and Standards

Point of Sale Terminal Protection — "Fortress PCI at the Mall" (Internet Storm Center) This is a very broad topic, but over the last few months I've seen some really nicely protected PCI termainls. Especially since many POS environments are still running Windows XP, this is an important topic to discuss

How to improve your Twitter security and privacy (Naked Security) We don't tend to lump Twitter in the same privacy bracket as, say, Facebook

PGP Alternatives for Email Encryption (Infosec Institute) A few weeks ago, I wrote an article for 2600 Magazine. (If you're curious, publication has been confirmed and you'll probably see it in the Winter 2014-2015 issue.) The form email you get when you email an article submission says

Building resilience in our systems (Federal Times) As government and industry continue to develop new capabilities to defend and counter persistent threats against information systems, weapons systems, and critical infrastructure, the need to develop resilience, both technically and procedurally, has become a necessity. Organizations have long implemented redundant capabilities, from backup data centers to independent communications paths, but the need to include cyber resilience has come of age

Security: Crunchifying the Soft Chewy Center (Trustifier) Has anyone has ever compared your network to a Tootsie Pop or chocolate chip cookie? In the past some pundits have said that in terms of security, networks were "crunchy on the outside, but soft and chewy on the inside"

Inside the ISO 27001 Documentation Toolkit (Help Net Security) You work for a small or medium company and you'd like to become compliant, but budget is always an issue. The ISO 27001 Documentation Toolkit from 27001 Academy is here to help. The Toolkit is available in several languages and will guide you through the whole process for a fraction of the cost of a consultant

Understanding and Implementing the NIST Cybersecurity Framework (HLS Forum on Corporate Governance and Financial Regulation) Why the Cybersecurity Framework was created and why it is so important

NIST Seeks Info on User Experiences with Cybersecurity Framework (NIST) Six months ago, the National Institute of Standards and Technology (NIST) released version 1.0 of its voluntary Framework for Improving Critical Infrastructure Cybersecurity, a methodical approach that organizations of all types can use to create, guide, assess or improve their cybersecurity plans. The framework was developed with industry in a collaborative and open process over the course of a year, as directed by President Obama in Executive Order 13636. NIST is now seeking public feedback on the framework

Marketplace

Cybersecurity's hiring crisis: A troubling trajectory (ZDNet) There is a severe — and worsening — shortage of information security professionals. Leading industry experts believe it predicts a grave outcome

Data centres proliferating in Canada as companies play catch-up amid security concerns (Financial Post) Data centres are booming in Canada as demand grows from companies wanting to store information within our borders and amid growing concern about data privacy, prompting the likes of industry giants Salesforce.com Inc. and SAP SE to expand their footprint within the country

The incredible shrinking defense industry (Politico) Major defense contractors are shrinking — big time

Why Investing In Cyber Security Stocks Is A Steal Now (Seeking Alpha) The opportunities in the global cyber security industry make investing in cyber security stocks one of the wisest decisions right now. The ever-increasing spread of cyber-attacks and threats is fast shaping the fortune of the global cyber security market. Other factors driving growth in this industry include a surge in the number of people using Internet-connected devices, mostly through the Internet of Things, where the existing solutions to track cyber-attacks have largely become ineffective

CACI CEO Ken Asbury Sees Growth Potential in Federal Cyber, Health IT Areas (ExecutiveBiz) Ken Asbury, president and CEO of CACI International, says the health information technology and cybersecurity areas present the company with opportunities for growth in the federal market, The Washington Post reported Sunday

Baltimore startup Maddrix lands on list of NSA cybersecurity experts (Baltimore Sun) Lockheed Martin also among companies accredited in new program assisting government in rooting out barrage of network intrusions

Cyber Deal Tops Pentagon’s Weekly Contracts (DoD Buzz) A multi-billion-dollar contract to upgrade the Navy's ship-based computer networks against cybersecurity threats topped the list of contracts announced by the Pentagon last week

Research and Development

Project Aims to Decipher Cryptography with Phones (Laboratory Equipment) While carrying out her master thesis on computer science, Ramasany Gowthami participated in the creation of an Android app by means of which users get together to crack a modern cryptographic code

Security Patches, Mitigations, and Software Updates

Mozilla Adding Granular App Permissions to Firefox OS (Threatpost) Mozilla is set to add a feature to its mobile Firefox OS that will give users the ability to revoke any application's permissions on a granular basis

Facebook cracking down on 'clickbait' with update (USA Today) Facebook is launching an update Monday for users' news feed that will attempt to weed out stories that publish 'clickbait' headlines

Cyber Attacks, Threats, and Vulnerabilities

Hack Attack! Anonymous strikes at Israeli govt over Gaza (RT) Hacker collective Anonymous has taken down key Israeli government websites in a "retaliatory" attack against Israel and in solidarity with the people of Gaza. Israel Defense Forces, Bank of Israel, and the Israeli PM's Office were among the targets

Massive Cyber Attack: Anonymous takes down top Israeli Govt websites for Gaza (HackRead) The online Hacktivist group Anonymous is back in news with another bang. This time the hackers have taken down the official government portal of Israeli government over Gaza attacks

Pro-Hamas Hackers Trying to Cripple Israel in Secret Cyber War (Jewish Press) One missile explosion on Tel Aviv could cause a local disaster. One successful Hamas hack of IDF secrets could cause a national disaster

PlayStation Network Brought Down By DDoS Attack (Huffington Post) Gamers woke up to an unpleasant surprise on Sunday morning when hackers brought down Sony's PlayStation Network by way of a distributed denial-of-service (DDos) attack

Sony PSN back online after DDoS attack (Help Net Security) Sony's PlayStation Network has been hit with and downed by a large DDoS attack this weekend, but is now back online a functioning as it should

Blizzard's BattleNet battered by DDoS attacks (incgamers) It's not a great evening to be trying to play Blizzard titles, as BattleNet games like Diablo 3 and World of Warcraft are the latest to succumb to DDoS (Denial of Service) barrages. Several major games have been affected over the past few days, including League of Legends and Guild Wars 2

Defense ministry finds hacking attempts against its reporters (Korea Herald) Unidentified hackers, suspected to be based in China, have been caught trying to steal data from media reporters covering South Korea's Ministry of National Defense, ministry officials said Friday

Cyber attack targets personnel data of VR and other Finnish companies (Yle Uutiset) A cyber attack on a Finnish IT company's server may have exposed the personal data of tens of thousands of employees at eight companies. The server was used to login to HR information systems run by companies such as the state rail company VR, the phamrceuticals wholesaler Oriola and the Finnish Tax Administration. At least one company has since terminated its relationship with the IT services provider

Thousands of iPhones hit by new malware (GMA News) A new malware targeting Apple's iOS may have wormed its way to as many as 75,000 iPhones, a security vendor said over the weekend

Side-Channel Android Weakness Likely on Other Platforms (Threatpost) A weakness in Android, one that's likely also found in other leading operating systems, allows an attacker to infer what's happening on a victim's user interface and launch an appropriate secondary attack resulting in data loss

Kelihos botmasters target Russian patriots to expand botnet (Help Net Security) The cyber crooks behind the Kelihos botnet are, once again, trying to swell the number of computers included in it

Attack targets firms from the automobile industry in Europe (IDG via CSO) Attackers are sending emails containing a new information-stealing Trojan program to customer service departments, Symantec researchers said

FBI warns healthcare firms they are targeted by hackers (Reuters) The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records

Behind the huge cyberattack campaign in Latin America that no one has heard about (Quartz) For the past four years, a secret cyber-attack campaign, possibly state-sponsored, has been directed at several Latin American intelligence services, military, embassies and other government institutions. The Moscow-based cyber-security firm Kaspersky Lab, which claims to have unearthed the campaign, has given it a name: El Machete

Over 1,000 businesses compromised with Backoff malware (Help Net Security) The US Department of Homeland Security has once again issued a warning to businesses about the Backoff malware

Secret Service says "Backoff" malware hit 1000 businesses — 6 tips to keep your data safe (Naked Security) It now appears that the string of recent data breaches at US retail establishments was not a coincidence, but rather related attacks using the same malicious software kit

FBI issues warning about creative Google searches (CSO) A memo dated July 7, issued by the FBI and the National Counterterrorism Center, warns law enforcement and private security agencies about the practice of Google Dorking (or Google Hacking if you prefer) and what can be done about it

Netcore, Netis routers have hardcoded password, Trend Micro says (CSO) A line of routers from a China-based manufacturer has a serious flaw that could allow a hacker to monitor someone's Internet traffic, according to research from Trend Micro

Vibram suffered five finger data breach (CSO) I'm a little surprised at myself. I did some research about this data breach when it was first posted at the beginning of August but, somehow I managed to neglect to write it up

Watch out for fake versions of Flappy Bird sequel Swing Copters in Google Play Store! (Naked Security) Late last week, the game Swing Copters came out, a sequel of sorts to the now-cult-classic game Flappy Bird

Cyber-Crooks Piggyback on Ebola Epidemic for Disseminating Malware, Says Symantec (Spamfighter News) Symantec, the security company, referring to Ebola, the dangerous new virus which has caused an epidemic in the western countries of Africa and which is regarded to be a health emergency globally ever since over 1,000 people, who contacted the viral infection, died within Liberia, Guinea, Nigeria and Sierra Leone so far in 2014, warns that cyber-criminals are currently leveraging the outbreak to launch fresh assaults

What happened to the Flashback Trojan? Turns out US universities are still riddled with it (Techworld via CSO) Malware hiding in dorm rooms

Wireless smart meters criticized for invading privacy, starting fires (FierceMobileIT) Smart meters, which enable utilities to communicate wirelessly with home energy systems, are being criticized for invading home owners' privacy and, in some cases, starting fires

Litigation, Investigation, and Enforcement

Detained Colombia hacker outlines alleged political plot against peace process (Miami Herald) Andr&#233s Sepúlveda, an alleged computer hacker who was detained in May, says political rivals of President Santos were using classified information to derail Colombia's peace process

Comcast Data Breach Leaks Thousands of Unlisted Phone Numbers, Threatening Customers' Privacy (Electronic Frontier Foundation) Four years ago, users of Comcast's phone service who had paid for their personal information to be unlisted noticed that something was amiss. Complaints started appearing from these individuals who found their names, addresses, and telephone numbers in phone directories both online and off

LinkedIn Settles Data Breach Lawsuit (InfoRiskToday) LinkedIn has agreed to settle a consolidated class action lawsuit stemming from a June 2012 data breach that compromised 6.5 million hashed passwords

Identity theft vendor sentenced to 100 months in prison (Help Net Security) A northern California man who served as an information and document vendor in the identity theft and credit card fraud ring known as Carder.su was sentenced yesterday to serve 100 months in federal prison. He was further ordered to pay approximately $50.5 million in restitution

Breach of Homeland Security Background Checks Raises Red Flags (Dark Reading) "We should be burning down the house over this," says a GRC expert

FBI Completes Digitization of Criminal, Civil Identity Records (ExecutiveGov) The FBI's Criminal Justice Information Services division has completed the digital conversion of its fingerprint, criminal history and civil files as part of a two-decade effort to completely modernize the division's biometric file system

As hackers continue to strike, consider pros and cons of a credit report security freeze (Post and Courier) Each passing week seems to bring news of yet another data breach, exposing an ever-rising number of consumers to potential fraud and identity theft

Alleged 'Messiah' hacker faces 105 more charges (ChannelNewsAsia) James Raj Arokiasamy is already facing charges for hacking the Ang Mo Kio Town Council's website. He faces a total of 162 charges

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics

ICFPT 2014 (Shanghai, China, December 10 - 12, 2014) ICFPT is the premier conference in the Asia-Pacific region on field-programmable technologies including reconfigurable computing devices and systems containing such components. Field-programmable devices promise the flexibility of software with the performance of hardware

INTERPOL World 2015 (Singapore, April 14 - 16, 2015) INTERPOL World is a new biennial international security trade event which will bring police and other law enforcement agencies together with security solution providers and security professionals from around the world to identify future challenges and propose and build innovative solutions

upcoming Events

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.