The CyberWire Daily Briefing 08.27.14

Summary

By The CyberWire Staff

ISIS continues its influential, brutalizing, information operations in social media.

Lizard Squad (either ISIS's cyber arm or a pasty parental basement dweller, depending on whom you believe) claims to have taken down Vatican websites in a "jihad" promising the death of "all kuffar," which at least represents a gesture toward ISIS-like rhetoric, but ample grounds for skepticism remain. Among those grounds: hacker "FamedGod" says s/he, not Lizard Squad, hit Sony over the weekend. Observers agree, however, that the bomb threat against American Airlines Flight 362 was indeed Lizard Squad's work.

The FBI and DHS warn that ISIS is expected to retaliate against the US for airstrikes. Physical retaliation is the principal concern, but cyber operations (or at least cyber rioting) may also be expected.

Russian-speakers are victimized by self-propagating ransomware. They're also enticed into criminal botnets by patriotic phishing.

Blue Coat points out the threat of "one-day wonders" — they've found 470 million sites that existed for less than twenty-four hours, and 22% of these facilitated attacks.

Krebs sees signs that Dairy Queen may be the latest large retailer to succumb to cyber attack.

Researchers report new malware evasion techniques that involve using lists of known malware researchers to cue quiescence.

Facebook works on a patch for its iOS Messenger flaw that permitted unauthorized phone calls. Google makes fifty fixes to Chrome.

The US Department of Homeland Security's "Enhanced Cybersecurity Services" have fewer users than hoped. Prospective customers find them either too costly to implement or too difficult to find.

Notes.

Today's issue includes events affecting Canada, China, Colombia, India, Ireland, Israel, Japan, Netherlands, Russia, Syria, United States, and Vatican.

Selected Reading

Cyber Trends

The increasing prevalence and complexity of malware (Cisco Blog) In recent months, many organizations are becoming more interested in the information security landscape and how these threats can affect their business today

Shadow cloud services pose a growing risk to enterprises (Computerworld) Non-approved SaaS apps are growing rapidly, says PwC

RSA: Gateway to next generation security (TechDay) Businesses need to fundamentally evolve their approaches — yes, approaches, plural — to security, says RSA's Steve Schlarman

Are Connected Cars on a Collision Course with Network Security? (Infosec Island) Flipping through any consumer publication that rates vehicles, you'll see all the metrics you would expect — from safety and performance (acceleration, braking, etc.) to comfort, convenience and fuel economy

McAfee's Hatter warns of growing security threats from smart phones and tablets (Independent) Patty Hatter warned event delegates of technology risks

Top 5 Reasons Your Small Business Website is Under Attack (Dark Reading) There is no such thing as "too small to hack." If a business has a website, hackers can exploit it

Cybersecurity: How well are Latin American banks protected against cyber attacks? (JDSupra) Inter-American Dialogue's Latin America Advisor asked Marcela Cristina Blanco, associate attorney in Diaz Reus' Bogota, Colombia office: How Well Do Latin American Banks Protect Against Cyber Attacks?

Trend Micro security report: Is India getting ready to become the top malware victim? (Infotech Lead) India is among the top three countries for malware attacks on online banking, behind Japan and the U.S., said a Trend Micro report that covers on Cyber threats, data breaches and big vulnerabilities

Legislation, Policy and Regulation

The Landmark file: Inside Canadian cyber-security agency's 'target the world' strategy (Globe and Mail) When Canadian intelligence officials speak about today's spying, they can reveal great ambition

DHS cybersecurity program finds few takers (Security InfoWatch) Agency's "Enhanced Cybersecurity Services" program was expanded last year, but word of the initiative seems to be failing to reach state security officials

Cybersecurity Is A Severe And Growing Challenge For Government Contractors (Forbes) Government contractors are attractive targets for cyber attacks because the U.S. federal government — the largest producer, collector, consumer, and disseminator of data in the world — entrusts sensitive information to these private companies. This includes everything from national security secrets, to information on the nation's military and critical infrastructure, to the personal information of all U.S. citizens and residents

California governor signs kill switch bill into law (FierceMobileIT) The on-again, off-again saga of smartphone kill switches in California is now officially on-again, as Governor Jerry Brown (D) Monday signed a bill mandating the anti-theft features as of July 2015

Products, Services, and Solutions

Sophos and Check Point Partner to Protect Corporate Networks From Non-Compliant Mobile Devices (MarketWatch) Leading cyber security company Sophos, and Check Point Software Technologies Ltd., the world leader in securing the Internet, today announced a partnership to provide integration between Sophos' Enterprise Mobility Management (EMM) solution, Sophos Mobile Control (SMC) 4.0, and Check Point's Mobile VPN

Hot Alert: FireEye (NASDAQ:FEYE) (CrazyJoys) Hot Alert : WPCS International Incorporated (NASDAQ:WPCS), FireEye (NASDAQ:FEYE), Ryanair (NASDAQ:RYAAY), Mitsubishi UFJ Financial Group (NYSE:MTU), Portfolio Recovery Associates Inc. (NASDAQ:PRAA) August 26, 2014 | By Erin Rice FireEye, Inc. (NASDAQ:FEYE) announced the Cyber Risk Evaluation and Threat Engagement (CREATE™) program, addressing insurance brokers' and underwriters' critical need to gain visibility into enterprises' exposure to cyber threats. Lockton, Inc., the largest privately held, independent insurance broker in the world, will serve as the CREATE program's inaugural partner

How Does FireEye Find So Many Zero-Day Flaws? (eWeek) Dave Merkel, CTO of FireEye, explains why zero-day vulnerability disclosure is just a byproduct of what his company is really all about

Chris Petersen: LogRhythm Launches Threat Intell Ecosystem to Expand Security Coverage (ExecutiveBiz) Symantec has joined CrowdStrike, Norse, ThreatStream and Webroot as partners in LogRhythm's threat intelligence vendor consortium that aims to provide a platform for security analytics and intelligence services against cyber threats

Tufin Teams with VMware On Advanced Security Services For The Software-Defined Data Center (Sys-Con Media) Companies collaborate to help orchestrate micro-segmentation across physical and virtual networks

Online Tools For Bug Disclosure Abound (Dark Reading) What's driving the bounty of software vulnerability disclosure offerings today from Bugcrowd, HackerOne, and Synack

Sponsor Blog: Riverbed Federal Offers Rapid and Easy Solutions to Counter Cybersecurity Challenges (SIGNAL) Federal agencies are always looking for ways to spend their security dollars more efficiently. Cyber Attack Defenders recently sat down with Sean Applegate, director of technology strategy at Riverbed Federal, who provided some tips on how agencies can boost their security capabilities while cutting costs by coordinating their investments in network and security monitoring

Technologies, Techniques, and Standards

Using PowerShell and JEA to Secure Windows Server Systems (eSecurity Planet) Microsoft Windows PowerShell and JEA simplify the process of moving from global administrator accounts to limited local accounts, a best practice in securing Windows Server-based systems

Netflix open sources internal threat monitoring tools (IDG via CSO) Netflix has released three internal tools it uses to catch hints on the Web that hackers might target its services

Do Not Track — the privacy standard that's melting away (Naked Security) Do Not Track, the privacy standard that's supposed to address one of the biggest issues of the 21st century internet — how you control who can track what you're doing online — isn't in the news. Again

Why every security-conscious organization needs a honeypot (Help Net Security) You've probably heard the phrase about "canaries in a coal mine." In the mid 1900s, a guy named John Haldane figured out that birds die pretty quickly when poisoned by carbon monoxide, after which coal miners started using them as early warning systems for toxic gas. We need the same for computer security. No defense is infallible, so organizations need digital canaries to warn us about poisoned networks

FireEye Founder: Bitcoin Could Secure Our Global Payments Infrastructure (CoinDesk) The promise of digital currency technology and its potential applications has drawn a number of investors to the ecosystem, each with unique backgrounds and expertise

How important is website security? (Help Net Security) In this interview, Nicholas Sciberras, Product Manager at Acunetix, illustrates why website security should be a priority in any organization. He talks about the challenges involved in auditing website security, illustrates the pros and cons of using remote vs. in-house security testing, and more

Cards emerge as key player in authentication (Federal Times) Another day, another massive security breach: The online theft of usernames, passwords and personally identifiable information is now so common many people barely think twice about it. But when it's the federal government that's been hacked, the situation takes on a different urgency

Marketplace

Are Cyber-Security/Anti-Hacking Stocks the Next Bull Market? (Equities.com) The Financial Times, citing a global watchdog, recently reported about the rising danger of cyber-attacks on financial markets. According to Greg Medcraft, Chairman of the Board of the International Organization of Securities Commissions (IOSCO), the next major financial shock will come from cyber space

Qualcomm, IBM Try Conciliation In China Clashes (Seeking Alpha) After months of hostile exchanges, accusations and negative publicity, the tone in a series of disputes between Chinese and foreign companies and governments abruptly shifted late last week with new signs of conciliation from both the foreign companies and Chinese government

ICBC deal shows IBM still engaged in China (IFP) Industrial and Commercial Bank of China (ICBC) has deployed a new IBM mainframe computer system, the two companies said on Tuesday, boosting the U.S. technology giant's credentials in the country

Allied Minds Announces the Formation of Whitewood Encryption Systems, Inc. (BusinessWire) Allied Minds (LSE: ALM), an innovative U.S. science and technology development and commercialization company, announced today the formation of Whitewood Encryption Systems, Inc., a builder of next-generation systems of data encryption that leverage advanced cryptography technologies emerging from U.S. centers of research excellence. Additionally, the company announced today it has exclusively licensed intellectual property from Los Alamos National Laboratory for quantum cryptography

Fortinet Sets Up Research & Development Center in Singapore (CNN) Extends leading network security vendor's innovation efforts to protect enterprises amid an environment of escalating cyber threats

InfoReliance Wins DHS Contract to Provide Specialized Security Services for the National Cyber Protection System (Power Engineering) InfoReliance has been selected by the Department of Homeland Security (DHS) Office of Cybersecurity and Communications (CS&C) to provide Specialized Security Services (SSS) to the National Cybersecurity Protection System (NCPS) (operationally known as EINSTEIN) and Enhanced Cybersecurity Services (ECS) Programs, as well as other Network Security Deployment (NSD) supported initiatives. This $65 Million contract is the second DHS contract InfoReliance has been awarded in the past 6 months; their first win was as the technical lead of the Metrica Team Venture CDM Federal Dashboard Deployment

Qubitekk to Receive Federal Funding to Help Protect Nation's Power Grid from Cyber Attack (PRNewswire) San Diego startup Qubitekk will benefit from a $3M Department of Energy grant to speed the development of unhackable quantum encryption technology that will protect the country's power grid from cyber attack

Gemalto selected by NTT DOCOMO for its NFC Services (MarketWatch) Gemalto (Euronext NL0000400653), the world leader in digital security, announces the selection by NTT DOCOMO, INC., the No.1 mobile operator in Japan with over 63 million subscribers, for its mobile NFC services

The Black Hat evolution (CSO) Black Hat is still a must attend event, but not for the same reasons

Former HP Executive Joins Fast Growing Competitor (Broadway World) Checkmarx, a leading provider of application security solutions, today announced the appointment of Ron Kormanek as its VP of Sales for North America. Ron formerly held the position as VP of Sales for Eastern United States for Hewlett-Packard Enterprise Security Products Group, which included responsibility for HP Fortify, a major competitor to Checkmarx

Research and Development

VXer fighters get new stealth weapon in war of the (mal)wares (Register) Foiled traditional systems force white hats to bare metal

Feds Creating Database to Track 'Hate Speech' on Twitter (Washington Free Beacon) $1 Million study focuses on internet memes, 'misinformation' in political campaigns

Security Patches, Mitigations, and Software Updates

Facebook to fix flaw that can force iPhones to make calls (Help Net Security) Facebook will soon be pushing out an update to its iOS Messenger app meant to patch a vulnerability that could allow attackers to place pricy calls from users' phones by simply making them click on a web link

50 Security Flaws Fixed in Google Chrome (Threatpost) Google has fixed 50 security vulnerabilities in its Chrome browser, including a critical string of bugs that can allow an attacker to execute arbitrary code outside of the browser's sandbox. This is one of the larger batches of fixes that Google has produced for Chrome recently

Cyber Attacks, Threats, and Vulnerabilities

ISIS co-opts Twitter hashtags to spread threats, propaganda (Ars Technica) Jihadi activists employ a ruthless and deft social media strategy

"Lizard Squad" hackers force PSN offline and Sony exec from the sky (Naked Security) Hackers calling themselves "Lizard Squad" tweeted a bomb threat that forced a plane with Sony Online Entertainment's president on board to divert for an emergency landing on Sunday

Sony, XBox Victims Of DDoS, Hacktivist Threats (Dark Reading) Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services

Terrorist ISIS Lizard Squad Tweet Attack On Microsoft Xbox Live After PlayStation Network Hack Allegations (Classicalite) Lizard Squad, the terrorist ISIS linked hacker group who has taken responsibility for this weekend's attack on the PlayStation Network, has now set their site on Microsoft's Xbox Live network. However, Lizard Squad may have not been the hackers that took down PSN. Anonymous hacker FamedGod has released a video, taking credit for the hack

'Lizard Squad' claims to have taken down Vatican website; invokes 'jihad', 'ISIS' (Twitchy) This is the same group claiming to have taken down PlayStation Network and who claimed there were explosives on board American Airlines flight 362

Who is Lizard Squad, the alleged PSN hacker? (Daily Dot) Shady hackers have claimed responsibility for cyberattacks that have knocked some of the biggest names in gaming offline

Self-propagating ransomware written in Windows batch hits Russian-speaking countries (Avast! Blog) Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an "agreement" were made and the victim needs to check them before signing the document

Show Mother Russia you love her: Click HERE and AHHH NYET! (Register) That Kelhios badness is infecting you — securobods

Russian Hackers and What It Means for Your Website (Business2Community) A group of Russian hackers, dubbed the CyberVor hackers by Hold Security, stole more than one billion passwords from sites both big and small this year. The group used a botnet to steal the passwords from an estimated 400,000 sites

Blue Coat Reveals Security Risks From "One-Day Wonders" Websites (Dark Reading) Research Study finds 470 Million Websites Exist for Less Than 24 hours; 22 Percent Used to Facilitate Attacks

DQ Breach? HQ Says No, But Would it Know? (Krebs on Security) Sources in the financial industry say they're seeing signs that Dairy Queen may be the latest retail chain to be victimized by cybercrooks bent on stealing credit and debit card data. Dairy Queen says it has no indication of a card breach at any of its thousands of locations, but the company also acknowledges that nearly all stores are franchises and that there is no established company process or requirement that franchisees communicate security issues or card breaches to Dairy Queen headquarters

Researchers warn about schemes that lead to FlashPack exploit kit (Help Net Security) Security researchers have spotted two different online schemes that lead to pages hosting the FlashPack exploit kit

Big GameOver Zeus Hunting: Variants in the Wild or a Botnet Resurgence? (Damballa: The Day Before Zero) The million dollar question seems to be: Is GameOver Zeus (GoZ) making a comeback? The prolific botnet responsible for a cyber-pandemic was disrupted in June. Since the international take-down effort was announced in June, the security community has held its breath

Researcher details how malware gives AV the slip (Register) 'They're coming! Everyone back to your places!'

Duping the machine — the cunning malware that throws off researchers (Naked Security) The exponential explosion of malware in recent years has seen the rise of automated analysis environments — or "Sandboxes" — as an essential means of providing detailed and pertinent information about a sample, in a timely manner

Is massive DNS hack responsible for Charter Internet outage? (NetworkWorld) Charter Communications has suffered major Internet outages across the U.S. Customers are reporting that changing the DNS IP addresses have restored service, fueling speculation that the company was a victim of a massive DNS hack

Google Image Search Hacked? Search results filled with Russian car crash images (HackRead) Users witness looking at pictures of Russian car crash regardless of what they searched on Google Images. If someone searched for 'cat' the search result came up with a multiple images of the car crash — speculations were that Google Image search result service was hacked

Cellphone surveillance systems can track almost anybody (Help Net Security) The surveillance tech industry is booming, and we should be worried about it

Academia

NYU launches largest cyber security student contests (Help Net Security) Even before the academic semester starts, students from across the globe have begun registering for the largest set of student cyber security competitions in the world: the NYU Polytechnic School of Engineering Cyber Security Awareness Week

Raytheon's Cyber Defense Tournament Helps to Grow the Next Generation of Defense Tech Experts (InTheCapital) Earlier this year, a team of students from the University of Central Florida won the Raytheon-sponsored National Cyber Collegiate Defense Competition — America's largest cyber tournament for college students. The competition meant to help develop more young Americans to fill the nation's critical need for cyber talent and to inspire the incredible bright minds on school grounds succeeded in emphasizing the importance of growing the next generation of defense technology experts here in the U.S

Litigation, Investigation, and Enforcement

Deputizing the Cyber Posse: The Next Frontier of Public-Private Partnership (Forbes) Facing a dire threat to the citizens of Tombstone by criminals, Wyatt Earp requested, and was granted, federal law enforcement authority and permitted to assemble a posse of gunmen to protect his family and to hunt for the men who had shot his brother. For $5 a day, these men were willing to place themselves in extreme danger to help Deputy U.S. Marshal Wyatt Earp enforce the law

How a Chinese National Gained Access to Arizona's Terror Center (ProPublica) The un-vetted computer engineer plugged into law enforcement networks and a database of 5 million Arizona drivers in a possible breach that was kept secret for years

Chinese authorities target Internet Explorer and Windows Media Player in antitrust case (Win Buzzer) After raiding Microsoft's offices in Beijing, Shanghai, Guangzhou and Chengdu last month due to issues with "compatibility, bundling and document authentication", Chinese regulators are now targeting the Redmond-based giant's web browser and media player

Alabamians file lawsuit against hospital chain after cyber-attack by Chinese hackers (al.com) Five Alabamians have filed a federal class action lawsuit against a Tennessee-based hospital system after 4.5 million people across the U.S. were affected by a data breach

Data Breaches in the Cloud: Who's Responsible? (Government Technology) The cloud multiplier effect means data breaches in the cloud are increasing — and becoming more costly. With so many states and localities opting to host their data there, what happens when breaches occur?

Former HHS Cyber Security Director Convicted For Child Porn (Daily Caller) Former acting director of cyber security for the Department of Health and Human Services Timothy DeFoggi was convicted for a myriad of gruesome child pornography charges Tuesday, the Department of Justice announced

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.