The CyberWire Daily Briefing 09.04.14

Summary

By The CyberWire Staff

Somewhat breathless worries of an electrical-grid Pearl Harbor aside, ISIS continues to concentrate on information operations, both in social media (showing considerable agility in Twitter) and in propaganda of the deed (displaying heartbreaking savagery).

Minor cyber-rioting gutters on in Pakistan.

NATO continues to stiffen its interpretation of Article 5 (collective defense) as it applies to cyberspace. The alliance is also discussing measures against ISIS and Russian aggression (the latter far likelier to be cyber and economic than kinetic).

Home Depot advises its customers to look to their financial statements as it acknowledges a pay card breach. Beyond that the retailer continues its fairly tight-lipped investigation. Credit cards evidently stolen from Home Depot stores — some analysts think essentially every store was affected — have turned up in the Rescator carder black market. There's a veneer of Russian patriotism over Rescator nowadays, but this incident seems fairly straightforward criminality. (Still, it can be hard to tell. See studies of the burgeoning Chinese criminal underground and its overlap with state security.)

Ars Technica provides an account of the JPMorgan hackers' "long game."

iCloud may not have suffered a system-wide breach, but the celebrity photo leaks drop plenty of odium on Apple nonetheless. Much criticism centers on failure to protect customers against brute-forcing. Wired goes so far as to publish a call to litigation. The incident prompts handwringing over cloud security as a whole.

Cyberintel says it's discovered a long-running business cyber espionage campaign ("Harkonnen," in an homage to "Dune") active in Europe since 2002.

Notes.

Today's issue includes events affecting Australia, Austria, Brazil, Canada, China, Ecuador, Germany, Indonesia, Iran, Iraq, Israel, Pakistan, Russia, Switzerland, Syria, Taiwan, Ukraine, United Kingdom, United States

The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events.

Selected Reading

Cyber Trends

Electric grid facing security threats from all sides (FierceSmartGrid) Grid security, both cyber and physical, is a critical issue, with new technologies being rolled out every day, and, changing the ultimate game for utilities

Akamai's Francis Trentley — The World of Zombies, Cyborgs and Knights (CSO) Francis Trentley was the CIO of the White House during the George W. Bush administration and oversaw that office's biggest ever technical transformation. Today, he is the Senior Director at Akamai Technologies. At the recent Gartner Security and Risk Management Summit, he delved into the ever-evolving cyber-threat-landscape and examined how traditional defences need to evolve

Risk from cyber attacks revealed as up to 71% of workers use out of date systems (Link2) UK business is putting itself at serious risk of cyber attacks due to poor upkeep of 'at risk' computer systems

In China, Cybercrime Underground Activity Doubled In 2013 (Dark Reading) Forget intelligence gathering. Financially motivated cybercrime is booming behind the Great Wall

The world powerhouses of hacking (Acumin) It seems that when it comes to the disruptive science of hacking, some places are more suitable than others as operational bases. According to the cloud service company Akamai's most recent State of the Internet Report, the top five countries generating the world's internet attack traffic are, in descending order: China (41 per cent), USA (11 per cent), Indonesia (6.8 per cent) Taiwan (4.2 per cent), and Brazil (3.2 per cent)

Cybercriminals love PayPal, financial phishing on the rise (Help Net Security) Kaspersky Lab's experts reported a substantial increase in the amount of financial phishing in spam

Nothing is safe from the hackers — as I've just discovered (The National) If someone were to steal my phone, or simply hack into it, would they find anything on it that I wouldn't want them to?

Legislation, Policy and Regulation

Nato summit on 'high alert' for cyber attack (Financial Times) As world leaders gather in Wales for the Nato summit, British police say they are engaged in a security effort greater than that for the 2012 Olympics. But in contrast to the sporting event, security officials fear the most likely target will be online: Nato and the UK intelligence services have been put on "high alert" for a cyber attack

In case of cyberattack: NATO members ready to pledge mutual defense (Ars Technica) More cooperation on cyber defense among members of North Atlantic alliance

NATO Set to Ratify Cyber as Key Military Threat (Infosecurity Magazine) NATO is set this week to ratify a new policy on cyber-defense which will confirm that international law applies in cyberspace and that an online attack against one member country could be considered an attack on all 28

NATO to unveil cyber-defence strategy fit for changing times (The Conversation) Late one Saturday evening in March, NATO's Headquarters experienced a large-scale cyber-attack at the hands of a group calling itself Anonymous Bierkut from Ukraine. Non-classified networks were targeted, putting internal email services and public websites out of action for several hours. The attack was more of a nuisance than a serious threat but it served as a salutary reminder that even the best protected and cyber-aware organisations can still come up against disruption

National Guard carves out its slice of DoD cyber mission, wants teams in every state (Federal News Radio) As the Defense Department's overall budget continues to decline, most of the military's mission areas are seeing proportional cuts, with a few exceptions

Cyberspace chief: Beware, the adversary is watching (Army News Service) The adversary is looking to exploit vulnerabilities in Army computer systems, said the chief of the Army's Cyberspace and Information Operations Division

Media union backs Australian piracy blocking plan (ComputerWeekly) A union representing media, artists, and journalists has endorsed the Australian government's proposal to block websites containing material that infringes copyright

Introducing the world's first national digital currency (Quartz) Ecuador is on track to become the world's first nation to create its own digital currency. The country's central bank announced last week (link in Spanish) that it would begin distributing the yet-to-be-named currency in December

Products, Services, and Solutions

Twitter Launches Bug Bounty Program via HackerOne (SecurityWeek) In an effort to thank researchers who responsibly disclose security vulnerabilities, Twitter has introduced a bug bounty program powered by the HackerOne platform

Free security software identifies cloud vulnerabilities (Help Net Security) Whether responding to customer orders or requesting partner data, the biggest cloud security concern for the enterprise is the direct communication between applications. To help companies identify cloud security risks, Managed Methods has released Cloud Service Discovery Free

Phone Firewall Can Identify Rogue Cell Towers Trying to Intercept Your Calls (Wired) Rogue cell phone towers can track your phone and intercept your calls, and it's only a matter of time before they're as ubiquitous as GPS trackers. But at least now there's a way to spot them

TeleSign to Partner With RSA Security for Enhanced Phoned-Based Authentication (Marketwired) TeleSign, the leader in Mobile Identity, today announced a strategic partnership to provide enhanced phone authentication for the RSA® Adaptive Authentication platform

Porticor and nScaled Team for Cloud Disaster Recovery (Newsfactor Business Report) Porticor® and nScaled today announced the industry's first joint solution integrating software-defined homomorphic encryption key management to protect customers: cloud information and applications replicated for IT Business Continuity and Disaster Recovery (BCDR)

Automating web security reviews with Netsparker (Troy Hunt) I will not run web security analysers without first understanding web security

FireEye Introduces Threat Analytics Platform for Amazon Web Services (MarketWatch) FireEye, Inc. FEYE, +0.35% the leader in stopping today's advanced cyber attacks, today announced that the FireEye® Threat Analytics Platform™ (TAP™) is available for Amazon Web Services (AWS) customers

HyTrust Partners with Intel to Enhance Security (Sarbanes-Oxley Compliance Journal) HyTrust Boundary Controls ensure tighter geographic restrictions to ease compliance, deter data theft and prevent data center downtime

Easy Solutions Announces Support for DMARC, to Improve Global Email Health (Broadway World) Easy Solutions Announces Support for DMARC, to Improve Global Email HealthEasy Solutions, the Total Fraud Protection company, today announced that it now supports the use of the DMARC draft specification within its customer base

Technologies, Techniques, and Standards

750 Stakeholders Prepare for Mock Attack on Networks (Health Data Management) HITRUST, a coalition of industry stakeholders working to improve cybersecurity, has dramatically increased participation in the next round of its cyber attack simulation exercise, called CyberRX

Update your application security policy after Heartbleed (TechTarget) Worried about the stability of your software security? Lower your risk by rewriting policy and procedures for development with open source and third-party components

Ready for Battle (National Retail Federation) Anticipation and preparation are key to fighting data breaches

Privacy concerns may be an issue once the car is connected via a smartphone (Computerworld) Privacy concerns may be an issue once the car is connected via a smartphone

DevOps Tip: Don't Give Developers Keys To Security (InformationWeek) Security change controls can slow down a DevOps program. But let's break up monolithic security systems instead of giving developers more security responsibility

Do's and Dont's: Security Management in a Growing Company (Security Intelligence) Security management can be a tedious job. Whether you are the chief information officer (CIO), chief technology officer (CTO) or even the chief executive officer (CEO), it can be hard to deal with possible risks and apply appropriate controls

Helix Nebula cloud security hinges on federated identity management (TechTarget) CERN and the Cloud Security Alliance explain how federated identity management protects Helix Nebula, a European cloud platform that's running applications for such research projects as the Large Hadron Collider

IMSI-Catch Me If You Can: IMSI-Catcher-Catchers (ACSAC) IMSI Catchers are used in mobile networks to identify and eavesdrop on phones. When, the number of vendors increased and prices dropped, the device became available to much larger audiences. Self-made devices based on open source software are available for about US$ 1,500. In this paper, we identify and describe multiple methods of detecting artifacts in the mobile network produced by such devices

Identifying Firewalls from the Outside-In. Or, "There's Gold in them thar UDP ports!" (Internet Storm Center) In a penetration test, often the key to bypassing a security control is as simple as knowing identifying the platform it's implemented on. In other words, it's a lot easier to get past something if you know what it is. For instance, quite often you'll be probing a set of perimeter addresses, and if there are no vulnerable hosts NAT-ed out for you, you might start feeling like you're at a dead end. Knowing what those hosts are would be really helpful right about now. So, what to do next?

Hack Your API First — learn how to identify vulnerabilities in today's internet connected devices with Pluralsight (Troy Hunt) A few years ago I was taking a look at the inner workings of some mobile apps on my phone. I wanted to see what sort of data they were sending around and as it turned out, some of it was just not the sort of data that should ever be traversing the interwebs in the way it was. In particular, the Westfield iPhone app to find your car caught my eye. A matter of minutes later I had thousands of numberplates for the vehicles in the shopping centre simply by watching how this app talked over the internet

IP Reputation and Spam Prevention: Working with Email Providers (TrendLabs Security Intelligence Blog) Today, spam may not be regarded as the most high-profile concern, but it's still a serious day-to-day threat. Every month, our users alone have to deal with billions of spam messages. These are also frequently used to deliver malware using attachments or links to malicious sites

Analyze VirusTotal Metadata to profile hackers (Security Affairs) An independent researcher has analyzed for years the metadata on submissions to VirusTotal service identifying patterns related to many bad actors

zAnti — Android Penetration Testing Toolkit (Free!) (Kitploit) zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety

Big Data is big noise (Help Net Security) Big Data was supposed to be the solution to all our security problems, but this spotlight on intruders turned out to be a mess of white noise. Hiding comfortably in that noise, however, are legitimate indicators that point to valid network threats, such as suspicious user behavior

Marketplace

Is Cyber Insurance A Good Idea For Your Retail IT Clients? (Business Solutions) With recent data breaches at companies like Target and eBay making headlines, the business world has explored the possible advantages of cyber insurance

Huawei Has Made Canada Nervous for Years (Motherboard) Two years after US officials slammed the Chinese telecom giant Huawei for its connection to the Chinese People's Liberation Army, the company is looking to expand in the Canadian market, which is perceived as being friendlier than the US

Why FireEye (FEYE) Stock Is Up Today (TheStreet) Shares of FireEye (FEYE_) rose 8.09% to $33.66 in late afternoon trading on Tuesday after news broke that Home Depot (HD_) may have suffered a major credit card breach

DISA issues Encore III sources-sought (C4ISR & Networks) The Defense Information Systems Agency is gearing up for the next iteration of one of its biggest contract vehicles for IT goods and services, the follow-on to its current Encore II contract

Sources Sought Notice — Information Assurance, Operations & Compliance, Systems, and Technology Support (Insurance News Net) The Defense Microelectronics Activity (DMEA) is a DoD Center for microelectronics technology, acquisition, transformation, and support. DMEA is composed of highly specialized engineering facilities and microelectronic engineers that work in close partnership with the major defense contractors and the semiconductor industry to provide support for fielded systems across all U.S. military organizations

Lockheed receives cyber certification (Gazette.Net) The Information Systems & Global Solutions business of Lockheed Martin of Bethesda is one of seven U.S. companies to receive Cyber Incident Response Assistance accreditation from the National Security Agency Information Assurance Directorate

Company news: New hires at Accuvant, ZeroFox and ThreatStream (SC Magazine) Renee Guttmann…has joined enterprise information security firm Accuvant as vice president in the Office of the CISO…Shane Shook has joined social risk management firm ZeroFOX as chief strategy officer…Juniper Networks, a Sunnyvale, Calif.-based networking equipment provider, has announced that it will be divesting its Junos Pulse mobile security products to a private equity firm for $250 million…BlackBerry has acquired Germany-based voice and data encryption firm Secusmart…Hugh Njemanze (left) has joined Redwood City, Calif.-based threat intelligence firm ThreatStream as CEO…IOActive, a Seattle-based information security services firm, has made two new appointments. Bradford Hegrat joined the company as industrial services director, while Jason Larsen was named a principal security consultant

John Cohen Joins BlueLine Grid from DHS (Sys-Con Media) BlueLine Grid today announced that John Cohen, former Principal Deputy Undersecretary for Intelligence and Analysis at the U.S. Department of Homeland Security has joined the Company to help formulate and execute its Public Safety market strategy

Research and Development

Quantum key distribution technology: Secure computing for the 'Everyman' (Phys.org) The largest information technology agreement ever signed by Los Alamos National Laboratory brings the potential for truly secure data encryption to the marketplace after nearly 20 years of development at the nation's premier national-security science laboratory

DARPA expands research offerings through its public web portal (FierceGovernmentIT) The Defense Advanced Research Projects Agency has made more of its research publicly available via its six-month-old public web portal called Open Catalog

Cyber Attacks, Threats, and Vulnerabilities

ISIS Jumping from Account to Account, Twitter Trying to Keep Up (Recorded Future) Open source analysis shows ISIS supporters will create a new Twitter account, usually under a similar name, immediately after

What Is ISIS Thinking? (Slate) As I noted in my last post, it?s a little hard to figure out ISIS?s strategy following its second videotaped execution of an American citizen in less than a month

New ISIS threat: America's electric grid; blackout could kill 9 of 10 (Washington Examiner) Former top government officials who have been warning Washington about the vulnerability of the nation's largely unprotected electric grid are raising new fears that troops from the jihadist Islamic State are poised to attack the system, leading to a power crisis that could kill millions

United States Counterterrorism Chief Says Islamic State Is Not Planning an Attack on the U.S. (Foregin Policy) The United States' senior counterterrorism official said on Wednesday that there is "no credible information" that the militants of the Islamic State, who have reigned terror on Iraq and Syria, are planning to attack the U.S. homeland. Although the group could pose a threat to the United States if left unchecked, any plot it tried launching today would be "limited in scope" and "nothing like a 9/11-scale attack"

Pakistani State owned PTV Sports channel website hacked to Support Protests (HackRead) Hacktivists are playing their role in on going political crisis in Pakistan, as a result hackers going with the group handle of Pakistan Haxors Crew hacked and defaced the official website of state owned PTV Sports Channel yesterday against killings and police brutality on protesters

Data: Nearly All U.S. Home Depot Stores Hit (Krebs on Security) New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company's stores across the nation

Victim to a mysterious cyber attack, Home Depot struggles to find out what went wrong (VentureBeat) Home Depot is sweating bullets

Home Depot urges credit monitoring vigilance (Threatpost) Home Depot told its customers today to monitor their bank and credit card accounts for fraud as it continues to investigate the "unusual activity" on its networks that could turn out to be one of the biggest data breaches in U.S. history

Home Depot breached, carders selling stolen payment card info (Help Net Security) The Home Depot, a popular American home improvement and construction retailer that boasts of 2,200 stores in the US and 287 abroad, has apparently suffered a data breach that compromised customer credit cards

Home Depot, Other Retailers Get Social Engineered (Dark Reading) Famed annual contest reveals how many retailers lack sufficient defenses against social engineering

The long game: How hackers spent months pulling bank data from JPMorgan (Ars Technica) Custom malware + lateral network moves = big problems for banking

Apple, please provide better protection for iCloud — Secure our Selfies! (Naked Security) Unless you've been on the moon this week, you will have heard about the Great Big Celebrity Naked Picture Theft

Blame Apple (Slate) Five reasons why celebrities and civilians should never trust Apple with nude photos, or any data at all

Celeb Hack: Is Apple Telling All It Knows? (Dark Reading) Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You're darn tootin'!

Are Cloud Services Safe? iCloud Breach Revives Debate (American Banker) Are cloud services secure enough for corporate use? It's a question bankers have pondered for at least a decade, and the iCloud breach illustrates both the pro and con arguments

Apple developer guidelines lead to rogue phone call risks in iOS (Naked Security) Web pages are all about hyperlinks. Usually, these link to other web pages, by specifying a URL such as

Goodwill Blames Credit Card Breach on Third-Party Vendor (SecurityWeek) Goodwill Industries International revealed on Tuesday that some of its customers' payment cards were compromised after the systems of a third-party vendor became infected with malware

'Harkonnen' espionage Trojan stole data from 300 European SMBs (TechWorld via CSO) Unknown malware used in attacks dating back to 2002

Semalt botnet hijacked nearly 300k computers (Help Net Security) The "Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn

Linux systems infiltrated and controlled in a DDoS botnet (Help Net Security) Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals

New file-encrypting ransomware called CryptoGraphic Locker (Bleeping Computer) A new file-encrypting ransomware was discovered today by BartBlaze called CryptoGraphic Locker. Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase the decryption key in order to decrypt your files. The initial cost to purchase the key is .2 BTC, or approximately $100 USD, which makes this one of the cheaper ransoms that we have seen in a long time. Though the ransom starts out small, there is a 24 hour timer built into the application that will increase the ransom amount each time it hits 0

Why CryptoWall ransomware will remain a shadow of CryptoLocker (CSO) CryptoWall lacks the technical sophistication and payment infrastructure to overtake its ransomware cousin

Attack hijacks DNS settings on home routers in Brazil (IDG via CSO) Attackers use cross-site request forgery techniques to change router settings when users visit malicious websites

VirusTotal mess means YOU TOO can track Comment Crew! (Register) Hackers backed by Beijing and Tehran appear to be cheapskates

CERT/CC enumerates Android app SSL validation failures (Threatpost) A growing compilation of close to 350 Android applications that fail to perform SSL certificate validation over HTTPS has been put together by the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University

WordPress plugins bogged down with CSRF, XSS vulnerabilities (Threatpost) A smattering of bugs, mostly cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities, have been plaguing at least eight different WordPress plugins as of late

Five San Diego Bartell Hotel locations fall victim to payment card theft (Hacksurfer) Bartell Hotels is notifying customers that its payment system at five San Diego locations was compromised, allowing the theft of credit card data. The affected locations are: Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel, and the Days Hotel-SeaWorld. The breach took place from February 16 to May 13

Internet predators (SecureList) Anyone using the Internet is at risk, regardless of age and regardless of what they like to do online. Cybercriminals can deploy an impressive arsenal, targeting everyone from schoolchildren to pensioners and following them whether they are logged on to social networks, checking the latest headlines or watching their favorite videos. Internet scammers want access to our money, our personal data and the resources of our computer systems. In short, they want anything that they can profit from

First Look: Hire a DDoS attack for less than $600 — Celeb hack fallout continues — Another day, another breach (Politico Morning Cybersecurity) First Look: Hire a DDoS attack for less than $600

Academia

Open University teams with UK government to offer free cyber security course (IT Pro) Government-backed course designed to inspire next generation of cyber security experts

Companies work with local colleges to prepare future workforce (SunSentinel) Nipro Diagnostics launched an internship program last year and was surprised by the lack of interest

Litigation, Investigation, and Enforcement

We'd All Benefit if Celebs Sue Apple Over the Photo Hack (Wired) David Vladeck believes Apple will likely be sued after hackers grabbed nude photos that celebrities stored on the company's iCloud service

FBI investigating whether Scott contractor was a hacker (Air Force Times) The FBI is investigating whether a civilian cybersecurity specialist at Scott Air Force Base, Illinois, stole passwords and other login information from government personnel in Maryland

Massachusetts court rules that Appthority infringed Veracode patents (Inside Counsel) Doug Kline, chair of Goodwin Procter's IP Litigation Group, shares insights on the rulings in Veracode, Inc. and Rovi Solutions v. Appthority, Inc

Racing Post dodges ICO data breach fines (Computerworld via CSO) Chief executive forced to sign a publicised contract to improve company's data security instead

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters, and works-in-progress. Our speakers, presenters and instructors are experts involved in applied security work and research. Collectively, we explore practical solutions for computer security challenges across all phases of the system life cycle. ACSAC highlights the overall threat landscape, latest hacks and exploits, and the best prevention and defense innovations

upcoming Events

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14 (Balkan Computer Congress) (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.