The CyberWire Daily Briefing 09.10.14

Summary

By The CyberWire Staff

The Islamic State draws hacktivist attacks, so its gruesome propaganda are at least in some circles proving self-defeating. The US Treasury Department is also working to choke off IS financial windpipe. (Treasury involvement suggests cyber law enforcement as part of the effort.)

Israeli security firm ClearSky finds the Gholee Trojan dropper in pro-Palestinian malware spread with Gaza phishbait. Gholee's structure and sophistication, ClearSky argues, indicates Iranian involvement in the cyber campaign.

Researchers at the University of New Haven report data leaks in many popular Android personal messaging apps.

Investigators continue to debate (metaphysically, in some respects) whether Home Depot's breach was accomplished by the same BlackPOS malware responsible for Target's. Observers note, sympathetically, how difficult retailers find it to prevent or mitigate such attacks. Banks are often the first to notice, and, while threat sharing is improving, it remains slower than all would like.

Cyber criminals are exploiting iCloud security worries in phishing campaigns that seek login credentials. Wired reports that crime may have indirectly paid for Reddit (which itself is not accused of any crime): the magazine thinks Reddit made enough from celebrity picture views to run its servers for a month.

Heartbleed, still imperfectly patched, seems not to have been exploited before its disclosure. Thus concludes a consortium of university researchers, whose findings would tend to exonerate NSA and GCHQ of accusations that they kept the vulnerability quiet with a view to using it themselves.

Microsoft and Adobe get their Patch Tuesday reviews.

Apple Pay is cautiously received.

Notes.

Today's issue includes events affecting Australia, Estonia, European Union, India, Iran, Israel, New Zealand, Palestinian Territories, Russia, Ukraine, United Kingdom, United States

The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events. We also plan to cover the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, which promises an interesting set of speakers and sessions.

Selected Reading

Cyber Trends

Banks Reacting Faster to Card Breaches (BankInfoSecurity) Post-breach fraud window closing, but problems persist. Suspicions about a possible data breach at Home Depot arose, as in past breaches, after a big batch of stolen payment cards surfaced on an underground marketplace, selling for about $50 each

Officials worry about 'cyber Fort Hood' (Politico) An official says a 'self-radicalized insider' in IT could cause significant harm. The most dangerous cybersecurity threat facing U.S. military and intelligence agencies might not be another Edward Snowden aiming to steal secrets, but rather a rogue IT administrator bent on destruction of critical infrastructure, a senior Intelligence official told POLITICO

WH Official: Cyber coverage will be a basic insurance policy by 2020 (Nextgov) By 2020, private firms will be buying cybersecurity insurance when they sign up for product liability coverage and other basic policies, a top White House cyber official said Monday

Is International Hacking an Act of War? (Willis Wire) Historians will tell you that, despite the bloodshed in the Middle East and Africa, we are currently in one of the most peaceful periods in human existence. However, this era of ostensible peace has us wondering what future war will look like. Recent events may have answered that question. American financial institutions, however, may not like the answer

What U.S. organizations should know about foreign state-sponsored cyberattacks (VentureBeat) In recent weeks, reports have surfaced about several cyberattacks that targeted patient health records, critical infrastructure intelligence, employee data and personal financial and credit card information

Apple iCloud Hack's Other Victim: Cloud Trust (InformationWeek) Our flash poll finds users feel more vulnerable about cloud security in general. No wonder: Apple's opening statement of indignation now sounds a little hollow

Study: 15 Million Devices Infected With Mobile Malware (Dark Reading) Sixty percent of the infected devices run Android

Information commissioner: 'apps are failing to respect user privacy' (Guardian) Most apps do not disclose what they do with users' information, says ICO report, while many 'leave users struggling to find basic privacy information'

Legislation, Policy and Regulation

Who Will Defend Tomorrow's Digital Countries? (Atlantic) Estonia is offering virtual citizenship to millions. They will need real military protection

New U.S. cyber target: digital Russian strategic command (Flash Critic) Russia announced this week that it is upgrading its strategic missile forces with a fifth-generation automated digital command and control network that is a strategic target for U.S. cyber warriors

Intelligence Challenges Grow, Available  Resources Decline (SIGNAL) External threats and public revelations are only part  of the large menu of setbacks confronting the community

Tech industry groups ask Senate to 'swiftly pass' NSA curbs (Computerworld) The coalition of tech industry groups say the NSA's surveillance practices have led to an erosion of trust that was affecting their business abroad

Let's pass cybersecurity legislation (The Hill) A bipartisan group of members in Congress are advancing legislation on an issue that deserves all of our attention — cybersecurity

The Senate must act to protect Americans from cyber crime (The Hill) Cyber criminals stealing private celebrity photos is just the tip of the iceberg. On a daily basis, hackers threaten to devastate our nation's economy and security. But Senate Democrats don't seem to understand the magnitude of the problem. For more than a year, the Senate has refused to consider common-sense cybersecurity legislation passed by the House of Representatives with strong bipartisan support. Meanwhile, the threat is growing

MeriTalk: Gov't Adopting Cloud but Concerned over Data Stewardship (ExecutiveGov) MeriTalk has released the findings of a study underwritten by NetApp and Arrow indicating that federal agencies are looking to expand their use of cloud but many remain wary about its potential impact to operations

The Cyber-Terror Bank Bailout: They're Already Talking About It, and You May Be on the Hook (Bloomberg BusinessWeek) Bankers and U.S. officials have warned that cyber-terrorists will try to wreck the financial system's computer networks. What they aren't saying publicly is that taxpayers will probably have to cover much of the damage

Nancy Pelosi Presses FCC to Ban Internet 'Fast Lanes' (Nextgov) House Minority Leader Nancy Pelosi wants to give federal regulators sweeping new powers over Internet access

How Wednesday's 'Internet Slowdown' is supposed to work (Washington Post) Wednesday, forces aligned in favor of stronger net neutrality rules will rally under the banner of Internet Slowdown Day, the latest push to funnel the public's attention to the Federal Communication Commission's on-going rulemaking on open Internet principles and practices

Companies that sell network equipment to ISPs don't want net neutrality (Ars Technica) IBM, Cisco, Intel, and Sandvine ask US not to regulate broadband as a utility

Army activates its first cyber protection brigade (Army Times) The Army on Sept. 5 activated a new Cyber Protection Brigade — the first of its kind in the Army — at Fort Gordon, Georgia

The Positive Side of Cyber (SIGNAL) All too often, the topic of cyber presents a negative view of vulnerabilities and attacks, but cyber has a positive role to play in national defense, said Lt. Gen. Edward Cardon, USA, commanding general, U.S. Army Cyber Command

Products, Services, and Solutions

Security questions you should ask about Apple Pay (CSO) While promising, the strength of Apple Pay security won't be fully known until it is tested by hackers and security pros

RSA Turns the Table on Cyber Attackers (MarketWatch) New RSA® Advanced Security Operation Center Solution arms security teams with new tools to help identify undetected threats that often result in data breaches

Bitcoin bank uses security to sway opinion on virtual currency (FierceITSecurity) Many Bitcoin enthusiasts believe the function behind the new tech is already superior to fiat currencies, and the reasons virtual currencies haven't taken over the world yet are perception based

Gemalto Unveils Mobile Payments Security Hub (Light Reading) Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today introduces its Allynis Trusted Services Hub, a turnkey business service that enables financial institutions, enterprises, transport operators and more generally all digital service providers to benefit from a single connection in order to securely deploy their value-added and mobile payment services across a comprehensive portfolio of smartphones and mobile networks around the world

IBM M5 x86 servers come with security and efficiency features (Infotech Lead) Enterprise IT vendor IBM said its M5 portfolio of x86 servers come with innovations in security and efficiency — targeting mission-critical applications

Lacoon Collaborates With AirWatch to Manage and Reduce the Risks iOS and Android Devices Pose to Enterprises (Sys-Con Media) Lacoon provides additional layers of security for customers through a platform to assess, detect and mitigate risk

Porticor, nScaled Combine DRaaS and Encryption (Channelnomics) Customers wary of ascending to the cloud because of security and business continuity concerns: Take heart — vendors appear to be working overtime to put out solutions aimed at assuaging your fears

Juniper expands threat intelligence for more effective network defense (CSO) You may have heard that two heads are better than one — the basic premise being that different perspectives bring more to the table and enable the combined team to make better, more effective decisions. The same thing is true when it comes to threat intelligence and network security, which is why Juniper Networks is expanding the capabilities of its Spotlight Secure platform

Cyber Threat Intelligence Feeds (The Cyber Threat) The discipline of cyber threat intelligence focuses on providing actionable information on adversaries. This information is becoming increasingly important to enterprise cyber defense. This importance has resulted in investment and creation of many new/innovative sources of information on threat actors. This brings challenges of its own. How do you know which source to turn to for what reason? And at an even higher level, how do you know which sources to even consider?

Technologies, Techniques, and Standards

ONC drops 2015 'voluntary' EHR certification criteria, revises 2014 edition (FierceEMR) The Office of the National Coordinator for Health IT has issued a new final rule that makes the 2014 edition of certification criteria more flexible and folds in some of the criteria that had been proposed in its 2015 voluntary edition of electronic health record certification criteria, which the agency has opted to abandon

Content Security Policy (CSP) is Growing Up (Internet Storm Center) We have talked here about Content Security Policy (CSP) in the past. CSP is trying to tackle a pretty difficult problem. When it comes to cross-site-scripting (XSS), the browser and the user is usually the victim, not so much the server that is susceptible to XSS. As a result, it makes a lot of sense to add protections to the browser to prevent XSS. This isn't easy, because the browser has no idea what Javascript (or other content) to expect from a particular site. Microsoft implemented a simple filter in IE 8 and later, matching content submitted by the user to content reflected back by the site, but this approach is quite limited

Have Microsoft's Update Problems Changed Your Patching Policies? (Windows IT Pro) At one time or another, we've all experienced the pains of patching Microsoft products. It sometimes seems to be a never ending battle to test, test, test again, roll out updates and still be nipped in the butt. And, even though it can't be helped, it's the IT Pros that get blamed and heaped on the responsibility of fixing blue screens and hardware and application problems brought on by poorly designed updates

Cyber-Target Categorization (Science 2.0) The purpose of this article is to present a framework and a method for cyber-target categorization. The framework contains factors, which influence on cyber targeting process and the presented categorization method provides an example, how cyber-targets could be categorized to support targeting decision making

How a large ISP fights DDoS attacks with a custom solution (Help Net Security) DDoS attacks are a growing problem. In July, Arbor Networks released global DDoS attack data derived from its ATLAS threat monitoring infrastructure that shows a surge in volumetric attacks in the first half of 2014 with over 100 attacks larger than 100GB/sec reported

How to Protect Yourself From Big Bank-Card Hacks (Wired) With hackers stealing millions of credit and debit card numbers with seeming impunity from Target, Home Depot, and other retailers lately, it might seem as if there's nothing the average consumer can do to protect themselves

How a DNS Sinkhole Can Protect Against Malware (Infosec Institute) The Domain Name Service (DNS) is an integral part of Internet access. It translates human-recognized domain names into computer-readable IP addresses in order to facilitate online communication and connection between devices

How to Use the Information-Seeking Mantra in Cyber Intelligence Dashboards (Recorded Future) In the previous post, we got a glimpse of two important contributions of Edward Tufte to the field of data visualization: chartjunk and sparkline charts. Today, we'll be looking at another data visualization guru whose work can have a profound impact on your cyber intelligence project. We'll be discussing Ben Shneiderman's information-seeking mantra

The 21 most common misconfigurations that will come back to haunt you! (GFI Blog) Have you ever heard the phrase "if it ain't broke, don't fix it"? If you have, then you know sometimes it is best just to leave it alone. But no sysadmin worth their Ethernet cable can resist poking at new things in an attempt to figure out how they work. It is how we all got to the level we are now, and how we will advance to the next level. Sometimes, however, poking at things with a sharp stick can get us into trouble, and this list describes the 21 most common misconfigurations that will come back to haunt you, because poking at things randomly means trouble if you don't pay attention to the outcome!

Building Trojan Hardware at Home (Ethical Hacking) Malware, Viruses and Trojan horse can destroy your computer and network; most of the time they are software based, but have you ever imagined that a hardware based trojan might also destroy or simply steal private information from your computer; consider a recent celebrity hack

Treading the Line Between Security & Productivity (Baseline) Baptist Health's security plan encompasses two key issues: making printers secure and making security easy to implement so it does not decrease productivity

Symantec conducts mock drill to check cyber readiness of companies (Economic Times) Forty IT security executives from over two dozen companies last week saw themselves cross over to the other side — the executives who protect a firm's security system were instead trying to break into a website

Marketplace

How Many Contractors Run Fed IT? (GovInfoSecurity) Agency oversight of vendors makes answering that query hard

Is Apple endangering privacy to cut costs? (FierceITSecurity) As Apple prepares to launch two iPhone 6 versions and a rumored iWatch, some are questioning whether Cupertino's reputation for iron-clad security is deserved

HP showcases security software that look to detect infected and compromised computers (Networkworld) At its HP Protect Conference in Washington, D.C. this week, HP is taking the wraps off new security products that aim to detect infected and compromised machines as well as server-based software that makes use of so-called "run-time" self-protection to keep from getting infected in the first place

Watchful Software Closes Expansion Capital Round to Fuel Continued Growth (Bloomberg BusinessWeek) Watchful Software, a leading provider of data-centric information security solutions, announced today that it has received an equity investment from Hudson Fairfax Group, LP, a strategic investment firm with offices in New York, Washington, DC, and London specializing in business development, sales acceleration, and financial management of high growth companies in the cybersecurity sector

Your Network Is Already Hacked, But LightCyber May Be Able To Save You (TechCrunch) The Tel Aviv-based security startup LightCyber has some bad news for enterprises — their networks have already been compromised

CyberArk Advances Threat Analytics to Identify New Types of Malicious Privileged Behavior Across Systems and Users (Broadway World) CyberArk, the company securing the heart of the enterprise, today announced CyberArk Privileged Threat Analytics 2.0, an expert system for privileged account security intelligence. The expanded analytics includes new self-learning, behavior-based algorithms, enabling customers to detect attacks faster by pinpointing malicious privileged account activity previously hidden in the sheer volume of information collected by big data analytics solutions

FireEye Inc. (NASDAQ:FEYE) Revenues to be stretched with the Acquisition of Mandiant (BasicsMedia) FireEye Inc. (NASDAQ:FEYE) was surging on Monday trading session after its stock was upgraded by UBS AG (NYSE:UBS), from a 'Hold' rating, to a 'Buy.' In an interview on CNBC UBS Managing Director, Brent Thill, argued that the upgrade came at the back of the ongoing growth being experienced on the cyber solutions landscape

Meet The Company That Helped Twitter Launch Its Bug Bounty Program (Business Insider) Last week Twitter unveiled a brand new bug bounty program that pays security researchers (or hackers) to report vulnerabilities on its platform

Viscount Announces New Contract to Secure Sites for the U.S. Department of Homeland Security (Herald Online) Viscount Systems (OTCQB:VSYS), a leading provider of IT-based security software and services, today announced that it has been awarded additional contracts to secure U.S. Federal Government facilities in the state of New York for the Department of Homeland Security — United States Citizenship and Immigration Services (USCIS)

Federal agency to end contracts of background-check contractor USIS (AP via Stars and Stripes) The federal Office of Personnel Management plans to terminate its massive contracts with USIS, the major security clearance contractor that was targeted last month by a cyberattack, several officials said Tuesday. The computer network intrusion compromised the personal files of as many as 25,000 government workers

ForeScout bolsters European operations (Channel Pro) ForeScout adds key personnel in EMEA to meet demands for its network security platform

Guidance Software Appoints Ken Yearwood as Sales Director, Northern Europe (MarketWatch) Guidance Software, Inc. GUID, -2.81% the World Leader in Digital Investigations™, today announced the appointment of Ken Yearwood as sales director for Northern Europe

Invincea Adds Amit Yoran and Tim Belcher to Advisory Team (Consumer Electronics Net) RSA senior exec Yoran takes independent board seat; NetWitness co-founder Belcher joins as strategic advisor

Research and Development

DARPA is after vulnerabilities in algorithms implemented in software (Help Net Security) The Defense Advanced Research Projects Agency (DARPA) is looking for new program analysis techniques and tools to enable analysts to identify vulnerabilities in algorithms implemented in software used by the US government, military, and economic entities, and has announced it will be accepting research proposals on the subject until October 28

Security Patches, Mitigations, and Software Updates

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing (Naked Security) Patch Tuesday for September 2014 is here, bringing us security fixes from Adobe and Microsoft

Microsoft Security Bulletin Summary for September 2014 (Microsoft Security TechCenter) This bulletin summary lists security bulletins released for September 2014

EMET, AV Disclosure Leak Plugged in IE (Threatpost) The Operation SnowMan espionage campaign, which targeted military intelligence earlier this year via an Internet Explorer zero day, exposed a weak spot in Microsoft's vulnerability management efforts. What was unique about the SnowMan operation is that it included a check as to whether the compromised computer was running Microsoft's Enhanced Mitigation Experience Toolkit (EMET), and if so, the attack would not execute

Cyber Attacks, Threats, and Vulnerabilities

The Unlikely Alliance of Hackers Fighting the Islamic State (Mashable) A motley crew of unlikely allies are taking on the Islamic State online, taunting them, taking down Twitter accounts and allegedly jamming the group's communications, among other things

'Scottish independence link' to ISIS Scots hostage (Scotsman) Islamic extremists are threatening to kill Scottish aid worker David Haines to help secure a Yes vote in the independence referendum, an intelligence expert has claimed

Clearsky detected Gholee malware — The Israel-Gaza Conflict Takes to the Cyber-Arena (Security Affairs) Experts at Clearsky detected the Gholee virus which was likely developed by highly qualified factors, which may even be related to Israel's long-time nemesis Iran

Researchers find data leaks in Instagram, Grindr, OoVoo and more (C/NET) Private messaging isn't so private, say University of New Haven researchers who found Android apps transmitting and storing unencrypted images, chats, screenshots and even passwords

Home Depot Breach Linked to Target's? (BankInfoSecurity) Experts say BlackPOS malware is likely common thread

BlackPOS v2: New variant or different family? (Nuix: Unstructured) Media outlets have been abuzz the past week or so about a supposedly new variant of the infamous BlackPOS malware family

Home Depot breach reveals how challenging it is to ward off data theft (Washington Post) As Home Depot scrambles to determine the scope and scale of a potentially massive breach of its customers' data, the retailer's troubles underscore the challenges facing retailers and card issuers attempting to gird themselves against cybercriminals

Phishing miscreants are THWARTING securo-sleuths with AES crypto (Register) Well, at least someone listened to Snowden about privacy

25 varieties of malware aimed at Mac OS X this year (Trusted Reviews) Apple's computers have traditionally been less plagued by malware than PCs, but now a security firm has warned that hackers are taking aim at the Cupertino company's computers with 25 varieties of malware

Warning as hackers target Apple's iCloud (BBC) Cyber-thieves are exploiting the furore around iCloud by launching a phishing campaign that seeks to steal Apple IDs

Hacked Celeb Pics Made Reddit Enough Cash to Run Its Servers for a Month (Wired) If you saw Kate Upton or Jennifer Lawrence naked last week, there's a good chance you saw them on the social news site Reddit

For $390 you can buy an illegal Harvard email account on China's biggest online marketplace (Quartz) A gas can full of snake bile, breast-milk soap, the head of Tom Cruise — those are just some of the odd things you can buy on Alibaba's Taobao, China's biggest consumer-to-consumer online marketplace. Add to that an fake or stolen university email addresses. In an investigation last week, IT security company Palo Alto Networks found email accounts from 42 universities for sale on Taobao, ranging from 0.98 yuan to 2,400 yuan ($0.16 to $390)

Personal data stores found leaking online (BBC) Thousands of Britons could be inadvertently sharing their digital secrets with anyone who knows where to click, suggests a BBC investigation

Research finds no large scale Heartbleed exploit attempts before vulnerability disclosure (Threatpost) In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations — perhaps the NSA — that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but traffic data collected by researchers on several large networks shows no exploit attempts in the months leading up to the public disclosure

Heartbleed patch efforts ignored on thousands of websites (TechTarget) Data from McAfee shows many organizations have yet to fully patch the Heartbleed vulnerability, and as many as 300,000 websites remain at risk

Academia

There aren't enough teachers with coding skills (Marketplace) The looming shortage of coders and programmers in the tech industry has been well-documented. There are about a million (er, give or take) digital job openings predicted in the next decade, which has some schools mandating coding class. But where are the teachers?

Naval Academy works on accrediting cybersecurity major (AP via Stars and Stripes) A U.S. Naval Academy dean says he's hoping to have cybersecurity accredited as a major by 2016. No U.S. school currently has a cybersecurity degree accredited by a leading organization, and the academy hopes to be among the first

Southern Methodist University Cybersecurity Program Trains Tomorrow's Data Defenders (Government Technology) The university is one of 44 institutions that are designated by the NSA and Department of Homeland Security as a National Centers of Academic Excellence in Information Assurance/Cyber Defense

National Security Institute to open on Computer Science Technology Day (Statesman) Stony Brook University is starting a National Security Institute on campus as a result of grants from the NYSUNY 2020 vision plan. The university plans to hire six tenure-track faculty members for the cybersecurity-focused institute during the next few years, according to the university's website

Litigation, Investigation, and Enforcement

Campaign Aims to Block Oil Revenues, Deny Extremists' Access to Global Financial System (Wall Street Journal) The U.S. Treasury Department and Washington's allies are ramping up efforts to hit Islamic State's finances, particularly focusing on steps to choke off its oil sales, its donations from the Persian Gulf and its extortion rackets

Estonian Officials Meet With Detained Security Officer in Russia (Wall Street Journal) Estonian officials said Tuesday they had met with Eston Kohver, the Estonian security officer at the center of rising tension between Tallinn and Moscow, who is being held in a Russian jail accused of spying

AFP to embark on international placements in cybercrime fight (ZDNet) The Australian Federal Police is about to embark on a number of strategic placements within international crime fighting agencies, in a bid to take its fight against cybercrime offshore, according to its head of Cyber Crime Operations, Glen McEwan

Senators call for investigation of Home Depot breach (TechWorld) A recent breach raises questions about the company's data protection practices, two senators say

Microsoft agrees to contempt order so e-mail privacy case can be appealed (Ars Technica) The contempt order doesn't include any sanctions, but those could be sought later

Google grapples anew with EC in the search/advertising antitrust swamp (Naked Security) In a surprise move, the European Commission has poked the sleeping dragon by yet again reopening a four-year antitrust investigation into Google's search and advertising business

Kim Dotcom will get back computers seized during Megaupload raid (Ars Technica) Dotcom gets "clones" of his devices, as long as he gives passwords to NZ police

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Hill AFB Technology & Cyber Security Day (Hill Air Force Base, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB

upcoming Events

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.