The CyberWire Daily Briefing 09.12.14

Summary

By The CyberWire Staff

Two new Chinese APT units, "Moafree" (operating from Guandong) and "DragonOK" (based in Jiangsu), are looking for intellectual property, mostly in Japan and Taiwan. FireEye's discovery prompts observation that cyber attacks can now be "mass produced," and cyber campaigns "franchised." (Threatpost close reads the reports and concludes oil and gas exploitation in the South China Sea would be China's goal.)

The Gmail credential...well, leak? publication? still seems nothing that can't be dealt with by even a modicum of Internet hygiene, and Google's no-worries-here take on the episode appears confirmed.

Researchers from nuix and CBTS see enough significant differences between the malware used against Target and that found in the Home Depot hack to conclude that BlackPOS wasn't after all used in the more recent attack. (Their discussion of malware classification is interesting.)

Trend watchers think Apple Pay may disrupt — in a security-positive way — the pay card industry. Widespread consumer adoption will, they think, be key.

All industrial sectors seem broadly to agree that threat intelligence sharing is vital to security, but such cooperation is proving difficult to achieve, especially without supporting legislation. The usual concerns — litigation, reputational damage, etc. — inhibit collective defense. (Big data's glare-of-war challenges also remain to be overcome.)

Schneier points to studies of password managers: their security merits scrutiny.

The US lines up regional intelligence support against ISIS. The European Union and the US announce fresh sanctions against Russia over its Ukrainian incursions. Russia promises "asymmetric" retaliation: watch for cyber campaigns. The reconnaissance has already been done.

Notes.

Today's issue includes events affecting Australia, China, European Union, Japan, Jordan, Iraq, Republic of Korea, New Zealand, Russia, South Africa, Syria, Taiwan, Ukraine, United States

The CyberWire will be providing special coverage of the 2014 Cyber Security Summit, convening in New York on September 18. Watch for interviews and live coverage of Summit events. We also plan to cover the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, which promises an interesting set of speakers and sessions.

Selected Reading

Cyber Trends

How Apple Pay could make the Target and Home Depot breaches a thing of the past (IDG via CSO) The launch of Apple's mobile payment system could prove a turning point in the battle to secure your debit and credit card information from hackers

Apple Pay: A Necessary Push To Transform Consumer Payments (Dark Reading) Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic

Envisioning a Collaborative Approach to Cybersecurity (Corporate Counsel) Unless Congress acts on a major cybersecurity bill this session, the U.S. will face "a major catastrophic event" that takes down an American company or institution in the next 18 months, according to Rep. Michael Rogers, R-Mich., chairman of the U.S. House of Representatives Select Committee on Intelligence

Information Sharing on Threats Seen as a Key for Auto Makers (Threatpost) A small segment of the security research community has been spending a lot of time tearing apart the innards of various vehicles and looking at ways that the computers and local networks that reside in modern cars can be hacked. There has been some remarkable success on this front, and while auto makers haven't paid much attention so far, the acting head of the National Highway Traffic Safety Administration says that it's time they did

Why Turning Data Into Security Intelligence Is So Hard (Security Intelligence) I was hanging out in a local graveyard a few years ago doing math on the ages of the people buried there when it suddenly occurred to me why turning massive volumes of data into security intelligence is so hard

The systems is REALLY broken — even the banks don't get ICS cyber security (Control) Several months ago I was approached by an executive at a large bank. The concern was cyber security of their building controls and the lack of a bridge between the IT security people and the building controls people

Privacy, Security & The Geography Of Data Protection (Dark Reading) Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?

Nearly Half of Businesses Surveyed by Pwnie Express Say They Don't Thoroughly Assess Security at Remote and Branch Locations (Digital Journal) Nearly half of businesses surveyed don't assess their wireless assets at remote and branch locations, leaving the entire organization exposed to cyber attack

Consumers worried about call centre security, new survey reveals (Graham Cluley) We're all becoming far too familiar with stories of large organisations being hacked and sensitive information being stolen

Most people still unconcerned about privacy threats (Help Net Security) While cyber thieves continue to breach major corporations such as JP Morgan and, just last week, the Salvation Army and Home Depot, Americans still seem to be unconcerned about the growing cyber crisis, according to idRADAR

29 data losses per day as ANZ companies struggle with security (IT Brief) A staggering 90 percent of Australian and New Zealand organisations experienced data loss events, according to Check Point Software Technologies' 2014 Security Report

Malicious Web access skyrockets (ITWeb) The threat of unknown malware is on the increase, says Doros Hadjizenonos, Check Point's sales manager for SA. Hackers have stepped up their game so as to infiltrate organisations, mainly for financial gain

Legislation, Policy and Regulation

The Mouse That Roars (Foreign Policy) Tiny Jordan's spies have helped the United States hunt down some of its most dangerous enemies. Now Obama is hoping those spooks can beat the Islamic State

E.U. tightens sanctions against Russian banks, defense companies and individuals (Washington Post) The European Union's new economic sanctions against Russia will go into effect Friday, for the country's involvement in the Ukraine crisis. The U.S. is scheduled to outline to outline a new series of sanctions Friday

Treasury expands sanctions on Russia over Ukraine conflict (MarketWatch) The Treasury Department announced expanded sanctions against Russian businesses on Friday in response to "continued Russian efforts to destabilize eastern Ukraine." Russia's largest bank, Sberbank, will no longer have access to long-term debt financing from the U.S. In addition, the U.S. is blocking the assets of five state-owned defense-technology firms. U.S. companies will also be blocked from cooperating with five firms in the Russian energy sector, including Gazprom gazp Lukoil and Rosneft rosn

Putin's new counter-sanctions are aimed at selling more Russian stuff, not punishing the West (Quartz) With draconian new western sanctions looming today, Russian president Vladimir Putin is planning what his aides call "asymmetric" retaliation. But rather than punishing the West directly, he seems to be pushing to make Russia more economically self-reliant — while also taking care not to rile Russians who are accustomed to a wide range of western goods

Official: US laws need to be updated to help DHS better tackle cyber threats and attacks (FierceHomelandSecurity) A top Homeland Security Department official told Senate lawmakers Sept. 10 that Congress needs to update laws to help the department better tackle the growing threat of cyber threats and attacks

Gillibrand: On The 13th Anniversary Of 9/11, Let's Help Businesses Fight Cyber Terrorism (Forbes) Nearly every day now, news of a new cyber-attack possibility hits the front pages: Credit card theft, hacked hospitals, or even a "Fort Hood in cyberspace." To most of us whose lives don't typically intertwine with the tech industry, these digital crimes lack the immediacy of fear-inducing physical threats. But a well-planned cyber-attack could certainly cause the kind of damage we would expect from a natural disaster or a violent terror attack

Dropbox Calls For Support Of The Senate's NSA Reform Bill (TechCrunch) This morning, Dropbox released new information detailing government requests for its user data, and information about certain user accounts. The company also called for the passage of the Senate's version of the USA FREEDOM Act

Privacy advocates, tech companies nudge Congress to protect 'abandoned' e-mails (Washington Post) Ranging from Adobe to the ACLU, from Facebook to FreedomWorks, and from Twitter to the Taxpayers Protection, a coalition of more than 80 civil liberties groups and tech companies has sent a pair of letters to Congress meant to nudge the House and Senate into moving ahead with a vote on legislation that would require e-mails stored longer than six months to be accessed only by a warrant

Settling Cyber Differences (SIGNAL) Military officials will attempt to reach agreement on critical cyber issues

Army Cyber Chief: Let's Get Closer To Industry (Defense News) To keep pace with rapid changes in the cyber domain, the military needs "a much tighter relationship between industry and government," the head of U.S. Army Cyber Command said Thursday

Did You Know You Had Diabetes? It's All Over the Internet (Bloomberg) Dan Abate doesn't have diabetes nor is he aware of any obvious link to the disease. Try telling that to data miners

Products, Services, and Solutions

What security experts think about Apple Pay (Help Net Security) Apple announced Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID

Cimcor Releases CimTrak 2.0.6.18 with Web Based Security Dashboard and Policy Manager (IT Business Net) Cimcor, Inc. announced a major new version of their file integrity monitoring and compliance software suite, CimTrak Version 2.0.6.18

Technologies, Techniques, and Standards

Your configuration files are showing (CSO) One of my favorite activities is using search engines to hunt for things that, realistically, I should not be able to find. Recently, I was able to find thousands of sites with their databases exposed. This time I was able to unearth a treasure trove of configuration files on a wide range of devices. These configuration files showed routes, rules and even passwords

Security of Password Managers (Schneier on Security) At USENIX Security this year, there were two papers studying the security of password managers… It's interesting work, especially because it looks at security problems in something that is supposed to improve security

Password Managers: Attacks and Defenses (Stanford University) We study the security of popular password managers and their policies on automatically filling in Web passwords. We examine browser built-in password managers, mobile password managers, and 3rd party managers. We observe significant differences in autofill policies among password managers. Several autofill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. We experiment with these attacks and with techniques to enhance the security of password managers. We show that our enhancements can be adopted by existing managers

The Emperor's New Password Manager: Security Analysis of Web-based Password Managers (USENIX) We conduct a security analysis of five popular web-based password managers. Unlike "local" password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies. Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords. The root-causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF and XSS. Our study suggests that it remains to be a challenge for the password managers to be secure. To guide future development of password managers, we provide guidance for password managers. Given the diversity of vulnerabilities we identified, we advocate a defense-in-depth approach to ensure security of password managers

Are free file storage solutions a safe bet for businesses? (Help Net Security) The benefits of cloud computing are becoming increasingly recognized, and with this heightened understanding comes growing numbers of UK businesses that are embracing the use of the cloud for the storage of data

Hacker publishes tech support phone scammer slammer (Register) Now who's got a 'security problem on your computer'?

Marketplace

Startup Uncovers Flaws In Mobile Apps, Launches New Security Service (Dark Reading) Wandera says only one of seven US employees is given any guidance on mobile security by the employer

Rook Security Takes Top Honors For Most Innovative Managed Security Service At Golden Bridge Awards (Herald Online) Latest accolade adds to growing list of industry recognition garnered by rapidly expanding Indiana security consulting and managed services firm

Frost & Sullivan Names Procera Networks' President and CEO James Brear a Silicon Valley Legend at GIL 2014 (IT Business Net) Procera Networks, Inc. (NASDAQ: PKT), the global Subscriber Experience company, today announced that president and CEO, James Brear, will be honored as a Legend of Silicon Valley

Research and Development

DHS Transition To Practice Program Aided By Sandia Cyber Testing (Homeland Security Today Staff) Cybersecurity technologies developed at Sandia National Laboratories and at other federal labs "now stand a better chance of finding their way into the real world" through the Department of Homeland Security's Transition to Practice (TTP) program

Head of DHS's R&D arm says new strategic plan will better meet user needs (FierceHomelandSecurity) The head of the Homeland Security Department's research and development arm told lawmakers Sept. 9 that the long-term strategy that his organization is currently developing will better meet what Border Patrol agents and other end users need to do their jobs

Security Patches, Mitigations, and Software Updates

US-CERT Warns of Vulnerability in Cisco Baseboard Controller (Threatpost) US-CERT today released an advisory warning of a vulnerability in Cisco's Integrated Management Controller (IMC). Cisco released an update that patches the security hole

Cisco Unified Computing System E-Series Blade Servers Cisco Integrated Management Controller SSH Denial of Service Vulnerability (Cisco) A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition

Microsoft patch fixed IE flaw used against U.S. military (CSO) Microsoft's batch of patches released this week for Internet Explorer included a fix for a vulnerability exploited in February by hackers hunting for U.S. military secrets

Cyber Attacks, Threats, and Vulnerabilities

Chinese Hacking Groups Team Up Against Government, Military Systems (Threatpost) Two Chinese cyber espionage campaigns are working in tandem in hopes of sniffing out trade secrets from surrounding nations

The Path to Mass-Producing Cyber Attacks (FireEye Blog) Lines of people, lines of parts. The modern production line is composed of individuals contributing to a larger process. This common manufacturing approach is efficient, effective, and profitable

Franchising The Chinese APT (Dark Reading) At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds

Massive Gmail credential leak is not result of a breach (Help Net Security) By now, you might have heard that there has been a leak of a nearly 5 million username and password combinations associated with Google accounts

Google Locks Down Stolen Credentials (BankInfoSecurity) Search giant says its systems were not breached

What you need to know about the Gmail password compromise (Computerworld via CSO) There's no need to panic about the nearly five million compromised Gmail passwords that appeared in a Russian Bitcoin security forum this week, according to Google

Home Depot Breach May Not Be Related To BlackPOS, Target (Dark Reading) New analysis of the malware earlier identified as a BlackPOS variant leads some researchers to believe that they are two different malware families entirely

Vulnerability in popular Joomla e-commerce extension puts online shops at risk (IDG via CSO) A critical vulnerability in a popular e-commerce extension for the Joomla content management system allows malicious users to gain super-admin privileges to sites that run the software

Incapsula — Semalt Botnet Spreading Strongly Across the Web (Spamfighter News) Security researchers of security firm Incapsula warn that the "Semalt" botnet is spreading quickly over the Internet

TorrentLocker unlocked! Buggy ransmoware allows easy recovery for victims. (Tripwire: The State of Security) Far from being the geniuses that the media like to portray, malicious hackers can make mistakes just as well as the next person… and that's certainly true of whoever was behind the TorrentLocker ransomware

Cycbot Backdoor (Infosec Institute) Cycbot is a malware that spreads using instant messaging and removable drives and contains backdoor functionality that allows unauthorized access to an affected computer

Your Ticket to Malware (Cyveillance) A recent spate of scam emails purporting to be e-tickets from a major airline has been spreading in the wild recently. The "ticket" is really a zipped malware executable. Here is what one of the scam emails looks like

MH17 plane crash victims exploited by cold-hearted scammers (We Live Security) When Malaysia Airlines Flight 17 (MH17) was shot down in Ukrainian airspace in July of this year, the world was understandably shocked

Academia

Oculus CEO Brendan Iribe Donates $31M To Build VR Lab At His Alma Mater University Of Maryland (TechCrunch) Brendan Iribe dropped out of University Of Maryland his freshman year to launch a startup before going on to form Oculus. But now inspired by Mark Zuckerberg's philanthropy and made rich by Zuck's company buying Oculus for $2 billion, Iribe is donating $31 million to build the Brendan Iribe Center for Computer Science and Innovation at University Of Maryland (UMD), plus set up a CS scholarship

Intro to computer science is now the most popular course at Harvard (Quartz) Harvard students know which way the wind is blowing. According to a report from the Harvard Crimson, the school's introductory computer science class (CS50) has a record 818 undergraduates this fall. Twelve percent of undergraduates are taking the course, making it the most popular Harvard course in at least a decade

The MOOC Revolution That Wasn't (TechCrunch) Three years ago this week, Sebastian Thrun recorded his Stanford class on Artificial Intelligence, released it online to a staggering 180,000 students, and started a "revolution in higher education." Soon after, Coursera, Udacity and others promised free access to valuable content, supposedly delivering a disruptive solution that would solve massive student debt and a struggling economy. Since then, over 8 million students have enrolled in their courses

Litigation, Investigation, and Enforcement

Statement by the Office of the Director of National Intelligence and the U.S. Department of Justice on the Declassification of Documents Related to the Protect America Act Litigation (IC on the Record) On January 15, 2009, the U.S. Foreign Intelligence Surveillance Court of Review (FISC-R) published an unclassified version of its opinion in In Re: Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004 (Foreign Intel. Surv. Ct. Rev. 2008). The classified version of the opinion was issued on August 22, 2008, following a challenge by Yahoo! Inc. (Yahoo!) to directives issued under the Protect America Act of 2007 (PAA). Today, following a renewed declassification review, the Executive Branch is publicly releasing various documents from this litigation, including legal briefs and additional sections of the 2008 FISC-R opinion, with appropriate redactions to protect national security information. These documents are available at the website of the Office of the Director of National Intelligence (ODNI), and ODNI's public website dedicated to fostering greater public visibility into the intelligence activities of the U.S. Government

US threatened Yahoo with $250,000 daily fine over NSA data refusal (Guardian) Company releases 1,500 documents from failed suit against NSA over user data requests and cooperation with Prism compliance

US Government Requests Access to Non-Existent Dropbox Accounts (Infosecurity Magazine) US government requests for access to Dropbox user content and account details rose in line with subscriber numbers over the first half of 2014, but several of the accounts requested didn't actually exist, according to the firm

TV monitoring service is fair use, judge rules (Ars Technica) Fox News sued TVEyes, which records television 24/7/365 — but it's fair use

Design and Innovation

Facebook tests Snapchat-like vanishing act for posts (Naked Security) Good morning, Facebook citizens. Your mission, if you choose to accept it, is to have your Facebook postings self-destruct in 5 seconds

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

The 2014 Cyber Security Summit (New York) (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.