The CyberWire Daily Briefing 09.15.14

Summary

By The CyberWire Staff

Cyber rioting, some state-directed, some evidently done for the lulz, continues in the Middle East, with some spillover into the US.

State-sponsored cyber espionage continues to draw media attention. China's "cyber production line" seems evidence of collaboration among criminal gangs and security services. Gamma Group FinFisher lawful intercept product continues to leak from Germany even as Germany's Spiegel reports fresh allegations of GCHQ/NSA observation of German targets. Australia and New Zealand respond to leaks of Five Eyes surveillance.

JPMorgan cautiously reports there's no evidence that its customers were victims of fraud as the result of recent Wall Street hacks.

Home Depot alumni discuss the retailer's security practices, pre-breach. Trend Micro names point-of-sale ROM-scraping malware the "overnight sensation" of this year's retail breaches.

InformationWeek explains the significance of Dyre malware for cloud security.

Trend Micro finds a 64-bit version of MIRAS malware in a targeted attack against a European IT firm.

Belden reports that Dragonfly/Havex, first associated with attacks on the energy sector, is now sniffing around pharmaceutical companies.

InformationWeek offers a primer on electromagnetic pulse (EMP) and the risk it poses to electronics — said to be overblown. (Still, if EMP's threat spooks you, you can avail yourself of an EMP-hardened data center.)

Observers warn of "hybrid war" — an asymmetric form of conflict that combines both cyber operations with low-level kinetic combat.

Veracode and CyberArk prepare their IPOs.

US surveillance and intelligence policy continue their path in the absence of new doctrine or strategy.

Huawei and HP both face corruption allegations.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Croatia, Egypt, Finland, Germany, Iran, Israel, NATO, New Zealand, Palestinian Territories, Russia, South Africa, Ukraine, United Kingdom, United States

The CyberWire's special coverage of the 5th Annual Billington Cybersecurity Summit in Washington, DC, on September 16, begins tomorrow. The Summit promises an interesting set of speakers and sessions. The CyberWire will also provide special coverage of the 2014 Cyber Security Summit, convening in New York on September 18.

Selected Reading

Cyber Trends

Cyber security pro: Finland under hybrid warfare attack (Yle Uutiset) Cyber security professor Jarno Limnéll says that hybrid warfare — wherein traditional and unconventional warfare methods are combined — is affecting Finns on a daily basis. The "attacks" are executed on the threshold of war and peace, and Limnéll says the most insidious form of hybrid war is the kind that operates undetected

Fortress finance pulls up the virtual drawbridge (BusinessDayLive) Western investors have largely shrugged off the military conflict in Ukraine, pushing global markets higher. But, deep inside some financial institutions and intelligence services, a debate is bubbling that investors should watch. This revolves not around boots and tanks but the cyber world

Adopting a Multi-Pronged Approach to Cyber Risk (Insurance Networking News) Insurers must catch up with other sectors in responding to cyber threats, says a panel of Deloitte experts

Why Apple Pay could succeed where others have had underwhelming results (Ars Technica) Not because Apple is a huge and influential company, but because the timing is right

Editorial: Apple's New Products Ratchet Up Need for Privacy Protection (Government Technology) The time is ripe for new encryption technology that stays one step ahead of the National Security Agency and individual hackers

75% of mobile apps will fail basic security tests (Help Net Security) Through 2015, more than 75 percent of mobile applications will fail basic security tests, according to Gartner. Enterprise employees download from app stores and use mobile applications that can access enterprise assets or perform business functions, and these applications have little or no security assurances. These applications are exposed to attacks and violations of enterprise security policies

Enterprise Annexation of Endpoint Security (NetworkWorld) When it comes to strong cybersecurity, endpoints and servers have often been second-class citizens when compared to the network

Security Ops Confidence Levels Drop (Dark Reading) Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers

Target tops the list of most epic privacy fails (Naked Security) Privacy has always been a hot topic for us at Naked Security, but recently the news seems to have gone from bad to worse

Lieberman Study: IT Pros Anticipate Attacks (Channelnomics) Yet another security study has confirmed our fears: Cyber-attacks are escalating rapidly and, more important, confidence in our IT security net is low

Catbird Study Reveals That Private Cloud Security Keeps IT Up At Night (HostReview) A survey among IT professionals identifies the primary security concerns in cloud-based data management

Secunia Vulnerability Review 2014 (InfoWorld) Critical security vulnerabilities are on the rise and the sheer volume is staggering. This 2014 Security Vulnerability Report reveals data on global trends. Learn how the primary attack vectors are shifting, why there's an increase of vulnerabilities in Windows 7, and how to be on the watch for risks in PDF readers, browsers and the top 50 software applications

This World Map Shows Every Device Connected To The Internet (Business Insider) A striking map created by John Matherly at search engine Shodan shows significant disparities in internet access across the world

Legislation, Policy and Regulation

Super cyber intelligence body soon, announces IT Minister (The Hindu) India will soon get an overarching body for cyber intelligence and security, IT and Communications Minister Ravi Shankar Prasad said here on Saturday

Exclusive: White House delays release of security-strategy doctrine (Washington Examiner) Even before President Obama's "no strategy" gaffe and this week's major speech laying out a plan to confront the Islamic State of Iraq and Syria, White House staffers were working to update a long overdue national security strategy doctrine

Despite Obama's Pledge to Curb It, NSA Mass Surveillance Wins Rubber Stamp (National Journal) Mass surveillance just earned another 90-day blank check, nine months after President Obama promised to rein in the NSA's spying powers

Justice Sotomayor says technology could lead to "Orwellian world" (Ars Technica) "We are capable of being in that Orwellian world," Supreme Court Justice says

Warning: You May Have Already Been Hacked (FedTech) One senator is requesting FBI data to determine which federal agencies have not fallen victim to hackers

Key wrong to use cyber protection to justify spying (Scoop) John Key is trying to scare and confuse New Zealanders by saying mass surveillance by the GCSB is needed to achieve the country's cyber protection, the Green Party said today

Croatia Builds New Mobile Government on IBM Mainframe — citizens can now access critical services in just minutes (PRNewswire via MarketWatch) IBM (NYSE: IBM) and APIS IT Ltd., the company that provides strategic, professional and implementation services to the public and Government sector organizations of the Republic of Croatia, today announced the deployment of a new IT infrastructure that will modernize the delivery of government services to the citizens of Croatia

Cuomo and Christie Bring Together Bi-State Group of Law Enforcement and Security Agencies to Enhance Preparedness and Coordination (Long Island News) All relevant public safety agencies will meet with FBI Joint Terrorism Task Force to ensure coordination at highest levels

Army Cyber Leader Touts Hacking Skills (GovInfoSecurity) Greg Conti relishes 'playful' aspects of learning about IT

Products, Services, and Solutions

ApplePay: The Security Pros & Cons (Credit Blog) ApplePay, the new mobile payments service introduced by Apple this week, could ultimately set the security and privacy benchmarks for digital wallets much higher

Facebook wants to know why you hate specific adverts (Naked Security) Facebook has announced yet more slants to its constant ad fiddling

FireHost Fuses Security and Compliance in Unique Compliance-as-a-Service Offering (Dark Reading) To help businesses protect their data and exceed PCI, HIPAA, and other regulatory requirements, secure cloud leader FireHost has announced the most complete compliance-as-a-service (CaaS) offering, making the fast-growing company the only cloud provider in the industry to deliver such a service

FireMon claim ROI for customers inside a year (CRN) Report by TechValidate shows 54 per cent of FireMon customers achieve ROI in 12 months

Upland's FileBound Receives Enterprise-Ready Rating from the Skyhigh CloudTrust Program (Security IT Business Net) Upland Software, Inc., a leader in cloud-based Enterprise Work Management applications, today announced that it has been awarded the Skyhigh CloudTrust rating of enterprise-ready for its FileBound document and workflow automation application

BitDefender and Kaspersky Antivirus — A comparison guide (STIX) You know where to look for new updates and features of a software program. But, many of us do not check latest news and information related to that software updates and features you are searching for, which is very important

New data center protects against solar storms and nuclear EMPs (Computerworld) Data loss from an electromagnetic pulse is the bigger worry

Technologies, Techniques, and Standards

How Boston Children's Hospital hit back at Anonymous (CIO via CSO) Hackers purportedly representing Anonymous hit Boston Children's Hospital with phishing and DDoS attacks this spring. The hospital fought back with vigilance, internal transparency and some old-fashioned sneakernet. That — and a little bit of luck — kept patient data safe

Emerging cloud threats and how to address them (Help Net Security) As organizations deploy and harness private, community and hybrid clouds, they encounter new types of threats, along with the old ones they've been battling for years

Gas Utility Group Shares Info to Repel Cyber, Physical Attacks (Natural Gas Intel) The American Gas Association (AGA) has launched a program to help protect natural gas utilities from cyber and physical attacks

Social engineering audits on the rise: What this means for CIOs and CSOs (Tech Republic) A social engineering audit looks for internal data or security breaches. The uptick in these audits is a reminder to C-level execs that security is an inside as well as an outside responsibility

The Easy-to-Miss Basics of Network Defense (TrendLabs Security Intelligence Blog) Last month we released a paper on backdoor techniques which highlighted the importance of setting up your network properly to detect and block C&C communication. In this post, I will share some rules that IT administrators can proactively implement in order to set up "basic defense" for their network. I say basic here because these rules are not meant to cover all types of suspicious activity within the network — just some that I think are more likely to be missed

Three Things Apple Can Do to Fix iCloud's Awful Security (Wired) Apple's reality distortion field makes for epic product launches. But it doesn't keep sext-snatching hackers out of your iCloud account

Are credential dumps are worth reviewing? (Internet Storm Center) It's been reported that around five million Gmail email addresses were released on to a forum early on in the week. In the file, next to each email address, was a password

Data Security Systems and the Prevention of Identy Theft (IP Watchdog) In the world of data security, 2014 will likely go down as one of the rockiest years in history. We have previously covered recent cyber attacks and data breaches at Target and Neiman Marcus, among others, as well as ways businesses can tighten up data security to prevent against breaches

Why Email Is Worth Saving (Dark Reading) What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is

9 Resources to Stay Current on Security Threats (eSecurity Planet) These nine online resources will keep security pros informed about the latest threats

Marketplace

Veracode Secures $40M In Funding As IPO Looms (Dark Reading) Security firm plans to increase investments in sales, marketing, and research and development

CyberArk Software on deck for $80 million IPO (BetaBoston) CyberArk Software is looking to be Boston tech's next initial public offering this year with the disclosure of its expected IPO terms

EMC: VMware Not For Sale (InformationWeek) Contrary to a New York Post report and an investor's pressure, EMC says it's not considering selling off its VMware virtualization subsidiary

HP buys cloud provider Eucalyptus, Marten Mickos to lead HP Cloud (IT World) Eucalyptus CEO Marten Mickos will head HP's Helion cloud services and software

FireEye: Price Matters (Seeking Alpha) FireEye (NASDAQ:FEYE), an enterprise security provider, is a prime example of how price matters when buying a stock. One could probably have easily argued that the stock was overvalued at over $95 back in March, but what about now with the stock sitting at levels around initial trading following the IPO back last September?

Cisco, Check Point Gain Security Appliance Share (Investor's Business Daily) The security appliance market saw solid growth in the second quarter, with worldwide revenue up 7% and unit shipments up 5% year over year. The big vendors got bigger as the smaller players shrank in terms of factory sales, market research firm IDC reported Thursday

Check Point eyes local SME market (ITWeb) SMEs know they need security but don't want the headache of managing it themselves, says Doros Hadjizenonos, Check Point's sales manager for SA. Israel-headquartered security solutions provider Check Point Software Technologies is looking to tap into the South African SME market

Espionage, theft, virtual war: Good news for Israel's cyber industry (Haaretz) Israel has emerged as a center for defending people, organizations and even countries against cyber attacks. The question is how to maintain the edge

$5b in US Army Intelligence Support Contracts, 2014-2019 (Defense Industry Daily) Army Intelligence and Security Command at Fort Belvoir, VA issues up to $5.04 billion worth of indefinite-delivery/ indefinite-quantity contracts for global intelligence support services

Air Force wants a better way to map and analyze its networks (Defense Systems) The Air Force is looking for new technologies for cyber situational awareness under a newly consolidated program called Mission Awareness for Mission Assurance, or MAMA

Agiliance Wins Three 2014 Golden Bridge Awards (BusinessWire) RiskVision platform receives Gold and Bronze Award for innovations in GRC and risk management; management team honored with Bronze Award for its industry achievements

Rambus Expands Cryptography Research Division Leadership Team (BusinessWire via Investor's Business Daily) Appointments of Dr. Simon Blake-Wilson, Philippe Martineau, and Ron Perez strengthen industry-leading team

Intelligence officials find career afterlife as cybersecurity booms (Bloomberg via Vancouver Sun) As the fourstar general in charge of U.S. digital defences, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack

Chesapeake Innovation Center cuts ribbon on new home (Technical.ly Baltimore) The Anne Arundel County incubator moved, in part, to be closer to the Army's Fort Meade

Research and Development

The Future of Cryptography Is… Outdated Nokia Phones? (Popular Mechanics) Physicists create cryptographically-secure random numbers using only a discontinued Nokia phone and the physical properties of light

Security Patches, Mitigations, and Software Updates

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes (Naked Security) Here's a quick note to remind all Firefox users that Mozilla just snuck out a point release's newsletter

Four Vulnerabilities Patched in Integraxor SCADA Server (Threatpost) Four different remotely exploitable vulnerabilities were recently discovered and patched in a popular SCADA server

Microsoft discontinues support for Microsoft Security Essentials (STIX) We all look for software updates and other fresh features in a program. But, we should significantly consider the information and news provided under each software update and features

Cyber Attacks, Threats, and Vulnerabilities

OpIsrael Reborn: Israel-Russia-Ukraine Chambers of Commerce and Industry website hacked (HackRead) The Pro-Palestinian online hacktivist AnonGhost has announced a series of cyber attacks with aim to destroy Israeli cyber space. These cyber attacks will be conducted under the banner of OpIsrael Reborn

Iranian group hacks U.S. Government owned Clarkston City, Georgia website (HackRead) The notorious Iranian hackers from Ashiyane Digital Security Team have hacked and defaced the official website of United States government City of Clarkston, Georgia

Supporter of Anonymous Hacktivists Hacks Vodafone Egypt Sub-Domains (HackRead) A hacker going with the handle of 'Ali El Top' hacked and defaced two official sub-domains of Vodafone Egypt last Thursday (04/09/2014). Hacker left a message along with a deface picture of Anonymous hacktivists on sub-domains belonging to Vodafone's web hosting services for its customers

China's cyber spying 'production line' approach no game for amateurs (SC Magazine) Chinese cyber-spying production line shares tools and tactics between different groups suggesting cooperation or at least similar training

WikiLeaks exposes chats and list of countries being spied through FinFisher (HackRead) WikiLeaks has exposed secret conversation and list of countries who had their citizens being spied by their own governments through German-based Gamma Group International's FinFisher spyware

Treasure Map: The NSA Breach of Telekom and Other German Firms (Spiegel) When it comes to choosing code names for their secret operations, American and British agents demonstrate a flare for creativity

Edward Snowden reveals tapping of major Australia-New Zealand undersea telecommunications cable (Brisbane Times) A major undersea telecommunications cable that connects Australia and New Zealand to North America has been tapped to allow the United States National Security Agency and its espionage partners to comprehensively harvest Australian and New Zealand internet data

JPMorgan says no cyber attack-related customer fraud seen (Reuters) JPMorgan Chase & Co said it had not seen any unusual customer fraud related to a recent cyber attack on the bank

Former Home Depot Managers Depict 'C-Level' Security Before the Hack (Bloomberg BusinessWeek) Home Depot's (HD) in-store payment system wasn't set up to encrypt customers' credit- and debit-card data, a gap in its defenses that gave potential hackers a wider window to exploit, according to interviews with former members of the retailer's security team

PoS RAM Scraper Malware: The Overnight Sensation (Trend Micro Simply Security) There's a saying in show business that it takes years to become an overnight sensation. Point-of-Sale (POS) RAM Scraper Malware has arguably become the overnight sensation of cyberattacks this year. From Target and Neiman Marcus to Home Depot, PoS RAM Scraper Malware has become the malware story du jour

Dyre Straits: Why This Cloud Attack's Different (InformationWeek) Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle

64-bit Version of MIRAS Used in Targeted Attack (TrendLabs Security Intelligence Blog) We have been investigating the MIRAS malware family, which was recently linked to attacks that targeted a Europe-based IT company. Our analysis shows that MIRAS, or BKDR64_MIRAS.B is a 64-bit malware that was used for the data exfiltration stage in a targeted attack. MIRAS is available in 32-bit (BKDR_MIRAS.B) and 64-bit (BKDR64_MIRAS.B) Windows operating systems

Context hacks into Canon IoT Printer to run Doom (Dark Reading) Ability to compromise internet-connected devices raises more questions about IoT security

PhishLabs Researchers Intercept Vawtrak a Fresh Variant of Neverquest (Spamfighter News) PhishLabs the security company has just discovered the infamous banker Trojan Neverquest in some newer variations dubbed Vawtrak which alongside stealing online banking credentials also target certain gaming, retail and social media websites

Beware geeks bearing gifts: Steam-draining nasty spreads via Twitch (Register) Eskimo infection will drop you right Inuit

Dragonfly malware targeting pharmaceutical companies (Help Net Security) The recently revealed Dragonfly (Havex) malware is likely targeting the pharmaceutical sector, not the energy sector as previously believed, according to Belden

Security researcher finds Facebook Messenger is loaded with 'spyware type code' [updated] (BGR) As if you didn't already have enough reasons to hate Facebook Messenger, now you have another one. Security researcher Jonathan Zdziarski tells Motherboard that he spent some time picking apart Facebook Messenger earlier this week and found that it's positively loaded with "spyware type code" designed to track everything you do

Hacked Brazilian Newspaper Site Targets Router DNS Settings (Threatpost) The website for one of Brazil's biggest newspapers has been compromised with malware that tries to change the victim's router DNS settings

Sprint, Windstream traffic routing errors hijacked other ISPs (IDG via CSO) Internet traffic routing errors made by U.S. operators Sprint and Windstream on the same day last week underscore a long-known Internet weakness, posing both security and reliability issues

Bitcoin cyber blackmailers strike Colfax pizzeria (Auburn Journal) Rogue encrypted cells hold business hostage for cloud currency

EMP, Debunked: The Jolt That Could Fry The Cloud (InformationWeek) An electromagnetic pulse (EMP) from the sun or a high-altitude nuclear blast could change life as we know it, but how worried should you really be? Here's a primer

Litigation, Investigation, and Enforcement

Holder Says Private Suit Risks State Secrets (New York Times) In his first year in office, Attorney General Eric H. Holder Jr. put new limits on when the government could dismiss lawsuits in the name of protecting national security. Now, in what he has said is likely his final year, Mr. Holder has claimed broad authority to do just that in a case unlike any other

Huawei Discovers Corruption After Internal Investigation (TechWeekEurope) Over a hundred Huawei staffers reportedly implicated in making and receiving bribes, after CEO admits internal investigation

Huawei's Massive Bribery Exposed, Targeting Corrupt Officials? (New Tang Dynasty) Mainland Chinese media recently exposed millions of bribes in the business of Huawei Technologies Co. Ltd. 116 employees' involvement in the corruption was found at the leading telecommunications equipment company. Although some media said it's a rumor, the party mouthpiece not only reproduced the report of the corruption, but also published an opinion article saying corruptions of private enterprises need management from the outside. Huawei's CEO has a military and state security background. Is the explosion of the bribery case just a self-examination? Or is it the Chinese Communist Party (CCP) high level that wants to crackdown on "big tigers?"

HP Russia guilty of government bribery using "secret slush fund" (Ars Technica) HP subsidiaries bribed police, prosecutors, and a state-run oil company

Edward Snowden did not raise concerns about surveillance programs: National Security Agency (Australian Broadcasting Corporation) The US National Security Agency (NSA) says it has been was unable to find evidence that whistleblower Edward Snowden ever raised concerns internally about its sweeping surveillance programs

Supreme Court ruling has wiped out 11 "do it on a computer" patents so far (Ars Technica) The balance of power is changing as courts vigorously apply Alice v. CLS Bank

Solihull teenager arrested over government cyber-attack (BBC) An 18-year-old man has been arrested in connection with a "significant" cyber-attack on the Home Office

Serial hacker pleads guilty to bank bitcoin blackmail (Naked Security) A 22-year-old with a lengthy history of convictions pleaded guilty last week to charges of blackmail and fraud, after threatening to reveal details of thousands of phished bank accounts if the bank involved refused to pay up

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

Security Forum 2015 (Hagenberg im Mühlkreis, Austria, April 22 - 23, 2015) The Security Forum is the annual IT security conference in Hagenberg that addresses current issues in this domain. Visitors are offered technical as well as management-oriented talks by representatives of business, research and public service

upcoming Events

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

The 2014 Cyber Security Summit (New York) (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.