The CyberWire Daily Briefing 09.18.14

Summary

By The CyberWire Staff

FireEye warns that ISIS/ISIL is close to becoming a major cyber threat, that the "Cyber Caliphate" is in fact in the offing. Senior US intelligence officials regard this threat as more aspirational than imminent, and indeed the Caliphate's activities in cyberspace seem so far to have been largely confined to admittedly adept recruiting and propaganda. But FireEye's warning is more than a mere statement of a priori possibility: the company reports seeing indications that ISIS is assembling cyber attack tools from the criminal black market. That underground market has shown it can serve as a fairly effective research-and-development shop.

Citadel continues to concern the petrochemical industry.

The Harkonnen campaign is now thought to be dismantled, but observers are astonished as its duration sinks in: Harkonnen was apparently active for twelve years.

The consensus among security analysts who've reviewed the attack code is that Home Depot and Target were hit by distinct criminal groups.

People continue to wonder about the "rogue cell towers" that are turning up in the US.

The dark web niche vacated by Silk Road is being occupied by Evolution, a drug market that doesn't even bother to pretend to libertarian principles.

Job-seekers are warned against apparent headhunters who are in fact hunting personal data and intellectual property.

Microsoft flirts with national data centers to mollify German markets. Apple bucks up iCloud security. Apple Pay gets some early adopters, but Wal-Mart's not among them.

Egypt moves into deep packet inspection. Snowden alleges US gave citizens' data to Israel.

Notes.

Today's issue includes events affecting Egypt, European Union, Germany, Iraq, Israel, Qatar, Syria, Russia, United States

Selected Reading

Cyber Trends

V3 Security Summit: Data sharing essential to combat next-generation threats (V3) Security companies and firms that choose to go it alone when combatting next-generation threats risk leaving their customers open to a barrage of cyber attacks, according to BAE Systems

Fighting back: Is the time for defensive IT security policy over? (IT World Canada) Offence is a good defence, someone once said. It may be time to apply that to cyber security

Alarming level of cyber threat set for a decade, says Nato (ComputerWeekly) The 'very alarming' level of cyber threats organisations face is unlikely to fall for at least ten years, according to Suleyman Anil, head of cyber defence head at the emerging security challenges division of Nato

Cyber Attack: Coming to a Store Near You (Huffington Post) BigPill Drug stores began in 1960 and grew to 35 stores by 1990. The company had more than 100 stores in 2000. It is now a publicly traded company, with $63 billion a year in sales, a customer base of 20 million and 3,600 stores in 28 states. Big Pill's annual profits are $3.3 billion and stock currently trading at $6.75 a share

Internet Users Want Digital Privacy But Their Online Behaviors Show Otherwise; Trend Micro Launches Software to Reduce Vulnerabilities (PR Newswire) Trend Micro Security 2015 supports multiple devices across all platforms to improve consumer security and privacy

Fraud Analytics: Heat Map of Potential Retail Data Breaches by State (Tripwire: the State of Security) The recurrence of data breaches has escalated to the point where almost every week we are alerted of another mega retailer being hit. The U.S. government has even issued warnings about sophisticated attacks targeting retailers, putting the victims of one specific form of malware at well over 1,000 businesses

Over 41 Percent of Healthcare Organizations Still Aren't Encrypting Endpoints (eSecurity Planet) That's true despite the fact that a third of healthcare employees work outside the office or clinic at least once a week, according to Forrester

Trend Micro: Navigating the security minefield… (TheChannel) One size doesn't fit all in security, says Robin Marjason, Trend Micro Australia and New Zealand channel and distribution director

Legislation, Policy and Regulation

Egypt launches deep-packet inspection system with help from an American company (Verge) Deep-packet inspection is the one of the most invasive things a country can do to its internet. Employed by repressive regimes from Russia to Bahrain, it lets governments look into the content of web traffic as it moves over the network, allowing them to censor websites in real time and conduct detailed surveillance of citizen's activities on the web

Surveillance and privacy (Boston Globe) Snowden case reveals a program with few checks and little accountability

NSA chief dismisses scandal's impact, says agency 'fully compliant' with law (FierceGovernmentIT) Whistleblower Edward Snowden's revelations about the National Security Agency surveillance programs have not negatively affected its relationship with foreign counterparts, said NSA Director Adm. Michael Rogers, adding the corporate sector, nation states and foreign intelligence counterparts have not walked away from the agency

House passes bill to make it easier to fire federal senior executives (FierceGovernmentIT) The House Tuesday passed a bill that would make it easier to discipline or fire poorly performing senior executives governmentwide

Sarah Zabel: USAF IT Strategy to Focus on Cyber as Program Requirement (Executive Gov) Air Force Brig. Gen. Sarah Zabel has indicated that the service's new information technology strategy will focus on cybersecurity as a requirement for every program "right from the beginning," Breaking Defense reported Monday

Dateline

New York City Cyber Security Summit (CyberSummitUSA) The Cyber Security Summit is an exclusive conference series connecting C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts

Products, Services, and Solutions

Walmart says no to Apple Pay (FierceRetailIT) Since Apple (NASDAQ:APPL) announced the launch of virtual payment platform Apple Pay Sept. 9, brands such as Disney, Macy's (NYSE:M), McDonalds (NYSE:MCD) and Walgreens (NYSE:WAG) have already signed on to use it

Apple's Tim Cook Does Some Security Straight Talking (TechCrunch) Today, Apple's Tim Cook posted a letter announcing a new security page on the company's website, publishing some fairly plain-language security talk

CloudFlare's New Keyless SSL Could Unlock Cloud For Financial Institutions (TechCrunch) Financial institutions crave cloud scalability, but have been reluctant to jump on the cloud bandwagon because of security concerns

Skyhigh, Palo Alto Networks Unveil Cloud Security Integration (MSPmentor) Skyhigh Networks says new integration allows its customers to leverage Palo Alto Networks' firewall technology

Technologies, Techniques, and Standards

7 Reasons To Love Passwords (Dark Reading) Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor

Post breach security: CARM after the storm (IT Pro Portal) Data breaches create fear within organisations and as a result, everything about an organisation's security strategy has always been focused on stopping breaches from happening

Data Privacy Etiquette: It's Not Just For Kids (Dark Reading) Children are the innocent victims of the worst effects of social media. That's why it's vital for adults to establish privacy values that are safe for them — and the rest of us

Marketplace

Cisco Buys Metacloud As Big Companies Suddenly Hot For Cloud Startups (TechCrunch) Cisco announced this morning it intends to buy Metacloud, a startup with OpenStack chops. This news comes hot on the heels of HP buying Eucalyptus last week and Rackspace announcing they are taking themselves off the market this morning

Apple's Cook: The pot calling the kettle black (FierceITSecurity) I came across an interesting interview that Charlie Rose did with Apple CEO Tim Cook recently

Microsoft Raises Dividend, Changes Two Board Members (Bloomberg) Microsoft Corp. (MSFT) increased its dividend by 11 percent and is replacing two longtime board members when they retire this year, as Chief Executive Officer Satya Nadella puts his own stamp on the software maker

Microsoft mulls 'German-controlled' cloud data centre to instil cyber confidence (Out-Law) The head of Microsoft Germany has said the company is considering the possibility of working with partners to develop a cloud data centre based in Germany, with the aim of alleviating national concerns over cyber security

Industrial Utilities and Devices — Where the Cyber Threat Lurks (CyActive) We are excited to report that the Venture Capital Unit of Siemens (SFS VC), the global leader in industrial and utilities markets is making a strategic investment in CyActive

CyberArk IPO Gets Boost as Breaches Trigger Industry Gain (Bloomberg) The data breaches that have rocked corporate America in recent weeks couldn?t have come at a better time for CyberArk Software Ltd

Bug bounty programs: The road to hell is paved with good intentions (Help Net Security) Bug bounties are in the news again. Twitter has announced its own new scheme, while Robert Graham of Errata Security claims legal actions brought for loss of personal data will more likely succeed if the service provider does not have a bounty program

ZeroFOX Wins Gold in 2014 Golden Bridge Awards for Best Risk Management Solution (PR.com) ZeroFOX, The Social Risk Management Company&#8482, won Gold in the Best Risk Management Solution category of the 2014 Golden Bridge Awards for the ZeroFOX platform, an Enterprise Social Risk Management suite that enables organizations to identify, manage and mitigate information security risk introduced through social media

Catbird Appoints Industry Veteran as VP of Products and Marketing (Sys-Con Media) Sri Sundaralingam brings proven track record of success to growing company

Security Patches, Mitigations, and Software Updates

Critical Update for Adobe Reader & Acrobat (Krebs on Security) Adobe has released a security update for its Acrobat and PDF Reader products that fixes at least eight critical vulnerabilities in Mac and Windows versions of the software. If you use either of these programs, please take a minute to update now

Encryption goof fixed in TorrentLocker file-locking malware (IDG via CSO) The developers of a type of malicious software that encrypts a computer's files and demands a ransom have fixed an error security experts said allowed files to be recovered without paying

Cyber Attacks, Threats, and Vulnerabilities

ISIS cyber capability judged more 'aspirational' than operational (FCW) ISIS terrorists have announced their intention to establish a "digital caliphate" for launching attacks on U.S. critical infrastructure. Interviews with cybersecurity experts and questions posed to public officials reveal an assessment of the cyber warfare capabilities of the Islamic State of Iraq and Syria that, while potentially dangerous, remains more aspirational than operational

Warning over Isis cyber threat (Financial Times) The Islamist militants who have seized almost a third of Iraq and Syria pose the next great cyber threat as terrorist organisations hoard cyber weaponry from underground markets, the chief executive of FireEye has warned

Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks (Dark Reading) The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say

Decade-long cybercrime ring hacked European banks and labs (Wired) A 12-year-long European cybercrime operation targeting more than 300 banks, governments, research labs, critical infrastructure facilities and more has finally been discovered and scuppered

Hackers penetrated systems of key defense contractors (Help Net Security) Hackers associated with the Chinese government successfully penetrated the computer systems of U.S. Transportation Command contractors at least 20 times in a single year, intrusions that show vulnerabilities in the military?s system to deploy troops and equipment in a crisis, a Senate Armed Services Committee investigation has found

Home Depot's malware details hint its hackers weren't Target's (Bloomberg via the Chicago Tribune) Home Depot Inc. was hacked with a malicious software program that plunders store registers while disguising itself as antivirus software, according to two security researchers

This Simple iPhone Case can be Used to Steal ATM PINs (Intego Mac Security Blog) It's a common wisecrack around the criminal community. This whole stealing ATM PINs thing would be a lot simple if a gadget would just do all the work

"Win Free iPhone 6" scams hit Facebook (Help Net Security) As the day of the release of Apple's iPhone 6 and iPhone 6 Plus draws near, scammers have expectedly begun using the new devices as a lure in Facebook scams

Fake 'Last Words of Celebrity' Facebook Scam Installs Malware on PC (HackRead) Facebook has been spammed with feeds luring users in to clicking a video link of a famous Filipino actor in order to listen to his words before death

JPMorgan Hackers Accessed Info on 1 Million Customer Accounts (eSecurity Planet) According to the New York Times, more than 90 of the bank's servers were affected by the breach

Data Breach Bulletin: Gmail, Central Utah Clinic, JP Morgan, George Mason University (Forbes) Here's a roundup of this week's data breaches

Who Is Running Phony Cell Phone Towers Around The United States? (Popular Science) On August 29, Popular Science published a map of interceptor towers — surveillance devices that masquerade as cell phone towers to intercept voice and data transmissions from every cell user in an area

Going rogue: Hidden cell towers found (CSO) A quick drive around Washington DC found 15 rogue cell phone towers

The Dark Web Gets Darker With Rise of the 'Evolution' Drug Market (Wired) Evolution's popularity has been driven not only by a more secure and professional operation than its competitors, but also by a more amoral approach to the cryptomarket than the strict libertarian ethos the Silk Road preached

Does That Headhunter Want Your Head, or Your Secrets? (Bloomberg) Job seekers may fake their credentials. But the recruiter on the phone with you could be lying, too

Academia

QU to establish Thales chair on cyber security (Gulf Times) Qatar University and the French multinational company Thales signed an agreement yesterday to establish the Thales professorial chair in Cyber and Computing Security (CCS)

Naval Academy superintendent talks future of cyber (Capital Gazette) Vice Adm. Walter Carter Jr. keynote at BWI Business Partnership event

Litigation, Investigation, and Enforcement

Israel's N.S.A. Scandal (New York Times) In Moscow this summer, while reporting a story for Wired magazine, I had the rare opportunity to hang out for three days with Edward J. Snowden. It gave me a chance to get a deeper understanding of who he is and why, as a National Security Agency contractor, he took the momentous step of leaking hundreds of thousands of classified documents

Senior IT worker at top tech law firm arrested for insider trading (Ars Technica) Dimitry Braverman accused of making $300k trading Seagate and other tech stocks

Finjan Provides Update On Federal Circuit Ruling — Legacy Symantec Corp., Websense, Inc., Sophos Inc. Case (PRNewswire) Finjan Holdings, Inc. FNJN, -2.21% a technology company committed to enabling innovation through the licensing of its intellectual property, today provides an update on the case Finjan, Inc. v. Symantec Corp., Websense, Inc., Sophos Inc.: CAFC-13-1682 ("The Appeal")

China's ambassador to Iceland has been allegedly detained for leaking secrets to Japan (Quartz) Chinese ambassador to Iceland Ma Jisheng and his wife, Zhong Yue, have been arrested by Beijing on suspicion of leaking national security secrets to Japan, according to a Chinese-language media report

Design and Innovation

Is Facebook building a "Moments" app for ultra-private sharing? (Naked Security) When it comes to posting forehead-smackingly inappropriate stuff on Facebook, a cynic sees the glass as half empty

Security Sys Next Leap Behavioral Analytics (Newswire) Security surveillance systems have taken a major step forward with video behavioral analysis. That is we now have to capability of taking a simple video camera and embedding artificial intelligence, reducing false alarms

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

upcoming Events

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Indianapolis SecureWorld (Indianapolis, Indiana, USA, October 1, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Larry Ponemon, Chairman and Founder of the Ponemon Institute, will deliver the opening keynote. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Suits and Spooks New York (, January 1, 1970) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. Suits and Spooks New York will return to Soho House on October 2-3, 2014. Stay tuned for our speaker list and agenda coming this summer.

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.