The CyberWire Daily Briefing 10.06.14

Summary

By The CyberWire Staff

A timely reminder that jihadist cyber threats aren't confined to the Levant arrived from India over the weekend, where that country's National Investigation Agency claims to have turned up evidence that the "Indian Mujahideen" (said to be controlling cells in India and Nepal from safe houses in Karachi, Pakistan) are using frequently changed open-source encryption tools in their communications.

Middle Eastern intelligence services continue monitoring ISIS chatter and begin an information counteroffensive.

Shellshock remains a problem, with signs emerging that "Shellshock-like" bugs may affect hitherto immune Windows systems.

Analysts continue to digest JPMorgan's recently disclosed breach details, and they don't like what they see: possible evidence that the financial system is more vulnerable to cyber attack than previously feared. MPs in the UK undertake an inquiry into British financial institutions' cyber exposure. New York State's financial regulators will meet with banks this week to urge better collaborative defense, and to begin a discussion of whether the cyber threat should be considered "as fundamental to institutions as capital levels." (The Illinois Attorney General has opened a less friendly investigation into the JPMorgan incident.)

Recent breaches have given cyber security stocks a strong tailwind, and are also propelling cyber insurance forward. (Lloyd's of London has a new offering, developed in collaboration with US ex-DHS Secretary Ridge.) But observers caution buyers to read the fine print carefully, and note the difficulty of assessing value-at-risk.

HP and Exelis both announce plans to break themselves in two. MasterCard announces a new pay card security tool.

Notes.

Today's issue includes events affecting Brazil, China, Colombia, France, Germany, India, Iran, Iraq, Israel, Nepal, New Zealand, Pakistan, Qatar, Russia, Saudi Arabia, Syria, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

How Retro Malware Feeds the New Threat Wave (Dark Reading) Old-school exploits used in new ways are placing fresh demands for intel-sharing among infosec pros and their time-tested and next-gen security products

Financial Services Are 'at War' With Cyber Criminals, Citigroup Says (Wall Street Journal) he financial services sector is "at war" when it comes to cyber-security, according to a senior Citigroup executive, who said the bank faced attacks 10 million times a month

Cyber Security And The Danger Of Ostriches In The Boardroom (Forbes) A worldwide survey of almost 10,000 executives and IT directors in 154 countries reveals that global corporate security budgets have fallen at a time when cybersecurity breaches are rising dramatically. Of even greater concern is the fact that corporate boardrooms seem determined to adopt ostrich-like behaviour and ignore the problem

America's Biggest Threat: Economic Espionage and the Theft of Innovation (United States Cybersecurity Magazine) We live in a truly exciting time. Advances in technology permeate every aspect of our lives and enrich nearly everything we are involved in. Along with all the good technology brings us, there is also a dark side

Staff Ready Shadow IT to Bypass Controls Ahead of EU Data Laws (Infosecurity Magazine) Nearly two-thirds of European office workers are prepared to use "shadow IT" to circumvent controls designed to ensure organizations comply with forthcoming EU data protection regulations, according to Sophos

My employer, comply with data protection law? Don't think so — say 3 in 4 office drones (Register) One to ponder as you're filling in those online payment fields

The loss of credit and debit card innocence? (CA Technologies Highlight) Fraudsters have stolen the long-held belief by many consumers that their credit and debit card data is safe. But all is not lost and here's why

Technology Experts Warn of Medical Device Vulnerability (Dumb-Out) Tom Cross, research director of network security firm Lancope, discusses the state of medical device security in the health care industry today

Legislation, Policy and Regulation

Germany's Merkel under fire over NSA scandal (World Bulletin) German Chancellor Angela Merkel has come under increasing fire in a data sharing scandal that broke on Saturday

007 Nemesis Le Chiffre Bolsters France in Cyber Attacks (Bloomberg) Brittany, in north-western France, is best known for its crepes and apple cider. This weekend, it also became the site of the biggest cyber-attack in French history

Alex Younger appointed head of UK's MI6 spy agency (Washington Post) MI6 has a new spymaster. The British government said Friday that career intelligence officer Alex Younger is the agency's new chief

New Zealand extends ministerial oversight of spy agencies (Xinhua via the Shanghai Daily) New Zealand Prime Minister John Key on Monday unveiled change to the government's oversight of its intelligence agencies, following a long-running controversy over allegations of illegal spying

Russian communications minister vows national security information is safely protected (TASS) "Russia has an entire school of making information security tools. There is and can be no threats," he said

China's back to being the FBI's top super villain (CSO) On Sunday, during 60 Minutes, the FBI's director says China is on the top of their list

White House Cybersecurity Plans Hinge on Industry Dialogue (CIO) October has been designated Cybersecurity Awareness Month, and it started with an appeal from the Obama administration for closer collaboration with businesses on cyber threats

Pentagon launches Insider Threat Program (Defense Systems) Three years after a presidential directive ordered federal agencies to better ensure safe handling of information — and in the wake of the disclosures of Edward Snowden — the Pentagon has issued a directive implementing the DOD Insider Threat Program

DHS network scanning authority, federal lab feedback and more (FCW) OMB gives DHS enhanced scanning authority for federal networks

Products, Services, and Solutions

MasterCard unveils tool to tackle cyber threat (Finextra) With the huge data breaches at Target and Home Depot fresh in the memory, MasterCard has launched a tool designed to protect against cyber attacks on banks and processors

US homeland security chief offers cyber attack insurance (Financial Times) The US's first ever homeland security chief is teaming up with Lloyd's of London to launch an insurance company that will specialise in corporate cyber security policies

10 Easy-to-Use Security and Privacy Tools (Tom's Guide) For a long time, people thought that technologies couldn't be both secure and easy to use

HelpSystems Announces Browser Interface, Intuitive Dashboards, and Enhanced Filtering in Security Software Update (MarketWired) New features in Network Security 6.50 simplify navigation and provide an up-to-the-minute view of key transaction metrics

Egress Switch Becomes the First Email Encryption Solution to Achieve Both CESG PGA and CPA (PR.com) Egress Software Technologies, the leading provider of cloud-based and on-premise encryption services to the UK Public Sector, receives CESG Pan Government Accreditation (PGA) for its Software as a Service (SaaS), following Commercial Product Assurance (CPA) certification in October 2013

Tenable Network Security Customers Gain Fast Advantage over Shellshock (OnRec) On Sept. 24, the world learned about Shellshock, a major security vulnerability in the ubiquitous Bash Unix shell. Less than 24 hours after the news broke, Tenable Network Security®, Inc., the leader in continuous network monitoring, announced the release of a robust set of detection plugins and a new Shellshock policy wizard for its Nessus® vulnerability scanner, the global standard in detecting and assessing network data

Technologies, Techniques, and Standards

The jihadi hunters (Boston Globe) A new generation of self-made experts is tracking extremists through their online activity — and rewriting the rules of intelligence in the process

OPSec for security researchers (SecureList) Being a security researcher nowadays is no easy task, especially as we are no longer dealing with purely technical matters. Today's global security landscape includes several new actors including governments, big companies, criminal gangs and intelligence services. This puts researchers in a difficult situation

Using Threat Intelligence to Protect the Network (BizTech) To fight back against hackers, organizations must leverage data before, during and after an attack to maintain data security

Detecting irregular programs and services installed in your network (Internet Storm Center) When the corporate network becomes target, auditing for security policy compliance can be challenging if you don't have a software controlling irregular usage of administrator privilege granted and being used to install unauthorized software or to change configuration by installing services that could cause an interruption in network service. Examples of this possible issues are additional DHCP Servers (IPv4 and IPv6), Dropbox, Spotify or ARP scanning devices

Ten Strategies of a World-Class Cybersecurity Operations Center (MITRE) Today's cybersecurity operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. This includes a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence reporting, and access to a rapidly expanding workforce of talented IT professionals. Yet, most CSOCs continue to fall short in keeping the adversary — even the unsophisticated one — out of the enterprise

Marketplace

Cyber Coverage Experiences Growing Pains (Claims Journal) In light of businesses increasing usage of information assets and advancing technology insurers are pulling away from cyber coverage, according to Kevin Kalinich, global practice leader of cyber risk insurance at Aon Risk Solutions

Many 'Loopholes' in Cyber Insurance Policies, L'Oreal CISO Says (Wall Street Journal) While companies are investing millions of dollars in insurance policies to protect themselves from cyber security breaches, the market is fraught with pitfalls, said Zouhair Guelzim, chief information security officer of L'Oreal Americas

Cybersecurity stocks red-hot after breach (MarketWatch) Cybersecurity stocks soared to fresh highs Friday after J.P. Morgan unveiled a new breach that could potentially affect some 76 million U.S. households

How the cloud is changing the security game (CSO) New market of vendors sprouts up to secure the cloud

HP Plans Split Into Two Separate Businesses (InformationWeek) Hewlett-Packard will split PC and printer businesses off from enterprise hardware, software, and services. Whitman to lead enterprise unit

Exelis completes spinoff of services unit (Washington Post) McLean-based defense contractor Exelis recently completed the spinoff of its services unit, making it the latest government contractor to reorganize itself to better compete in a constrained federal spending environment

Startup Club: CyberArk (Shalom Life) After its Nasdaq IPO last week, the Israeli cyber security company is currently valued at $880 million

Could Alibaba Acquire Akamai? Or Would It Better Be A Customer? (Forbes) Here is a thought: Would Chinese e-commerce giant Alibaba consider acquiring Akamai at some point? It may not be outrageous to think so, given that Alibaba has a knack for acquiring web related companies to expand its business. Considering Akamai's dominance in content delivery and value-added services, Alibaba would benefit from access to host of web data and Akamai's proprietary marketing and site acceleration services

Research and Development

Facebook sort-of apologizes for treating users like lab rats (Naked Security) Facebook says there are a few things about its experiment on users' emotional states that it "should have done differently"

Security Patches, Mitigations, and Software Updates

Google Changes Safesearch Option for Administrators (Threatpost) Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for attackers

Cyber Attacks, Threats, and Vulnerabilities

IM's Tech Expertise Haunts Indian Intelligence Agencies (New Indian Express) Banned terror outfit Indian Mujahideen (IM) has gone hi-tech, sending shock waves among the intelligence and security agencies. The IM operatives are using cutting-edge crypto-algorithms to effectively coordinate terror plans, concealing their online presence and masking identity

Jihadi Chatter Online, Including On Social Media, About Using Ebola, Poisons As Weapon Against The U.S. And The West (MEMRI) Following the outbreak of the Ebola virus, some jihadis online have referred to and discussed the possibility and ease of using Ebola, as well as poisons, as a weapon against the U.S. and the West

Arab Leaders Attack IS With Intel, Theological Challenge (Defense News) As the international coalition's military operations against Islamic State (IS) militants have ramped up, Arab leaders also have begun waging an intellectual war while providing intelligence to guide airstrikes

Nearly 1 Billion Attacks Targeting Shellshock Vulnerability (Top Tech News) Enterprise IT vendors like Cisco and Oracle are working hard to plug Shellshock vulnerabilities in their products. Meanwhile, Apple issued a patch on Tuesday that some security Relevant Products/Services experts warns is not quite fully baked

Shellshock-Like Weakness May Affect Windows (Threatpost) In the early hours of the Shellshock vulnerability in Bash, the running joke was that Windows administrators could sit back with a box of popcorn and a beverage and watch the Linux and UNIX admins scramble about for once

Shellshock Vulnerability Downloads KAITEN Source Code (TrendLabs Security Intelligence Blog) Since the discovery of Shellshock, Trend Micro has continuously monitored the threat landscape for any attacks that may leverage these vulnerabilities. So far, we have identified an active IRC bot, exploit attempts in Brazil and China, botnet attacks, and a wide variety of malware payloads such as ELF_BASHLITE.A, ELF_BASHLET.A, and PERL_SHELLBOT.WZ among others. It is reported that other vulnerable protocols like HTTP, SMTP, SSH, and FTP are also affected by Shellshock

JPMorgan Chase Breach Could Feed Phishing, But Fraud Unlikely (CRN) In a massive data breach of information that experts warn could fuel a wave of phishing attacks, JPMorgan Chase said attackers stole the contact information of as many as 7 million businesses and 76 million households from the company's database servers

JP Morgan reveals data breach affected 76 million households (USATODAY) The cyberattack on JPMorgan Chase & Co., first announced in July, compromised information from 76 million households and 7 million small businesses, the company revealed Thursday in a filing with the Securities and Exchange Commission

Report: Hacked Password Behind Compromise of 75m JPMorgan Accounts (Invincea Security Ledger) The top news this week is about Wall Street giant JP Morgan Chase, which disclosed on Thursday that a previously disclosed breach was much larger than initially believed, affecting more than 75 million account holders. And once again, reports suggest that a compromised employee account may be at the root of the incident

J.P. Morgan doesn't plan to inform victims of cyber attack (MarketWatch) With two-thirds of U.S. households impacted, consumers must be vigilant

The JPMorgan Breach Is One Part of a Larger Crisis (Credit.com News) JPMorgan's disclosure that hackers compromised the data of more than 76 million of its consumer patrons — and 7 million small business clients — may seem stunning

This is why the enormous JPMorgan Chase hack is so scary (Fast Company) Banks are supposed to be among our safest institutions

JP Morgan data breach: how long can banks live in denial over cyber threats? (Guardian) The bank revealed that 76m people were targeted by hackers — which is 75m more than it estimated. Why can't banks pay better attention to security?

What Security Lessons Did We Learn From The JP Morgan Chase & Co Breach? (TechWeekEurope) We may still see piggyback attacks where cybercriminals launch social engineering attacks

Malware and PUP Disguised as Twitch Bombing Tools (Malwarebytes Unpacked) Here's a scenario: Suppose you went live on Twitch to stream your playthrough of Destiny

White hat hacker warns CMS plugins are leaving the security door wide open (Daniweb) As well as being CEO of penetration testing specialists High-Tech Bridge, Ilia Kolochenko is also perhaps unsurprisingly a white hat hacker of some repute. Equally unsurprising is the fact that he has warned that security vulnerabilities in leading CMS platforms such as Drupal, Joomla and WordPress are effectively leaving the security door wide open for hackers to walk through

Destructive Android Trojan poses as newest Angry Birds game (Help Net Security) Android malware masquerading as a legitimate app or game being offered on online app stores is not a rare occurrence, but purposefully destructive malware that does not ask for ransom is

Boeing urges airlines to be vigilant of cyber security threats (Runway Girl Network) Airline bosses ignore cyber security concerns at their peril, and must ensure that thorough mitigation plans are in place to deal with potential hacking of their systems, as aircraft move ever closer to becoming fully e-enabled

Security Expert Raises Issues of Satcom Vulnerabilities (AINOnline) Satellite communications systems have security vulnerabilities that may allow hackers to gain access to aircraft systems, according to cyber security expert Ruben Santamarta, principal security consultant at IOActive Security Services

9 employee insiders who breached security (CSO) These disgruntled employees show what can happen when an employer wrongs them

Bulletin (SB14-279) Vulnerability Summary for the Week of September 29, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Academia

Youth interest in IT security careers grows but schools letting them down: survey (CSO) One in four young adults is interested in a career in cybersecurity, a new survey has found, but two-thirds said their high schools weren't providing appropriate teaching to foster their entry into a market that is growing 3.5 faster than the overall IT job market

Why don't more millennials want to work in cybersecurity? (FedScoop) This month marks the 11th straight year the Department of Homeland Security has sponsored a National Cybersecurity Awareness Month. So why do so many young adults ages 18 to 26 — the so-called millennials — say they're not sure what it means to have a career in cybersecurity?

Building a workforce for the digital age includes cybersecurity (Milwaukee Journal Sentinel) For major companies such as Home Depot, Target and JPMorgan Chase, the risks and realities of cyberattacks on computer systems and customer accounts have hit all too close to home

For Uncle Sam, trouble raising a cyber army (Fortune) There is an industry-wide shortage of cyber security professionals, but the problem is particularly acute in the federal government

The best way to teach kids math is not in a classroom (Quartz) As a semi-retired engineer, I often lament efforts to remove shop, technical drawing and other hands-on classes from students' schedules when they might otherwise understand math as just a dry academic offering. The concept that shop classes serve solely as "industrial education" fail to note its vital role in preparing future architects, engineers, scientists and more

Academia takes on the cyber security gender gap (Techradar) A take by an NYU Polytechnic professor

BCC offering two new associate degree programs (Burlington County Times) As it continues to focus on job-related skills, Burlington County College has created two new associate degree programs: cybersecurity and cancer registry management

Litigation, Investigation, and Enforcement

NY bank regulator targets cyber threat (Financial Times) New York's top banking regulator will meet the chief executives of several financial institutions to discuss their ability to withstand and prepare for cyber threats in the wake of JPMorgan Chase's data breach

Illinois attorney general probing hack at JPMorgan (Chicago Tribune) Illinois Attorney General Lisa Madigan is investigating the security breach at JPMorgan Chase & Co., according to a spokeswoman

Senators Seek Answers on USIS Breach (GovInfoSecurity) Carper, Coburn Query Leaders of DHS, OMB and OPM

MPs investigate financial system's cyber weaknesses (Telegraph) Head of influential Treasury Committee says recent JP Morgan hack underlines need for security after series of meetings with regulators amid fears that customer data is at risk

Alabama Sheriff says ComputerCOP keylogger could have stopped Columbine (Ars Technica) He also says the EFF is "interested in protecting predators and pedophiles"

FBI surveillance letters weighed in San Francisco appeals court (San Jose Mercury News) Long before Edward Snowden blew the lid off the government's widespread Internet snooping, an unknown Bay Area telecommunications company was striking back at an equally secretive but far more common tool in the FBI's shadowy world of surveillance

CIA sued over Senate spying (The Hill) A Washington-based privacy organization is suing the CIA to obtain details about how it spied on Senate staffers

Colombia's highest court to investigate Uribe over peace talks wiretapping (Colombia Reports) Colombia's Supreme Court has begun a preliminary investigation into former President Alvaro Uribe's alleged involvement in the wiretapping of ongoing peace talks with the FARC, reported local media on Friday

Met Police launches cybercrime and anti-fraud unit FALCON (HackRead) The Metropolitan Police has taken an initiative to tackle with fraud and cybercrime to safeguard Londoners

The "he said, she said" of how the FBI found Silk Road’s servers (Ars Technica) Lawyer for accused drug website mastermind says FBI explanation is "implausible"

Google responds to celebrity lawyer's $100m nude photo scandal lawsuit threat (Naked Security) Google has responded to a letter written by a lawyer on behalf of a dozen celebrities whose nude photos were stolen and published online

Phone hacking: News of the World's Ian Edmondson pleads guilty (Guardian) Ex-news editor was one of original eight defendants, alongside Rebekah Brooks, but was later deemed unfit to continue

Classmates of hacking suspect recall his computer pranks (Indianapolis Star) The computer skills were evident to classmates of Austin Alcala even during his short time at St. Theodore Guerin High School in Noblesville

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

NGA Cyber Security Day (Springfield, Virginia, USA, October 6, 2014) The National Geospatial-Intelligence will be hosting the 2014 Cyber Security Day at the NGA Headquarters in Springfield, VA. Featuring government and industry speakers, the focus will include such topics as continuous monitoring, cloud migration, software assurance, insider threat, wireless and mobility security, and emerging threats. Exhibitors will be given exposure to the in agency Intelligence Community as a whole in this full day exposition. Exhibitors will also have the opportunity to present an abstract for approval for the day's agenda; contact your FBC representative for further details. Tech topics that are applicable include big data, network security, cyber security and training, securing mobile devices, and cloud computing security

Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, October 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is important and not about what federal cyber security projects are about to be funded. If you are a private enterprise security manager or government intelligence community member looking for real-time cyber threat detection and information sharing solutions or a telecom operator addressing new government mandates on cyber defense, this training conference is for you

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Technology & Cyber Security Day (Hill Air Force Base, Utah, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture

"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.