The CyberWire Daily Briefing 10.07.14

Summary

By The CyberWire Staff

The Chinese government escalates its cyber campaign against Hong Kong dissidents.

ISIS continues to enjoy success in social media.

Reports say that Pakistan is deploying FinFisher intercept tools against Indian officials. Other Pakistani hackers, the non-governmental skids of MaDLeets, vandalize Google's Indonesian domain to no apparent purpose.

Yahoo, it turns out, was not affected by the Shellshock vulnerability as early reports suggested — other, unrelated bugs were exploited. They're now patched, the company says. (BankInfoSecurity, whose article appeared before Yahoo finished investigating its vulnerabilities, offers a useful rundown of ways in which Shellshock is being exploited.)

The JPMorgan hack continues to exercise banks and their regulators in the US, the UK, and elsewhere. New York State bank regulator Benjamin Lawsky hopes cyber insurance will provide the sort of forcing function for cyber security that fire insurance did for building codes.

Eastern European cyber gangs have deployed a new family of malware, "Tyupkin," that enables them to extract cash from ATMs without using a stolen or forged card.

Ransomware is said to have knocked out Australian Broadcasting Corporation News for thirty minutes Monday.

AT&T discloses an insider breach and fires the malefactor responsible.

Analysts discuss whether researchers did a good thing in releasing BadUSB before a fix was available. The researchers, who say they wished to force vendors into better security, have released their own fix, but as this involves epoxy on a USB drive, many are reluctantly driven to skepticism.

Bugzilla gets a patch. Apple updates XProtect against the iWorm botnet.

Notes.

Today's issue includes events affecting Australia, Bermuda, Canada, China, European Union, France, India, Indonesia, Iraq, Ireland, Israel, Japan, Pakistan, Russia, Syria, United Arab Emirates, United Kingdom, United Nations, United States

Selected Reading

Cyber Trends

Insider threat to critical infrastructure 'underestimated', says DHS (FierceHomelandSecurity) Critical infrastructure owners and operators lack credible, sector-specific, insider-threat information to help drive security investments. But, even with "relatively robust" preventative programs in place, it's nearly impossible to entirely eliminate the threat of a malicious insider, says the Homeland Security Department's national protection and programs directorate

Heartland CEO On Why Retailers Keep Getting Breached (Dark Reading) Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches

Internet turned into 'giant surveillance platform' by NSA (Irish Times) Bruce Schneier tells Dublin audience secure web is in everyone's interest

FBI director on threat of ISIS, cybercrime (CBS News) In his first major television interview, FBI Director James Comey speaks with Scott Pelley about the threat of Americans joining ISIS and the dangers posed by cybercrime and cyber espionage

Cyber crime: First online murder will happen by end of year, warns US firm (The Independent) The rapidly evolving Internet of Everything will leave us more vulnerable to cyber criminals, according to a worried Europol

Will we ever can the spam monster? (Register) An unending battle against email-borne nasties and botnets

Leading Enterprise Organizations Have Established a Dedicated Network Security Group (Networkworld) Numerous market ramifications as network security moves away from the networking organization toward the infosec domain

Editorial: Our cyber posture is still to come (Federal Times) It's no secret the United States has far, far to go in achieving an effective cybersecurity posture

Legislation, Policy and Regulation

Japan to hold cybersecurity talks with four other nations by March (Japan Times) Japan plans to launch individual talks with France, Australia, Israel and Estonia by next March to boost its ability to fight cybercrime ahead of the 2020 Tokyo Olympics, a government official said

Fix cyber security oversight (Post and Courier) If you run a major American business you can be sure that somewhere, probably in Russia or China, expert computer hackers have you in their sights and it is going to cost you — and ultimately your customers — a lot to limit their damage

Cyber attacks could pose 'serious risk' to UK financial system — MPs (Russia Today) A group of MPs is investigating whether cybersecurity breaches pose a risk to Britain's financial system. The probe was sparked by mounting concern that protection for UK businesses and customers is currently deficient

New York banking regulator targets cyber threat (Gulf News) Move comes in wake of JPMorgan data breach that compromised names, addresses, telephone numbers and emails of 76m households

Safeguarding Asset Managers Against Mounting Cybersecurity Threats (Willis Wire) On 15 April 2014 the Securities and Exchange Commission Office of Compliance Inspections and Examinations (OCIE) released a cybersecurity initiative risk alert announcing it would be examining 50 registered broker-dealers and investment advisors to assess their cybersecurity preparedness. The announcement was accompanied by a seven-page sample request (OCIE Sample Request) for information and documents

Cyber security czar appointed (NJ Today) New Jersey Homeland Security Director Chris Rodriguez today announced the appointment of David Weinstein as New Jersey's first Cyber-Security Advisor based in the Office of Homeland Security and Preparedness. Weinstein brings unique cyber-security experiences to the position

Products, Services, and Solutions

Fortscale Introduces User Behavior Analytics Solution for User-Related Threat Mitigation (Inside Big Data) Fortscale is officially introducing its innovative flagship product that helps enterprise security analysts identify user-related threats, malicious insiders, compromised accounts, suspicious behavior and risky access to data by extracting Big Data repositories with user behavior analytics

Exabeam announces user behavior security technology (Help Net Security) Exabeam launched its platform, which adds a layer of user behavior intelligence on top of existing SIEM and log management repositories to give IT security teams a view of the full attack chain and spotlight valid attack indicators currently lost in a sea of security noise, allowing for better and more complete security response

Netskope Takes Cloud App Visibility to New Level with Active Introspection and Risk Dashboard (Broadway World) Today from Gartner Symposium/ITxpo, Netskope, the leader in safe cloud enablement, announced the addition of Netskope Active Introspection to the Netskope Active Platform and introduced the Netskope Risk Dashboard

ISACA releases Cybersecurity Fundamentals Certificate (Help Net Security) ISACA launched the Cybersecurity Fundamentals Certificate. Intended for university students and recent graduates, entry-level security professionals, and those seeking a career change, the certificate is knowledge-based and requires passing a proctored online exam

Technologies, Techniques, and Standards

FDA: Medical device cybersecurity necessary, but optional (Ars Technica) Prescription given, but the prognosis remains grim, at least in the short term

The Case for Automatic Encryption, Especially for Journalists (PBS Mediashift) The year is 1991, the month April. EMF is playing on the radio. The term "cyberspace" has existed for only half a decade. The world wide web won't exist for another four months. The software engineer Linus Torvalds has only just started work on the Linux operating system. The fastest computer you can own has a 50 Mhz processor. Yes "megahertz," with an "M"

Enforcing Password Complexity without Alienating Users (eSecurity Planet) Protecting passwords from compromise is a challenge for IT managers, who must deal with attacks that aim to compromise systems while giving users the simplicity they want

A Recipe To Avoid Becoming The Next Breach Headline (Information Security Buzz) Every day we hear of a "major" security breach at another big company. Inevitably, the victim organization goes on a spin campaign to shift blame away from itself, never simply saying, "We could have prevented this if we had had our act together"

OpenSOC (GitHub) OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. OpenSOC provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform

Testing for opened ports with firewalk technique (Internet Storm Center) There is an interesting way of knowing what kind of filters are placed in the gateway of a specific host. It is called firewalk and it is based on IP TTL expiration

Marketplace

How Cookie-Cutter Cyber Insurance Falls Short (Dark Reading) Many off-the-shelf cyber liability policies feature a broad range of exclusions that won't protect your company from a data breach or ransomware attack

Seven Cybersecurity Questions Bank Boards Need to Ask (American Banker) Recent cyberattacks against several big businesses show that a wide variety of industries are engaged in a nearly nonstop battle against hackers who seek to steal intellectual property, data and funds. All of us should be sobered by the fact that the personal information of nearly half of all American adults has been exposed in the last year or so

This Guy Convinced Google, Dropcam, Pinterest To Let 10,000 Hackers Attack (Business Insider) A startup called Bugcrowd has built a network of 11,700 hackers (and growing) worldwide. They are tasked with ripping into software and websites like trained attack dogs

Kaspersky, Interpol, Europol sign agreement (IT-Online) Kaspersky Lab has signed an agreement with Interpol and a memorandum of understanding with Europol to extend the scope of cooperation between the company and the law enforcement agencies in their joint fight against cybercrime

KPMG Acquires Assets Of Cyber Security Firm (Bernews) As a growing number of global organisations fall victim to sophisticated cyber-attacks, a group of Bermuda based Cyber Security experts are spreading the word that the island is not immune to these threats

Here's how Edward Snowden tripled sales for a cybersecurity company (Columbus Business First via UpStart Business Journal) The UpTake: Intelligent ID, which makes big brotherish software for detecting leakers within an organization, had a tough sell until Edward Snowden came along and graphically illustrated just how bad leaks can get

Lawful Interception Market is Expected to Reach $2.1 Billion, Globally, by 2020 — Allied Market Research (WHTM ABC News) According to a new report by Allied Market Research, titled "Global Lawful Interception Market (Solutions, Components, Network Technology, Communication Technology, End User, and Geography) — Opportunity Analysis and Forecast-2013-2020", the global lawful interception market is forecast to reach $2.1 billion by 2020, growing at a CAGR of 20.8% during the forecast period (2014 — 2020). Increasing crime rate in the emerging economies such as China, India and African countries would steer the necessity for lawful interceptions

HBGary Founder Launches New Security Startup (Dark Reading) Greg Hoglund's new Outlier Security offers SaaS-based security and IR for endpoints

What does the HP split mean for enterprise mobility? (FierceMobileIT) Big news this Monday is HP's announcement that it will split into two publicly traded companies — an enterprise-focused company and a personal systems/printing company

Tech Giants Are Splitting Up Because They Do Too Much at Once (Wired) According to the cliché, controlling the direction of large organizations is like "steering the Titanic." But in the case of corporate tech, the better metaphor might be the iceberg itself: frozen, adrift, unable to resist or respond to the powerful effects of climate change

HP confirms breakup, layoffs hit an entire Google’s worth of employees (Ars Technica) 55,000 people on their way out as HP becomes two companies

Yahoo Lays Off Employees In India, Reportedly Up To 2,000 Affected (TechCrunch) Just ahead of its Q3 earnings, Yahoo has started to lay people off in its international business. Specifically, it is downsizing its software development center in Bangalore, India, with one local blog, The Next Big What, pegging the number at around 2,000 employees

CIOs should prepare for lack of Cobol (yes, Cobol) developers (ITWorld) Businesses are faced with a shortage of programmers with Cobol skills, but there is hope that a new generation of developers will emerge

Research and Development

Automatic Speech In Reverberant Environments (ASpIRE) Challenge (IARPA) Automatic speech recognition software that works in a variety of acoustic environments and recording scenarios is a holy grail of the speech research community. IARPA's Automatic Speech In Reverberant Environments (ASpIRE) Challenge is seeking that grail

Security Patches, Mitigations, and Software Updates

That Unpatchable USB Malware Now Has a Patch … Sort Of (Wired) When security researchers Adam Caudill and Brandon Wilson publicly released attack code two weeks ago that takes advantage of an insidious vulnerability in USB devices, they argued that publishing their exploits would get the problems fixed faster. Now they've released a partial fix themselves — albeit one that's so messy it includes coating your USB thumb drive in epoxy

Apple anti-malware update blocks new 'iWorm' Mac botnet (ZDNet) Mac users should be protected from a new malware threat that has infected around 18,000 users across the world

Bugzilla bug tracker fixes zero-day bug revealing bug (Naked Security) Bugzilla, Mozilla's free and popular bug tracking program, has just been updated to patch a number of security holes

Rackspace tackles bug with full Xen reboot (TechTarget) Rackspace went a step further than Amazon with its Xen reboot, taking down its entire public cloud region by region to address the bug

Cyber Attacks, Threats, and Vulnerabilities

China Declares Cyber-war on Hong Kong Protesters (Voice of America) Days after demonstrators in Hong Kong began filling streets protesting what they call a power grab by Beijing, the Occupy Central battles began moving online

China's Cyber War on the Protesters (Lawfare) As Benjamin Bissell noted a few days ago, Hong Kong protestors have developed some interesting ways of trying to avoid Chinese repression, including the use of an app, FireChat, that allows them to communicate without using the internet at all. But, as you might expect, China was not likely to stand idly by. Consider this report from The Diplomat, outlining some of China's efforts to counteract the protestor's activities. They have, on the whole been incredibly sophisticated

Why America Is Losing The Online War With ISIS (Business Insider) ISIS Supporters are using Twitter and other technologies to spread propaganda and recruit hundreds of foreign fighters

Pakistan targets Indian Officials with FinFisher malware (eHackingNews) WikiLeaks last month released a set of documents and copies of 'weaponized malware' developed by FinFisher company which is said to be used by Governments around the world to spy on journalists, political dissidents and others

FinFisher Malware Analysis — Part 2 (Coding and Security) In previous post, I fully analyzed dropper part of FinFisher malware. In this post, I'll share with you details of FinFisher malware main component which I got it from the dropper

Official Google Indonesia hacked and defaced by Pakistani hackers (HackRead) The famous Pakistani hacking group MaDLeeTs is back in action by hacking and defacing official Google Indonesia domain (google[.]co[.]id) yesterday 6th Oct, 2014

Yahoo says attackers looking for Shellshock found a different bug (IDG via CSO) Yahoo said Monday it has fixed a bug that was mistaken for the Shellshock flaw, but no user data was affected

Hackers exploit Shellshock bug, compromise Yahoo, WinZip servers (Help Net Security) A group of hackers has successfully leveraged the recently discovered Bash Shellshock vulnerability to compromise a number of servers belonging to Yahoo, Lycos and Winzip, and are using them to probe for other potential victims

Report: Shellshock Attack Hits Yahoo (BankInfoSecurity) 11 types of exploits targeting flaws at organizations worldwide

JPMorgan (NYSE: JPM) not Willing to Notify Customers about Cyber Attack (Financial Buzz) JPMorgan Chase (NYSE: JPM) has no plans of informing its customers about the personal information that has been exposed under its security breach scandal. These customers comprise almost two-thirds of the households in the United States. The reason behind this secrecy has not clearly been revealed by the firm

JPMorgan hack sees financial services turn spotlight on cyber security (SC Magazine) The JPMorgan hack is already having a knock-on effect in the UK, with the government and private sector seeking to better protect financial institutions from cyber-criminals

Chase Breach: Lessons for Banks (BankInfoSecurity) Earlier detection might have prevented compromise

Tyupkin Malware Infects ATMs Worldwide (Threatpost) Criminals in Eastern Europe have evolved their attacks against automated teller machines, moving beyond solely targeting consumers with card skimmers that steal debit card numbers, to attacks against banks using malware that allows someone to remove money directly from an ATM without the need for a counterfeit or stolen card

Ransomware attack knocks TV station off air (CSO) ABC [Australian Broadcasting Corporation] News 24 said that programming was affected due to the incident

AT&T fired employee who improperly accessed customer accounts (IDG via CSO) AT&T fired an employee who improperly accessed about 1,600 customer accounts and could have viewed customers' Social Security and driver's license numbers

Not on a Social Network? You've Still Got a Privacy Problem (Wired) We already know that if you use an online social network, you give up a serious slice of your privacy thanks to the omnivorous way companies like Google and Facebook gather your personal data. But new academic research offers a glimpse of what these companies may be learning about people who don't use their massive web services. And it's a bit scary

Huge Security Hole in ZPanel 10.1 (Chunk Host) When it comes to managing a VPS, many of our customers would prefer to install some kind of control panel rather than do it all themselves from the command line. ZPanel is perhaps the most popular choice for this. We even offered ZPanel 10.1 as a pre-made image — it was a very recent version (10.1.1 is the most recent at the time of writing), and there are no published security announcements relating to it

Bugzilla 0-day can reveal 0-day bugs in OSS giants like Mozilla, Red Hat (Ars Technica) Check Point finds a Perl programming language problem that bites the popular bug-tracker

Trojans-SMS Are Top Threat on Android, INTERPOL and Kaspersky Say (Softpedia) In a joint effort against cybercrime, a study conducted over the period of one year by Kaspersky and INTERPOL revealed that SMS Trojans are among the most frequent threats Android users face

Did researchers help hackers in releasing USB drive exploit? (CSO) SANS Institute instructor says releasing exploits before there is a fix 'never seems to end well' for software users

Data Leak Reported with Five-Month Delay by Touchstone Medical Imaging (Softpedia) Touchstone Medical Imaging, a medical company providing diagnostic imaging services in the United States, disclosed on Friday that patient details were exposed online since the beginning of May 2014

Celebgate continues, nude celebrity photos posted of Winona Ryder, Hulk Hogan's son (Naked Security) US wrestler Hulk Hogan's son, 24-year-old Nick Hogan, is believed to be the first male victim of the third installation in the serial doxing of celebrities' nude photos

Academia

Microsoft and other firms take pledge to protect student privacy (CSO) Microsoft and other companies that provide education technologies and services to U.S. schools aim to assuage parents' concerns about the collection and handling of student data with a pledge to protect that data

MITRE Partners with University System of Maryland to Operate New Cybersecurity R&D Center for the National Institute of Standards and Technology (MITRE) The U.S. Commerce Department's National Institute of Standards and Technology (NIST) has selected The MITRE Corporation to operate the first federally funded research and development center (FFRDC) solely dedicated to enhancing cybersecurity and protecting national information systems. MITRE will partner with the University System of Maryland (USM) to support the center

Litigation, Investigation, and Enforcement

Feds 'Hacked' Silk Road Without A Warrant? Perfectly Legal, Prosecutors Argue (Wired) With only a month until the scheduled trial of Ross Ulbricht, the alleged creator of the Silk Road drug site, Ulbricht's defense lawyers have zeroed in on the argument that the U.S. government illegally hacked the billion-dollar black market site to expose the location of its hidden server. The prosecution's latest rebuttal to that argument takes an unexpected tack: they claim that even if the FBI did hack the Silk Road without a warrant — and prosecutors are careful not to admit they did — that intrusion would be a perfectly law-abiding act of criminal investigation

Finding a Video Poker Bug Made These Guys Rich — Then Vegas Made Them Pay (Wired) John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple light on the top of the machine flashed, signaling a $4,300 jackpot

New York City orders Bluetooth beacons in pay phones to come down (Ars Technica) Digital ad firm Titan 360 pulls a 180 on its devices after BuzzFeed discovery

Dubai police add facial recognition to Google Glass (Naked Security) Dubai police are rigging $1,500 Google Glass gadgets up with facial recognition for use by their detectives

Design and Innovation

The Internet of Things Gets a New OS (IEEE Spectrum) British processor powerhouse ARM Holdings, said last week that it intends to launch a new, low-power operating system that will manage web-connected devices and appliances using chips based on the company's 32-bit Cortex-M microcontrollers

Apple's write-only storage (ZDNet) Why would you store data that you can't read? To keep it secret. The first rule of secrets: Don't tell anyone. Exactly what Apple does. Here's how and why

Technology Takes the Wheel (New York Times) Google's driverless car may still be a work in progress, but the potential for semiautonomous vehicles on American roads is no longer the stuff of science fiction

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions for the event. If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-11, we cordially invite you to submit your proposal

upcoming Events

Cyber Threat Detection and Information Sharing Training Conference (Washington, DC, USA, October 6 - 8, 2014) Cyber Threat Detection and Information Sharing Training Conference is about education on cyber threat detection and information sharing solutions and product training and not about why this subject is important and not about what federal cyber security projects are about to be funded. If you are a private enterprise security manager or government intelligence community member looking for real-time cyber threat detection and information sharing solutions or a telecom operator addressing new government mandates on cyber defense, this training conference is for you

Open Analytics Summit (Dulles, Virginia, USA, October 7, 2014) Open Analytics Summits are for Developers, Engineers, Data Scientists, CMOs, Data Analysts, CTOs, Architects, Brand Managers, and anyone passionate about open source technologies, big data, or data analytics

MIRcon 2014 (Washington, DC, USA, October 7 - 8, 2014) MIRcon 2014 is the premier information security industry event of the year. The conference is designed to educate innovators and executives battling cyber attackers daily

Cyber Security, Meet Workforce Development (Silver Spring, Maryland, USA, October 8, 2014) Per Scholas convenes leaders in the Nation's Capital to develop a blueprint for building today's entry-level cyber security workforce

Technology & Cyber Security Day (Hill Air Force Base, Utah, October 8, 2014) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 5th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers at Hill AFB

Cyber Security EXPO (, January 1, 1970) Securing information, mobility, cloud, and social interaction for the modern enterprise. Disruptive technologies such as cloud computing, mobile, bring your own device (BYOD) and social media are pushing sensitive data and function closer to the user and away from traditional controls. Cyber crime is at an all-time high, attackers are using highly sophisticated methods taking advantage of a hyper-connected world. The challenge of securing corporate data and networks to mitigate risk is greater than ever. CISOs need new tools, new thinking and policies to meet these challenges. Cyber Security Expo 2014 has been designed to do just that. Cyber Security Expo will have a dedicated conference as well as five highly focused theatres and a significant exhibition. Major themes examined include: Internet & Network Security, Social and Consumer Trends, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance and Mobile Device Management.

InfoSec 2014 (Kuala Terengganu, Malaysia, October 8 - 10, 2014) You are invited to participate in The International Conference on Information Security and Cyber Forensics (InfoSec 2014) that will be held at Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia on October 8-10, 2014. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lecture

"Women in Government Contracting" Networking Reception (Columbia, Maryland, USA, October 9, 2014) A special invitation to executive women in technology sponsored by COPT-Corporate Office Properties Trust and the GovConnects Advisory Council. Guest speaker, Deborah Bonanni, former Chief of Staff NSA Director and member of the Maryland Cybersecurity Round Table Leadership Team

Hacktivity 2014 (Budapest, Hungary, October 10 - 11, 2014) Official and alternative representatives of the information security profession meet with all those interested in this field in framework which is at the same time informal and informative, and sometimes very in-depth technological.

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

Hack-in-the-Box Malaysia (Kuala Lumpur, Malaysia, October 13 - 16, 2014) HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry. HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated

FS-ISAC Fall Summit 2014 (Washington, DC, USA, October 13 - 16, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its Fall Summit will feature sessions of interest to both security professionals and the financial sector

CYBERSEC 2014 (, January 1, 1970) CYBERSEC is a 4-day event geared toward helping you achieve your cybersecurity goals. Whether your focus is on cybersecurity management, investigation, defense, or offense we are offering specialty cybersecurity information tracks just for you.

Black Hat Europe 2014 (, January 1, 1970) The premier conference on information security returns to the beautiful city of Amsterdam, Netherlands in October, 2014. Professionals from all over the world gather for two days of intense Trainings and two thought-provoking days of Briefings brought to you by some of the brightest minds in the industry.

Social Security Administration Security Awareness Day (Baltimore, Maryland, USA, October 15, 2014) This event, hosted by the Office of Information Security is intended to raise general computer security awareness for the end-users at SSA

Denver SecureWorld (Denver, Colorado, USA, October 16, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

TechCrunch Disrupt Europe Hackathon (London, England, UK, October 18 - 19, 2014) For the second year in a row, TechCrunch is jumping across the pond and bringing the iconic Disrupt and our Hackathon to Europe. We're heading your way, London

U.S. Army ITA Security Forum (Fort Belvoir, Virginia, USA, October 20, 2014) The U.S. Army Information Technology Agency Security Forum is taking place at the Ft. Belvoir site and will be a one day event focusing on cyber security education and training for the workforce. The exhibits will take place in the Warrior Conference Room and the training sessions will take place in the Heroes Auditorium

CSEC 2014 Cyber Security Summit (Kingdom of Bahrain, October 20 - 22, 2014) At the Inaugural Cyber Security Summit 2014, you will have the opportunity to seek ways to reset your IT security and risk strategy for success; stay relevant as IT security and risk are redefined; implement BCM best practices for threat resilience; mitigate the risks of new social collaboration tools; craft strategy for emerging BYOD and mobile threats; learn new regulatory compliance requirements; and more. This year's CSEC Summit attendees will: hear the latest presentations from the Information Security community on today's most pressing topics, attend workshops run by expert analysts and industry leaders, hear real-life experiences during peer case studies, engage in analyst-user roundtables and one-on-one meetings with industry experts, and check out the latest solutions in our Solution Showcase

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

National Archives and Records Administration (NARA) IT Security Day (College Park, Maryland, USA, October 21, 2014) FBC and NARA are working together to coordinate the 6th Annual National Archives and Records Administration (NARA) Information Technology Day. Exhibitors will be on-site to share information and demonstrate their latest security products

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.