The CyberWire Daily Briefing 10.22.14

Summary

By The CyberWire Staff

A hacker working on #OpHongKong claims he's counted coup against Hong Kong officialdom by compromising nineteen HostGator servers and downloading their content, which he says he'll release on November 5 (Guy Fawkes Day, of course). He promises "something big"; we shall see. Apple responds to Chinese government man-in-the-middle attacks on iOS users with warnings to its customers.

ISIS continues its sub-barbarian, deplorably successful propaganda of the deed as it posts videos of stonings-to-death (of women, for adultery) in rural areas outside Hama. The Islamic State has issued an opsec manual so those inspired by ruthless inhumanity may tweet without fear of geolocation.

Cyber attacks on news sites accompany elections in Mozambique.

Microsoft warns of a zero-day affecting all versions of Windows except Windows Server 2003. The vulnerability is being exploited in the wild, most commonly with infected PowerPoint files as the infection vector.

Patches inevitably expose vulnerabilities, and criminals work assiduously to reverse engineer and weaponize patched bugs as soon as those are publicly known. Here's a current example of the problem: Adobe patched Flash last week, and unpatched systems are already being targeted in wide-scale attacks as the vulnerability appears in the Fiesta drive-by exploit kit.

The Staples breach (under investigation) leads Check Point to observe that the attack was directed at point-of-sale systems, not Staples, and to urge not more shaming, but more sharing. New York financial regulators urge the sector they oversee to share more threat information as a way of performing due diligence on third parties.

Notes.

Today's issue includes events affecting Canada, China, France, Germany, Greece, India, Indonesia, Israel, Malaysia, Mexico, Mozambique, Portugal, Russia, Spain, Ukraine, United Kingdom, United States, and and Vietnam .

Selected Reading

Cyber Trends

If attackers only need to be lucky once, we need better guidance (CSO) Under the guise that attackers only need to be "lucky" one time, we offer too much guidance and get too few results. It is time to change

How Has Cybersecurity Changed Operations? (Security) The first article in this four part series focused on the emergence of a full lifecycle approach to cybersecurity over the last 15 years, and the elevation of the cyber responsibility in an organization to the C-Suite and beyond. This article will look at how the cybersecurity market has changed from an operational perspective, focusing on the internal changes that have occurred to keep pace with the demand externally

What's behind the dramatic rise in medical identity theft? (Fortune) A decentralized U.S. health system, increasing digitization of records, and demand in the black market are fueling a surge in thefts

Small healthcare facilities unprepared for a data breach (Help Net Security) While healthcare breaches are on the rise, most small facilities feel that their systems adequately limit the risk of a data breach despite one in three facilities spending less than 10 percent of their IT budget on protecting patient data

Cyber Security Goes Mobile (Institutional Investor) Four to five years ago, employees' tendency to toggle between their private and professional lives on smartphones, laptops, and tablets began to raise red flags for security reasons

Workers use their own devices at work, without boss's knowledge (ComputerWorld) Line between work and play is getting more blurred, Gartner survey indicates

Legislation, Policy and Regulation

Beefing up cyber security in Ottawa (Ottawa Sun) Cyber threats are a growing concern that show no signs of slowing down, say experts, with ever-evolving technology at people's fingertips

Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan (Register) Encryption would lead us all into a 'dark place', claim G-Men

Why Outlawing Encryption Is Wrong (InformationWeek) Putting data encryption solely into the hands of government employees won't prevent bad things from happening — and it might encourage wrongdoing

Industry can head off IoT privacy rules, former US official says (IDG via CSO) The Internet of Things is raising a host of concerns over the control of data that could lead to government regulation, but tech companies can rein in those worries on their own if they act fast, according to a former White House technology official

White Hat Hackers Fight For Legal Reform (Dark Reading) Security researchers petition to update digital intellectual property and copyright protection laws that limit their work in finding and revealing security bugs

D.C.'s Complicated View of Cyberwar, Regulation, Liability (Threatpost) Lawmakers and politicians trying to equate cyberwar with a kinetic battle are misguided in putting the two on equal footing, said former National Security Agency general counsel Stewart A. Baker today in his keynote at the Cyber Security Summit

EXPERT: Here Are 4 Things Edward Snowden Gets Wildly Wrong About The NSA (Business Insider) As a former 'research scientist' at the National Security Agency, I feel compelled to respond to James Bamford's exclusive interview with Edward Snowden that appeared in the September issue of Wired magazine

How Tom Carper Sees FISMA Bill Passing (GovInfoSecurity) Senator describes building trust with Republican counterpart

FTC Hires Privacy Researcher Ashkan Soltani as Chief Technologist (Threatpost) The FTC has hired Ashkan Soltani, a highly regarded and respected technologist and privacy researcher, as its chief technologist

New York financial regulator pushes banks to plug gaps in cybersecurity (Reuters) Following the massive cyber attack on the biggest U.S. bank JPMorgan Chase & Co (JPM.N) disclosed in August, and other financial institutions, government authorities in United States are pushing financial institutions and brokerage houses to close glaring gaps in cybersecurity

Rible: Cyber Attack Attempts Illustrate Need to Protect Student Data (PolitickerNJ) Assemblyman Dave Rible said a recent report by the state attorney general that New Jersey faces more than a million hacking attempts per month underscores the need to enact legislation he sponsors (A-2724) that safeguards information collected on New Jersey students

Products, Services, and Solutions

Vectra Networks Joins New A10 Security Alliance to Jointly Detect Attacks Obfuscated in Encrypted SSL Traffic (Thomasnet) Vectra Networks, a leader in real-time detection of in-progress cyber-attacks, today announced it is a member of the A10 Security Alliance, an ecosystem of leading security and networking companies that are working together to mitigate threats and automate security operations, as launched by A10 Networks today

Webroot, HP Partner on Mobile Security Platform (eWeek) The BrightCloud IP Reputation Service is a real-time threat intelligence service that helps organizations identify malicious IPs in network traffic

Lunarline & Netsparker Partner to Strengthen Web Vulnerability Scanning Management (PRNewswire) Lunarline and Netsparker today announced a strategic partnership to integrate Netsparker's industry-leading web application security scanner with Lunarline's Sniper and Vulnerability Scan Converter (VSC) solutions. This will allow users to better manage and remediate web application vulnerabilities identified by the Netsparker Web Application Security Scanner

Halcyon Software Launches New Security Product For Managing Passwords (PRNewswire) Halcyon Software, a global leader in multi-platform systems management software, today announced the immediate availability of Password Reset Manager, a new security solution for users of IBM i running on IBM Power Systems servers

Product helps small and midsize firms measure cyber attack readiness (Business Insurance) Information technology solutions provider eManagement Inc. has developed a new tool to help small and midsize businesses measure their readiness to respond to and recover from cyber security attacks

McAfee Delivers New Product Portfolio for Small and Medium-Sized Businesses (MarketWatch) New security suites help provide cost-effective, customized protection against new malware and exploits

Zscaler Launches New Advanced Persistent Threat Protection with Fall 2014 — Now Everyone can be Protected from Zero-Day and Advanced Threats (EIN News) Zscaler, the Internet security company, today introduced the Fall 2014 release of the Zscaler Internet security and compliance platform. Available now, Zscaler Fall 2014 includes breakthrough new capabilities for Advanced Persistent Threat (APT) protection, guest Wifi security, global administration, policy management and reporting and instant assessment of security risks

Iron Mountain Delivers Complete Solution for Controls Over Physical Records Inventory (Finances) Iron Mountain Incorporated (NYSE:IRM), the storage and information management company, today announced an expanded set of services, called the Iron Mountain Inventory Governance solution, designed to help organizations ensure complete governance over their physical records inventory stored securely offsite

Technologies, Techniques, and Standards

Feds urge early cooperation in malware investigations (FCW) The financial services industry has garnered a reputation among cybersecurity professionals for being among the more resilient sectors in the face of cyberattacks

Digital Security: Taking an Uncompromising Stand (Dark Reading) How to improve digital immunity by sharing Indicators of Attack

Keep calm and plug the holes (Computerworld) Panicked reactions are no way to cope with zero-day vulnerabilities. We all should know that there's always another one just around the corner

Dropping Docs on Darknets: How People Got Caught (eHacking) Uploaded document or any other private file on Internet by using TOR or any other proxy, you just got relaxed but do you ever think that you will be getting caught? No; then you must be thinking that way because people trying to de-anonymize you

'One Man's Creepy Is Another's Targeted': Data-Privacy Gray Areas (American Banker) About a year ago, a large North American bank discovered that employees throughout the organization were looking at the accounts out of a famous athlete to satisfy their curiosity. To stop this behavior, the bank resorted to shaming — it circulated a report every day of all the people who had opened the account record until the activity stopped, according to a former employee

A Physical Key to Your Google Account (Technology Review) Google says using a small USB stick to vouch for your identity is more secure than either a password or conventional two-factor authentication

SSH Keys: The Powerful, Unprotected Privileged Credentials (CyberArk Blog) When thinking about privileged accounts — and the credentials used to access them — passwords typically come to mind

Chip-and-PIN increases cybersecurity (The Hill) In Russia alone, stolen payment card information is a $680 million-per-year industry, according to Moscow-based security company Group IB. With that much money to be made, it's no wonder why cyber-attacks are so common. And who are Russian hackers' biggest target? The United States. Researchers analyzed just one of many sophisticated underground data-swapping sites and found that data from five million of the seven million cards offered up originally came from Americans

AlgoSec Survey Reveals Security Pains Of Hybrid Cloud (CRN) A hybrid computing environment is becoming the dominant paradigm for enterprises, but security concerns are causing headaches for IT professionals

Cloud security: Think you're blocking staff access to certain sites? Think again (ZDNet) Stopping staff using certain web services may be in decline outside regulatory environments, but even where it is being attempted it may be falling well short of its aims

The next evolution in next-generation firewalls #WGImagine14 (TechDay) With companies struggling to keep pace with the increasing volume and sophistication of cyberattacks, it's time for firewalls to step up — and time for an evolutionary advancement in next-generation firewalls (NGFW)

How Docker Changes Cloud Security (InformationWeek) Docker's shared Linux kernel architecture isn't secure enough for multitenancy applications. This popular new container technology is, however, a great choice for banking, retail, and online apps

Marketplace

The Morning Download: Watson Notwithstanding, IBM Is in Jeopardy (Wall Street Journal) Good morning. The brilliance of its Jeopardy-beating Watson supercomputing platform notwithstanding, International Business Machines Corp. is having a tough time adjusting to seismic shifts in the relationship between business and technology

BlackBerry shares spurred by Lenovo takeover rumours (Globe and Mail) A year after Ottawa quietly signalled opposition to a Lenovo Group Ltd. takeover of BlackBerry Ltd., rumours are surfacing that the Chinese company is poised to make another play for the Waterloo, Ont.-based smartphone maker

Security ratings company BitSight acquires threat analytics service (VentureBeat) Security ratings company BitSight Technologies just picked up a small Portugal-based threat intelligence company called AnubisNetworks

PCCW acquires Security as a Service (Business-Cloud) PCCW Global buys Crypteia Networks to get Security as a Service solution to compete with other security analytics vendors

Cyberark Quiet Period Expires; Multiple Analysts Bullish On Stock (Benzinga) Shares of Cyberark Software Ltd (NASDAQ: CYBR) have experienced volatility in Monday's trade as the quiet period for shares as expired

Israel's ThetaRay turns to maths to detect cyber threats (Reuters) As businesses face a growing threat of cyber attacks, Israeli start-up ThetaRay is betting on maths to provide early detection, enabling the shutdown of systems before damage can be done

eBay's Earnings Continue To Be Impacted By Cyber-Attack (Nasdaq) eBay (EBAY) posted lukewarm earnings in the third quarter, with revenue rising by 12% to $4.4 billion. This was primarily driven by 20% growth in the payments' business, as the marketplaces' segment continued to face headwinds. The latter's revenue growth slowed to 6% in Q3, as compared to 11% and 9% growth in the past two quarters, due to reduced levels of traffic caused by security breach and changes in Google SEO (i.e., Search Engine Optimization) algorithm

FAA Seeks Industry Input on COTS Forensic Case Management Tech (ExecutiveGov) The Federal Aviation Administration is conducting a market survey on commercial off-the-shelf applications for forensic case management that will store, process and preserve FAA-collected digital forensic evidence along the chain of custody

Cyber demand leaves states at risk (The Hill) State and local governments facing growing threats from hackers have a new problem: finding and then employing the right cybersecurity specialists to fight them

Darrell Durst on Lockheed's Partnership With DHS, State of US Cyber Workforce (ExecutiveBiz) Darrell Durst leads a Lockheed Martin organization that provides cyber technology and services to the U.S. government in his role as vice president of cyber solutions

Exclusive: Ex-spy chief's private firm ends deal with U.S. official (Reuters via Yahoo! News) Former National Security Agency director Keith Alexander has ended a deal with a senior U.S. intelligence official allowing the official to work part-time for his firm, an arrangement current and former officials said risked a conflict of interest

Security Patches, Mitigations, and Software Updates

IBM i Gets New MQ Security Options (IT Jungle) The latest Technology Refreshes for IBM i versions 7.1. and 7.2 brought lots of good stuff in the Web integration department, including support for REST Web services and Node.js. But IBM's IBM i updates also brought good old fashioned message queue-based integration with support for the latest release of IBM's IBM MQ

Microsoft warns users to kill botched KB 2949927 patch (InfoWorld) Microsoft yanked SHA-2 patch KB 2949927, and now goes further and cautions users to uninstall the update

OS X Yosemite's Spotlight Suggestions: Privacy killer or not? (Help Net Security) With last week's official release of OS X Yosemite (v10.10), Apple has solved some critical security issues that could adversely affect users

OS X Yosemite Wi-Fi problems — can you help us solve them? (Naked Security) If you're a Mac user, you're probably thinking of updating to OS X 10.10, better known as Yosemite

Cyber Attacks, Threats, and Vulnerabilities

CaLLSTaCK hacked various HostGator servers for #OPHongKong campaign (Security Affairs) The hacker CaLLSTaCK as part of the #OPHongKong campaign announced to have breached several servers of the popular hosting service HostGator

China attacks lead Apple to alert users on iCloud threats (IDG via CSO) Apple has warned users about attacks on its iCloud website, after monitoring groups alleged that China had tried to intercept customer information from the service

ISIS releases "How to Tweet Safely Without Giving out Your Location to NSA" Manual (HackRead) ISIS introduces Training Guide for its members to prevent NSA spying

Cyber Attack Downs Mozambique's @Verdade News Site on Election Day (Global Voices) @Verdade, a Mozambican weekly newspaper and Global Voices partner, was the victim of a massive cyber attack on Oct. 15, 2014, when Mozambican general elections took place last week. The attack began on the eve of the election and managed to bring down the site at the very hour polls closed and votes were being counted across the large, southern African country

Microsoft warns of new Zero-Day attack (CSO) On Tuesday, Microsoft issued an advisory warning of a new Zero-Day vulnerability that impacts all supported versions of their Windows operating system except, Windows Server 2003. The software giant also confirmed targeted attacks looking to exploit this flaw

One week after patch, Flash vulnerability already exploited in large-scale attacks (IDG via CSO) If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn

INSIGHT-U.S. government probes medical devices for possible cyber flaws (Reuters) The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers, a senior official at the agency told Reuters

Staples likely breached, retailer defenses back in spotlight (Ars Technica) Time to start sharing data and making corporate networks more secure

Synthetic Identity Fraud A Fast-Growing Category (Dark Reading) Real SSNs tied with fake identities are reaping criminals big profits

JP Morgan Chase Cyber-Attack Authors Still Unknown, Russia Ruled Out for Now (Softpedia) There has been speculation about the Russian government directing the cyber-attack against JP Morgan Chase this summer, but the FBI denied any indication that the country was involved in the incident, although the possibility has not been ruled out completely

0wning Emmental (Fortinet) A long time ago, I posted a video showing how to control Zitmo (the mobile component of ZeuS). It turns out you can (nearly) do exactly the same with Emmental. If you are not aware of Operation Emmental, please jump to this excellent white paper

USB is now UEC (use with extreme caution) (CSO) USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown

What all major brands share in common with the Snappening (Help Net Security) By now we have all heard about "The Snappening" — hyped as a high-profile data breach involving the photo-sharing application Snapchat

Kaspersky Lab and INTERPOL Survey Reports: 60 Percent of Android Attacks Use Financial Malware (BusinessWire via Yahoo! Finance) According to the results of the "Mobile Cyber Threats" survey issued by Kaspersky Lab and INTERPOL between August 2013 and July 2014, malicious programs targeting Android-based devices in order to steal money were used in 60 percent of attempted attacks registered by Kaspersky Lab security products

Symantec sees rise in high-traffic DDoS attacks (IDG via CSO) A type of distributed denial-of-service attack, DNS amplification, has risen sharply, according to new research from Symantec

Vernonia City Police Department VPD (State of Oregon) Website Hacked (HackRead) An Indonesian hacker going with the handle of 'Newbie Linuxer' hacked and defaced the official website of Vernonia City, State of Oregon Police Department (VPD) earlier today

Academia

Willis College's Fortinet-backed advanced network security program opens (Ottawa Business Journal) A private Ottawa post-secondary college has launched a new certificate program it says will make the city a leader in training and employing network security professionals

5 non-traditional hiring tips for InfoSec (CSO) There's a dramatic shortage of qualified information security professionals in the industry today

Litigation, Investigation, and Enforcement

Who's Arguing in the DC Circuit Over NSA Surveillance? (National Law Journal) Veteran appellate lawyer H. Thomas Byron III will defend the government's bulk collection of phone records next month at argument in a Washington federal appeals court, according to court papers filed Monday

Group tackles massive, governmentwide FOIA review (FierceGovernment) A subcommittee of the Freedom of Information Act Advisory Committee is undertaking a massive information gathering project to survey the current state of FOIA oversight, and review what problems have been identified and corrective actions taken over the past 10 years

U.S. national security prosecutors shift focus from spies to cyber (Reuters) The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions

Keith Alexander Continues To 'Play To The Edges' Of Propriety; NSA Now Checking Out His Partnership With Agency CTO (TechDirt) The long-delayed release of former NSA head Keith Alexander's financial documents failed to generate much in terms of conflicted interests. There was some investment in companies with government contracts, but nothing stood out as a direct connection between Alexander's investments and his previous day job

She Tweeted Against the Mexican Cartels. They Tweeted Her Murder. (Daily Beast) No newspaper dares to publish the truth about the drug lords in Tamaulipas. Those who break the silence on Twitter and Facebook are marked for death

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

2014 ICS Cyber Security Conference (, January 1, 1970) The 14th ICS Cyber Security Conference (sometimes known as "Weisscon") will be held October 20-23, 2014 at Georgia Tech in Atlanta, GA. Cyber Security is becoming a critical infrastructure issue with implications that go far beyond the plant fence. Plant engineers, corporate officers, insurance company executives and more will be handling cyber security issues in the coming years. This conference is essential attendance for people in the manufacturing or utility environment.

Cyber Security Summit 2014 (, January 1, 1970) Cyber security breaches have a profound impact on all areas of society. Join the discussion at Cyber Security Summit 2014. For two days, leaders from the public and private sectors meet to identify cyber threat issues and their countermeasures.

Collaborative Approaches for Medical Device and Healthcare Cybersecurity; Public Workshop (Arlington, Virginia, USA, October 21 - 22, 2014) The Food and Drug Administration (FDA) is announcing the following public workshop entitled "Collaborative Approaches for Medical Device and Healthcare Cybersecurity." FDA, in collaboration with other stakeholders within the Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), seeks broad input from the Healthcare and Public Health (HPH) Sector on medical device and healthcare cybersecurity

Secure 2014 (Warsaw, Poland, October 21 - 23, 2014) NASK and CERT-Polska offer this conference on telecommunications and IT security. Speakers from government, industry, and universities around the world will offer insights into research, policy, and security trends

Hack.lu 2014 (Dommeldange, Luxembourg, October 21 - 24, 2014) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society

ISSA International Conference (Orlando, Florida, USA, October 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.

ToorCon San Diego (San Diego, California, USA, October 22 - 26, 2014) For hackers like you, because what could possibly go wrong?

DOE Germantown Cybersecurity Awareness Day (Germantown, Maryland, USA, October 23, 2014) The Department of Energy Germantown Building will be hosting a Cyber Security Awareness Day featuring a technology expo. DoE will be looking for a wide range of cyber security industry experts to showcase their latest technologies. Reaching the professional community within this location can be extremely challenging and this event will provide a great opportunity to provide product demonstrations to this hard-to-reach group, as well as position your company's information to the Department of Energy

Library of Congress Cybersecurity Awareness Expo (Washington, DC, USA, October 23, 2014) The Library of Congress (LOC)is hosting its annual cyber security awareness days during October and the exposition is an important part of their education and outreach effort to industry

NASA Glenn Research Center Cyber Security Expo (Cleveland, Ohio, USA, October 23, 2014) In recognition of National Cyber Security Awareness Month, an Awareness Day event will be held at Glenn Research Center in Cleveland, Ohio. This event will provide participants with information and resources on today's vulnerabilities, incidents, and security threats, as well as how to protect against them. Live demos and informational booths by top vendors will give participants a look at current trends in cyber security. Exhibitors will have the opportunity to network with government personnel and industry partners to discuss critical issues

2014 Omaha Cyber Security Event (Omaha, Nebraska, USA, October 23, 2014) Better Business Bureau and its partners present a panel discussion on how to stay safe online — it's our shared responsibility! Learn the risks, how to spot potential problems and how our online actions impact our safety. Panelists include professionals from the: US Secret Service, FBI, National Cyber Security Alliance and Nebraska Sate Information Office

FOCUS 14: Empowering the Connected World (Las Vegas, Nevada, USA, October 26 - 27, 2014) FOCUS will offer you a unique opportunity to learn directly from other McAfee users. Hear real-world scenarios from McAfee customers and learn how they maintain the highest standards of security while reducing costs, streamlining processes, and driving efficiencies in the daily administration of their networks and systems. Network with security peers who share your challenges, concerns and issues, and learn more about their own success strategies

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring new trends and exciting emerging tools in social with Kelsey Reck, Founder & CEO of Harbor Social, then we'll shift to two approaches to the same problem: addressing risk brought about by these new trends and tools. ZeroFOX social risk management and RedOwl will look at internal risks within employee communication shedding light on the "digital exhaust trail." This one is guaranteed to inspire and enlighten! Include Promo Code "Social102814" and you get the Member Rate on registration, thereby saving $20

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.