The CyberWire Daily Briefing 10.28.14

Summary

By The CyberWire Staff

ISIS opponents (including some rivals from al Qaeda) push back with information operations.

The Putinist hackers who disrupted Ukrainian sites during the recent election sought to pass off old Russian atrocities in Chechnya as fresh Ukrainian murders of ethnic Russians in Donbas. FireEye (with appropriate lawyerly reservations) attributes the APT28 cyber espionage campaign to Russian security services. FireEye notes APT28's careful, sophisticated stealth, but the attribution rests on more than a priori probability.

A wide range of apparently unrelated targets (Uyghur activists, a US think tank, a Japanese industrial site, and the Korean hospitality industry — all, however, surely of some interest to China) suggests that several groups are using the ScanBox keylogger framework.

The Novetta-led industry group that's been investigating a long-running cyber espionage campaign has reported. They call the campaign "Operation SMN," and attribute it to the "Axiom Threat Actor Group" (said to be a Chinese government unit).

CrowdStrike reviews its research into Chinese and Iranian threats.

Intel researchers promise to show how they can forge RSA certificates by exploiting the Mozilla Network Security Services cryptographic library.

Industry observers cry up the importance of risk analysis (and suggest you do some before you buy cyber insurance). Some make it sound simple, flogging the familiar risk equation, but of course the devil's in the details (that is, in the values you assign those variables.)

Banks are increasingly taking stakes in cyber start-ups.

The US releases its cyber operations manual.

The FBI thinks it may have found the NSA's "second leaker."

Notes.

Today's issue includes events affecting Australia, Canada, China, Egypt, Estonia, France, Iraq, Iran, Israel, Japan, Jordan, Republic of Korea, Kuwait, Lebanon, Qatar, Russia, Saudi Arabia, Syria, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

In the Trenches of the Cyber War (CFO) Finance chiefs take arms against a sea of cyber invasions

The Evolution of the CISO Role and Organizational Readiness (CIO) If we look at the headlines surrounding recent data breaches, we might conclude that the role of the chief information security officer (CISO) has never been more critical to the success and sustained well-being of an organization

Taking back privacy in the post-Snowden cloud (Ars Technica) Governments aren't going to fix cloud's privacy problem. It's up to the industry — and us

Everyone wants to sell privacy in the post-Snowden world. But who can you trust? (Washington Post) In the post-Snowden world, privacy is a highly marketable commodity. Big tech companies, perhaps hoping to distance themselves from involvement in National Security Agency, have ramped up their efforts to encrypt user data and new apps, services, and hardware all invoking terms like privacy, anonymous, and, of course, "NSA proof" are a dime a dozen

Rise of e-voting is inevitable, as is risk of hacking (Globe and Mail) It took just one typo in one line of code to elect a malevolent computer program mayor of Washington, D.C

Most IT sec pros still rely on perimeter security to stop APTs (Help Net Security) 78 percent of IT security professionals are confident that firewalls and antimalware tools are robust enough to combat today's advanced persistent threats, say the result of a new survey from Lieberman Software Corporation

Mobile Security's Budget Shortfall (eSecurity Planet) Sixty-four percent of companies surveyed by the Ponemon Institute do not believe they have enough budget to adequately secure mobile devices

Cyberattacks Most Imminent Threat to U.S. Economy (Threatpost) In a panel discussion Monday morning, a crowded table of top-level security experts from industry, military and government agreed that the threat posed by cyberattacks targeting U.S. critical infrastructure and private industry now outweighs any other national security threat

Cyber security's "Doomsday Warning" (Microscope) Earlier this month, President Obama spoke of a devastating wave of cyber attacks that could soon strike the US in what Washington insiders are calling a "Doomsday Warning"

Highlights from the 2014 ICS Cyber Security Conference (Control Global) The 14th ICS Cyber Security Conference was held from October 20-23 at the Georgia Tech Hotel and Conference Center in Atlanta. The Conference started in 2002 with this year's version being the first under the banner of SecurityWeek. Attendees from multiple industries and countries in North America, South America, Europe, Asia, and the Middle East participated in the 2014 ICS Cyber Security Conference

VA CIO Reveals Biggest Security Concern (HealthcareInfoSecurity) What cybersecurity issue keeps Steph Warren, CIO of the Department of Veterans Affairs, up at night? He tells me it's the potential long-term harm that data breaches and other incidents can have on public faith in e-commerce

Data commute does not compute! (Mozy Blog) Look around any office today and you're likely to see a wheeled laptop bag parked beside many of the desks. Why the wheels? Well, we're all carrying more than just a laptop

Déclinaison autour du mot "Cyber" et vrai visage de la Cybercriminalité (Investigation Numérique) Il y a un temps où de belles choses avaient été mises en place pour appréhender les preuves et les faits liés au numérique

Legislation, Policy and Regulation

Joint Publication 3-12 (R) Cyberspace Operations (US Department of Defense) This publication provides joint doctrine for the planning, preparation, execution, and assessment of joint cyberspace operations across the range of military operations

New cyber doctrine shows more offense, transparency (FCW) The Pentagon this week published a doctrine that was unusually candid about offensive scenarios in cyberspace, a transparency that experts say could lead to an open and perhaps overdue policy debate

Offensive Cyber Operations in US Military Doctrine (Federation of American Scientists) A newly disclosed Department of Defense doctrinal publication acknowledges the reality of offensive cyberspace operations, and provides a military perspective on their utility and their hazards

Pentagon must carefully consider 'projected effects' from offensive cyber operations, new document says (FierceGovernmentIT) If the Pentagon uses offensive military operations in cyberspace, it must first carefully consider "projected effects," including impacts on non-military and foreign policy areas, says a recently declassified military document

UK government cracks down on nuisance calls and texts (ComputerWeekly) The Department for Culture, Media and Sport (DCMS) has announced plans to make it easier for the Information Commissioner's Office (ICO) to fine companies that spam people with nuisance calls and texts

Human Services works to address cybersecurity concerns (ZDNet) Australian Department of Human Services CIO Gary Sterrenberg has said that the agency is moving towards reducing the threat of attack on its systems, following an Australian National Audit Office (ANAO) report that called for the agency to improve its security

Labor calls for release of mandatory data-retention legislation (ZDNet) Labor has called on the Australian government to release the exposure draft for legislation forcing telecommunications companies to keep customer data for two years

Say No to Stalled Cybersecurity Information Sharing Act, Yes to More Information Sharing (Wired) The cybercrime problem is expanding and those perpetrating the crimes are only growing bolder. This year, major companies like Home Depot, eBay, Akamai Technologies and Domino's have all been attacked. Intimate celebrity photos stored on iCloud were leaked in September, and in one of the largest password hacks to date, Russian hackers recently stole more than a billion passwords

Big Brother's Liberal Friends (The National Interest) Sean Wilentz, George Packer and Michael Kinsley are a dismal advertisement for the current state of mainstream liberal thought in America. They have systematically misrepresented and misunderstood Edward Snowden and the NSA

Code Red: A global initiative for fighting government surveillance (Help Net Security) Well known and widely respected privacy expert and advocate Simon Davies has announced the creation of a new global initiative that's aimed at supporting the world-wide fight against unlawful and excessive government surveillance

In Government, No Excuse For Missing Documents (InformationWeek) To meet regulatory obligations — and avoid accusations of cover-up and incompetence — federal agencies must get serious about digitizing records

Dateline

CyberMaryland Conference (Federal Business Council) See the CyberMaryland 2014 agenda here

Dutch Ruppersberger, Martin O'Malley to Open CyberMaryland Conference (GovConExec) Rep. Dutch Ruppersberger and Gov. Martin O'Malley of Maryland will deliver the opening remarks at the CyberMaryland Conference on Wednesday and Thursday, which will host representatives from academia, industry and government

Products, Services, and Solutions

APWG launches global cybercrime reporting program (Help Net Security) The Anti-Phishing Working Group (APWG) announced the establishment of an open-access cybercrime reporting program to speed the collection and redistribution of cybercrime machine-event data to anti-virus vendors, security companies, investigators and responders

IBM Unveils New Security Offering For Travel & Transportation Industry (Travel Pulse) IBM today introduced a new analytics software and services offering aimed to help companies in the travel & transportation industry mitigate IT security risks and address a growing volume of advanced threats and data compromising incidents faced by the industry. Utilizing counter fraud and security technologies and services, IBM will help hotel chains, airlines, car rental agencies, commercial freight and other industry companies not only assess their current security posture but resolve any potential threats or incoming vulnerability

Technologies, Techniques, and Standards

Knock Knock tool makes a joke of Mac AV (Register) Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em

Using cyber sports to boost security preparedness (GSN) From September until January, Monday evenings find living rooms across America filled with armchair quarterbacks. During pre-game shows and post-game analyses, experts and amateurs alike discuss the retreat and progress of their favorite teams. Even fantasy leagues abound to test players' strategic and tactical prowess on the gridiron

A Simple Formula For Usable Risk Intelligence (Dark Reading) How infosec can cut through the noise and gain real value from cyberdata

Automation is the key to successful policy implementation (Help Net Security) Organizations today are facing increased pressure to collect and store massive amounts of data

How cryptography can help banks guard against data breaches (InformationWeek) Ashesh Thanawala of SafeNet shares why strong cryptographic key storage and management is crucial for banks

NSA Infiltration into Encryption Systems Shows the Need for Bitcoin and Cryptography (Crypto Coins News) People around the world have to trust the encryption companies for their privacy and security of their computer, phone, credit card, the banking system and more. While there are hacks that exploit holes in those systems, there is a trust that they are not left on purpose. Unfortunately, the NSA had been working and paying to have back doors and holes left in so they can access any data they want

CrypTool: experiment with cryptographic algorithms (ghacks.net) Have you ever asked yourself how cryptographic algorithms work? What algorithms such as AES or Twofish do, or how cryptography was handled in the past?

Marketplace

Banks join wave of investors in cyber security start-ups (Financial Times) Banks are among a new wave of companies including technology and industrial conglomerates taking stakes in cyber security start-ups in the hope that they could play a key role in the fight against hackers

Fortinet, Check Point Sales Wins Tied To Security Services Expansion (CRN) Network security giants Check Point Software Technologies and Fortinet told Wall Street investors last week that they are winning large enterprise deals, citing increased security spending from organizations seeking stronger threat-detection capabilities

IBM's Potemkin Prosperity (Forbes) In 1787, Empress Catherine II of Russia made an unprecedented six-month trip to Crimea, the "New Russia," with her court and some foreign ambassadors

Bromium Announces Growing Adoption of Micro-Virtualization in the Fortune 500 (Yahoo! Finance) Bromium, Inc., the pioneer and leader in transforming enterprise security using micro-virtualization, today announced that it has more than doubled revenue in the first three quarters of 2014 on a year-over-year basis

DISA Seeks Industry Feedback on Secure Mobile Device Gateways (GovConWire) The Defense Information Systems Agency is seeking information from industry to outline ideas for the Secure Mobile Device Gateways program, which aims to secure mobile gateways in locations within and outside contiguous United States

Army seeks intel trainer (C4ISR & Networks) The Army is preparing to acquire an intelligence and electronic warfare trainer

Fully Hosted Identity / Account Management Service (FedBizOpps) The Department of Homeland Security (DHS), The Office of the Chief Information Officer (OCIO), Director of the Enterprise Systems Development Office (ESDO), requires operation and maintenance (O&M) support and integration services in support of the Citizenship and Immigration Services (USCIS) E-Verify Program is seeking information on how an interested contractor with the capabilities necessary to provide

Bkav to launch global network security contest (VietNamNet Bridge) Bkav network security company plans to host a global WhiteHat Grand Prix Competition in 2015 with the aim of attracting the participation of both domestic and international hackers

Health Data Consortium Selects Christopher Boone for Executive Director Role (GovConExecutive) Dr. Christopher Boone, a former vice president at healthcare advisory firm Avalere Health, will officially join the Health Data Consortium on Nov. 3 as the nonprofit organization's executive director

Research and Development

Call for help (The Economist) Mobile-phone records are an invaluable tool to combat Ebola. They should be made available to researchers

Researchers need regulation to tap phone data to track, predict disease spread (FierceBigData) Epidemiologists used to use census data and surveys to model the spread of disease. But data from mobile phones offers real-time, empirical evidence that can greatly aid their work in stopping the spread of contagious diseases ranging from Ebola and flu to polio and measles

HS Science & Technology Directorate Unveils New Visionary Goals (US Department of Homeland Security) Dr. Reginald Brothers, Department of Homeland Security (DHS) Under Secretary for Science and Technology, today announced the new visionary goals for the department's Science and Technology Directorate (S&T)

Cyber Attacks, Threats, and Vulnerabilities

Islamic State video shows hostage John Cantlie apparently inside Kobani (Los Angeles Times) Islamic State militants on Monday released a video showing a British hostage in what appears to be the besieged Syrian city of Kobani, delivering a mock-up news report declaring that American-led airstrikes meant to to drive off the extremist Sunni Muslim attackers were failing

Pro-al Qaeda Saudi ideologue criticizes jihadist leaders in Syria, calls for unity (Long War Journal) The ability of Abu Bakr al Baghdadi's Islamic State to garner new recruits has become such a problem that one of Baghdadi's most influential critics has been forced to weigh in

US official urges allies to combat IS ideology (AP) The United States is pressing Arab nations and other allies to do more to counter the Islamic State group's slick propaganda campaign, with a top American envoy on Monday describing efforts to combat the extremist messages as a vital pillar in the fight to defeat the group

Iranian Hacker Defaces Website of UAE's Telecom Regulatory Authority (HackRead) An Iranian hacker going with the handle of MoHaMaD VaKeR hacked and defaced the official sub-domain of Telecommunications Regulatory Authority (TRA) of United Arab Emirates (UAE), two days ago on 25th Oct, 2014

Ukraine Unspun: Chechnya War Pic Passed Off As Ukraine Atrocity By Hackers, Russian TV (Radio Free Europe / Radio Liberty) A day before the October 26 parliamentary elections in Ukraine, hackers accessed electronic billboards in Kyiv and broadcast gruesome images of what they portrayed as civilian carnage wrought by Ukrainian forces battling pro-Russian separatists in the east of the country

Clues point to Russia in long-running spying campaign (IDG via CSO) Russia is likely behind a long-running computer spying campaign, although the stealthy attacks leave fewer clues than other state-sponsored attacks, according to a new report from FireEye

APT28: A Window into Russia's Cyber Espionage Operations? (FireEye) Our clients often ask us to assess the threat Russia poses in cyberspace. Russia has long been a whispered frontrunner among capable nations for performing sophisticated network operations. This perception is due in part to the Russian government's alleged involvement in the cyber attacks accompanying its invasion of Georgia in 2008, as well as the rampant speculation that Moscow was behind a major U.S. Department of Defense network compromise, also in 2008. These rumored activities, combined with a dearth of hard evidence, have made Russia into something of a phantom in cyberspace

'ScanBox' keylogger targets Uyghurs, US think tank, hospitality industry (IDG via CSO) A diversification of targets for a clever keylogging attack suggests that several hacking groups may be using the "ScanBox" framework, which spies on users without installing malicious software

Researchers identify sophisticated Chinese cyberespionage group (Washington Post) A coalition of security researchers has identified a Chinese cyberespionage group that appears to be the most sophisticated of any publicly known Chinese hacker unit and targets not only U.S. and Western government agencies but also dissidents inside and outside China

Operation SMN: Axiom Threat Actor Group Report (Novetta) Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy groups, software companies, academic institutions, and government agencies worldwide for at least the last six years. In our coordinated effort, we performed the first ever-private sponsored interdiction against a sophisticated state sponsored advanced threat group. Our efforts detected and cleaned 43,000 separate installations of Axiom tools, including 180 of their top tier implants. This report will expand upon the following key findings

These Are The Hacker Groups That Should Be Keeping You Up At Night (Business Insider) In light of recent hacks, you might be interested in the groups that pose the greatest threats to our cybersecurity

Vulnerability in widely used 'strings' utility could spell trouble for malware analysts (IDG via CSO) One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found

Shellshock Exploits Targeting SMTP Servers at Webhosts (Threatpost) The persistence of the Shellshock vulnerability remains high more than a month after it first surfaced

Surveillance: The hidden ways you're tracked (BBC) Do you have secrets? Security expert Bruce Schneier has little patience for those who say they don't

Intel bods to detail RSA birko crypto man-in-the-middle diddle (Register) A pair of Intel security researchers will tomorrow delve into a class of dangerous vulnerabilities they found last month that allowed forged RSA certificates to be created by abusing the Mozilla Network Security Services (NSS) cryptographic library

Cyber attack: Mildura businesses held to ransom by computer malware hackers (Sunraysia Daily) A spate of cyber-attacks has hit Mildura businesses, with three held for ransom by offshore hackers in the past week

Israeli Gift Store Breached, Customers Credit Card Details Leaked Online (HackRead) A Saudi hacker going with the handle of @security_511 / on Twitter has claimed to hack a private online Israeli gift store and leak credit card details of customers on the web

City of Phoenix under attack by hacker activists (Fox 10 Phoenix) Hackers have attacked the City of Phoenix internet system and over the weekend caused a disruption to the police department's computers

Mobile city email system attacked by hackers (AL.com) Hackers shut down the city of Mobile's external email system last week, causing a massive disruption in email that affected all city departments

Could the city of Mobile have prevented a cyber attack? (Fox10 TV) The city of Mobile's email was down for six days before the city's Information Technologies team could get a new server up and running. They had been battling a hacking bug called Shellshock for at least two weeks prior

Cyber Attacks on U.S. Companies in 2014 (Heritage Foundation) The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector's information security

Modern Day Dillinger Gangs (Trend Micro: Simply Security) John Dillinger became infamous in the depression era for robbing two dozen banks

Who knew? MPAA concerned online pirates are exposed to malware (Ars Technica) Piracy report is part of lobbying effort to purge illegal download sites globally

The DEF CON 22 Social-Engineer Capture The Flag Report (The Social Engineer) Social-Engineer.org hosted the Social Engineer Capture the Flag (SECTF) contest at DEF CON 22 in Las Vegas, Nevada for the fifth year in a row in August of 2014. This year's competition had the added complexity of requiring contestants to work in teams of 2, necessitating pretexts that allowed for the caller to be handed off without raising suspicion

Academia

Indiana University investing $7 million for new network complexity institute (FierceBigData) Indiana University (IU) has invested $7 million on its new Network Science Institute, or IUNI. The initiative will "bring together many of the university's top minds to explore and embrace the challenge of understanding complex networks that underlie large-scale systems, including the environment, economics, technology and human health," say university officials

Department of Homeland Security Renews CyberPatriot Support as Cyber Diamond Sponsor (PRNewswire) The Air Force Association today announced that the Department of Homeland Security (DHS) renewed their support for CyberPatriot, the National Youth Cyber Education Program, as a Cyber Diamond sponsor. For the second consecutive year, DHS has sponsored CyberPatriot in its mission to stimulate youth interest in STEM and educate students on the importance of cyber security

A Hacking Contest to Promote Digital Literacy (Trend Micro: Internet Safety for Kids and Families) This year, we are proud to sponsor a great competition designed to promote online safety and digital literacy among our nation's youth

Litigation, Investigation, and Enforcement

Ex-CBS reporter: Government agency bugged my computer (New York Post) A former CBS News reporter who quit the network over claims it kills stories that put President Obama in a bad light says she was spied on by a "government-related entity" that planted classified documents on her computer

Feds identify suspected 'second leaker' for Snowden reporters (Yahoo! News) The FBI recently searched a government contractor's home, but some officials worry the Justice Department has lost its 'appetite' for leak cases

NSA surveillance limits: The focus turns to courts (NorthJersey.com) While Congress mulls how to curtail the NSA's collection of Americans' telephone records, impatient civil liberties groups are looking to legal challenges already underway in the courts to limit government surveillance powers

NY Senator Calls for Renewed Crackdown on Dark Web Drug Sales (Wired) Three years ago, New York Senator Chuck Schumer held a press conference to pressure federal law enforcement to crack down on the Silk Road, the anonymous online drug market that had only just come to light. Now, over a year since that contraband bazaar was seized by the FBI, Schumer seems to have discovered that the dark web drug trade didn't simply end with Silk Road's demise

ACLU Calls Schools' Policy to Search Devices and 'Approve' Kids' Web Posts Unconstitutional (Wired) A school board in Tennessee is being accused of violating the constitutional rights of students over a policy that allows school officials to search any electronic devices students bring to campus and to monitor and control what students post on social media sites

Seattle Times Furious With FBI Over Allegations That the Agency Impersonated the Newspaper (The Stranger) Seven years ago, the FBI used a kind of spyware known as a CIPAV to track down and arrest a 15-year-old hacker who was sending bomb threats to a high school near Olympia. Old news for privacy watchdogs. But today, ACLU analyst Christopher Soghoian trawled through an arcane set of the bureau's records and came across something startling: in order to get the suspect's computer infected with the spyware, the documents suggest that the FBI sent a message to him that masqueraded as an e-mail from The Seattle Times

Russia Bans Wayback Machine Internet Archive Over Islamic State Video (Moscow Times) The Russian government has blacklisted the California-based Wayback Machine, a comprehensive archive of the Internet, over an Islamist video available on the website

Airline crew refuse to fly after spooky WiFi hot-spot name (Emirates 24/7) Los Angeles to London flight delayed by 14 hours

RBS WorldPay hack ringleader finally sentenced (Help Net Security) Nearly five years after the day he was indicted, Sergei Nicolaevich Tsurikov has finally been sentenced for conspiracy to commit wire fraud and computer intrusion for his involvement in an elaborate scheme which stole over $9.4 million from a credit card processor

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Cybergamut Tech Tuesday: Software-Defined Networking Security (Columbia, Maryland, USA, October 28, 2014) Security-Defined Routing combines cyber analytics and SDN to protect the network: SDR technology assists organizations in scaling the delivery of network traffic to analytic security applications. When incidents are detected, changing the network forwarding tables through SDR techniques can provide an immediate remediation to network attacks, while automating the delivery of suspect traffic for transaction monitoring and archiving data for regulatory compliance and advance troubleshooting

Securing the Social Space (Baltimore, Maryland, USA, October 28, 2014) New technologies enabling greater connectivity bring with them new frontiers for cyber security. This Tech Talk program will offer a new twist on the cyber security conversation. We'll begin by exploring new trends and exciting emerging tools in social with Kelsey Reck, Founder & CEO of Harbor Social, then we'll shift to two approaches to the same problem: addressing risk brought about by these new trends and tools. ZeroFOX social risk management and RedOwl will look at internal risks within employee communication shedding light on the "digital exhaust trail." This one is guaranteed to inspire and enlighten! Include Promo Code "Social102814" and you get the Member Rate on registration, thereby saving $20

USDA Cyber Security Symposium and Expo 2014 (Washington, DC, USA, October 28 - 29, 2014) The Summit will provide participants with information and resources on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security. The Cybersecurity Expo, running in conjunction to the Summit, will provide live demos and informational booths focused around the summit topics

Cyber Security and IT Day at Fort Carson (Colorado Springs, Colorado, USA, October 28, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter ill once again host the 5th Annual Cyber Security & Information Technology Days set to take place at Fort Carson on Tuesday, October 28, 2014 and at Peterson AFB on Wednesday, October 29, 2014. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Cyber Security and IT Days at Peterson AFB (Colorado Springs, Colorado, USA, October 29, 2014) The Information Systems Security Association (ISSA) Colorado Springs Chapter will once again host the 5th Annual Cyber Security & Information Technology Days. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security and Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Job Fair (Baltimore, Maryland, USA, October 29, 2014) ClearedJobs.Net is partnering with CyberMaryland to present the Cyber Job Fair at the CyberMaryland 2014 conference. The Cyber Job Fair is a hiring event for cleared and non-cleared cybersecurity professionals held the first day of the conference

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.