The CyberWire Daily Briefing 10.30.14

Summary

By The CyberWire Staff

Two more Chinese espionage operations are reported. One, and exclusive in SC Magazine, involves the hacking of human rights lawyers, particularly those affiliated with Lawyers Without Borders. The second incident comes to light via a complaint by South Sudan's Ministry of Information and Broadcasting, which accuses Huawei of intruding into networks and corrupting data.

A clearer picture of Russian operations against Western targets also emerges, as analysts review the recently disclosed hack of a White House network (still officially unattributed, but Russia generally thought to be the "state-sponsored actor" responsible). Researchers release more descriptions of Sandworm, and security firms attribute attacks on US power and water utilities to Russian actors.

Popular Science's website has been exploited to deliver crimeware to visitors' systems.

Microsoft researchers warn that Crowti ransomware infections have spiked.

CurrentC, a merchant-favored alternative to Apple Pay, suffers a hack during its pre-release trial period.

Trend Micro reports detecting a new Shellshock-based campaign against SMTP servers.

Drupal reports a vulnerability to SQL injection in its content management system. Drupal advises users who failed to upgrade to version 7.32 within seven hours of that patch's release that they should consider themselves compromised.

A Red Hat Bugzilla report finds a new *nix bug. This one doesn't have a snappy name (yet) but it means that wget needs patching as soon as possible.

UK-CERT reports gratification with British progress in cyber information sharing. New Australian laws target leakers and require data retention. China's government orders removal and replacement of the Windows OS.

Notes.

Today's issue includes events affecting Australia, China, Colombia, European Union, Germany, Morocco, NATO, Russia, South Sudan, Ukraine, United Arab Emirates, United Kingdom, United States

Selected Reading

Cyber Trends

Whisper and the Meaning of Anonymity (Wall Street Journal) Once upon a time, few people cared about online anonymity beyond privacy activists and hardcore security types

American citizens are more scared of Google than the National Security Agency (Big News Network) American citizens would rather the National Security Agency (NSA) has their data than Google

Over a third of orgs have no real-time insight on cyber risks (Help Net Security) Most organizations (67%) are facing rising threats in their information security risk environment, but over a third (37%) have no real-time insight on cyber risks necessary to combat these threats

Large firms left counting data breach cost (Acumin) Studies have shown that larger firms take approximately one month to repair systems hit by cyber crime, costing close to £13,000 per day

IT is losing the battle on security in the cloud (Help Net Security) A majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud, putting confidential and sensitive information at risk. This is just one of the findings of a recent Ponemon Institute study commissioned by SafeNet. The study, titled "The Challenges of Cloud Information Governance: A Global Data Security Study," surveyed more than 1800 IT and IT security professionals worldwide

Georgia Tech Releases 2015 Emerging Cyber Threats Report (DarkReading) Keynote will be delivered by Dave Aitel, CEO of Immunity Inc., at GA Tech conference

2014 Cybersecurity Awards: Winners Succeed in a Growing Threat Landscape (Government Technology) The best in all fields lead by example. And winners of the 2014 Cybersecurity Leadership and Innovation Awards marked those in state and local government and education who have, in recent years, driven forward cybersecurity efforts in their own communities, and also led American government at large

Legislation, Policy and Regulation

Morocco vows to help UAE fight terrorism (Al Arabiya) Morocco will provide military and intelligence support to the United Arab Emirates in its fight against terrorism, UAE's state news agency WAM reported on Tuesday, citing a statement by the Moroccan Ministry of Foreign Affairs

China Orders Replacement of Microsoft's Operating System On Government Computers (Forbes) China will replace Microsoft MSFT 0% Corp?s Windows operating system on government computers with domestic products, reported Jinghua.cn, a Beijing-based newspaper controlled by the government mouthpiece, People's Daily

UK cyber threat sharing ahead of target, says Cert-UK (ComputerWeekly) Membership of the government's Cyber Security Information Sharing Partnership (CISP) is well ahead of target, says the national computer emergency response team (Cert-UK)

New Australian Law Targets Leakers, Not Reporters (AP) A contentious new law that carries a prison term for anyone who reveals information about certain secret security operations was aimed at Edward Snowden-like leakers rather than investigative reporters, Australia's attorney-general said on Thursday

Australia's Anti-Terrorism Bill Forces Metadata Retention (BLoomberg) Australia's government says legislation to force telecommunication companies to retain users' data for two years will beef up its ability to counter terrorism threats

In cybersecurity battle, government-business cooperation necessary: Justice official (Washington Times) The federal government and private businesses must be allies, not adversaries, in the ongoing fight to improve the nation's cybersecurity infrastructure, a top Justice Department official said Tuesday

The Morning Risk Report: How Many Regulators to Screw In Bank Cybersecurity? (Wall Street Journal) U.S. Treasury officials are talking about the need to "bolster fortifications around a critical area of cybersecurity," even as New York State's top financial regulator, Benjamin M. Lawsky, asks banks for the lowdown on how they manage third-part risk

ONC: Karen DeSalvo to Retain Nat'l Health IT Coordinator Role (ExecutiveGov) Karen DeSalvo, who was appointed acting assistant health secretary Thursday, will continue to hold her current role as director of the Office of National Coordinator for Health Information Technology as she serves in her new role for the Department of Health and Human Services

Dateline

CyberMaryland Conference (Federal Business Council) See the CyberMaryland 2014 agenda here

Liberty and Security: the President's Review Group's Recommendations (and the issues they address) (The CyberWire) On the occasion of his induction into the National Cyber Security Hall of Fame, the CyberWire is pleased to present this interview with Richard Clarke, an internationally recognized expert on cyber security, homeland security, national security, and counterterrorism. He has served the last three Presidents as a senior White House Advisor, including appointments as Special Advisor to the President for Cyber Security and National Coordinator for Security and Counterterrorism. His most recent Government service was as a principal member of the President's Review Group on Intelligence and Communications Technologies, whose report was published last December. This interview offers his retrospective look at the Review Group's work

CyberMaryland 2014: 'Security is never going out of style' (Daily Record) The conference features a who's who of cybersecurity leaders from industry, academia and government

Are federal integrators where technology goes to die? Here's why one Silicon Valley investor thinks so (Washington Business Journal) Cybersecurity is a key area of investment for Allegis Capital. But if a promising startup says it's going to target federal government, Managing Director Bob Ackerman shows them the door as fast as possible

Products, Services, and Solutions

Intel Security CTO: Retail Breaches Can Be Eliminated (CRN) Intel Security CTO Mike Fey said his company may have the silver bullet that could greatly reduce the likelihood of more massive credit card breaches and be extended beyond retail to address other critical environments

Facebook gives away homebrewed OS monitoring tool (CSO) Facebook has released an open-source tool for monitoring operating system state changes across very large infrastructures, which could help engineers quickly diagnose performance and security issues

Network Virtualization Yields New Approaches to Security (eSecurity Planet) Microsoft and VMware both have extensible network virtualization offerings that make it possible for third-party vendors to integrate their security tools

Verizon Joins Forces with FireEye to Offer Enterprises Unprecedented Insight into Threat Landscape (Verizon Enterprise News) Verizon Enterprise Solutions and FireEye, today, announced a collaboration to help protect enterprises from security threats. I recently sat down with FireEye CEO Dave DeWalt and Kathie Miley, executive director, global security solutions, Verizon to discuss the recently formed global agreement between the two companies and to learn more about combating cyberthreats

NetIQ CloudAccess 2.1 Delivers Secure Universal Single Sign-on to Any Cloud-based Application or Service (PRNewswire) Convenient and secure access to SaaS applications to enable a productive mobile workforce

Solution Providers Get Stealthy On Shadow IT (CRN) Solution providers said they are having some success engaging clients with tools designed to probe the network and uncover the mix of cloud services being used that are against company policy, but they added that the cloud security market is primed for consolidation

New Managed Security Information and Event Management Service from Sungard AS Helps Close the Gap between Perceived and Actual Security (PRNewswire) Sungard® Availability Services™ (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, today announced a new Managed Security Information and Event Management (MSIEM) service to quickly identify emerging security threats and satisfy compliance reporting of a SIEM platform without the headache of installation or additional security staff needed for ongoing maintenance by the customer

Daniel Zelik: Air Force Interviewed 'Hundreds' of Analysts to Build Intell Tool (ExecutiveGov) A U.S. Air Force team has developed a tool for intelligence analysts worldwide to streamline their tasks and has requested feedback on the tool from them

Technologies, Techniques, and Standards

How to figure out if a data breach is a hoax (CSO) The notoriety that comes with taking credit for a data breach is alluring. Declaring a successful data breach can suddenly bring a lot of attention, which is why posting bogus data is attractive

Shared Responsibility Examples: The Re:Boot (Trend Micro: Simply Security) In last week's post, we explored the shared responsibility model for security in the AWS cloud. Over the next couple of weeks, we're going to dive into specific examples that show how the model works for those of us working in this environment

Cybersecurity: Why It's Not Just About Technology (Governing the States and Localities) To protect their systems from attacks, organizations need to build a culture of risk management from the ground up

Carson Zimmerman: MITRE Proposes Threat-Based Defense for Government, Commercial Networks (ExecuitveBiz) Carson Zimmerman, a MITRE principal cybersecurity engineer, has written a book intended to help government, academic and commercial organizations adopt strategies to defend their cyber-dependent information technology systems

Marketplace

The Risky Business of Cybersecurity (New York Law Journal) The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company's bottom line. It can drive up costs and impact revenue. It can harm an organization's ability to innovate and to gain and maintain customers

Wall Street watchdog to bolster reviews of brokerage cyber security (Reuters) Wall Street's industry funded watchdog plans to intensify its scrutiny of cyber security practices at brokerage firms in 2015 and is hiring technology savvy examiners to help boost its efforts, an official said on Wednesday

How Banks Can Step Up to Bat on Cybersecurity (American Banker) The United States is losing the war on cyberhacking. If there was any doubt beforehand, the recent revelation that hackers broke into JPMorgan Chase's systems this summer, compromising the personal information of 76 million households and seven million businesses, should be proof

The Morning Risk Report: More Boardrooms Are Getting Hip to Cybercrime (Wall Street Journal) The ever-changing threat landscape for cybercrime has garnered the attention of many corporate boards, and this is changing the nature of the discussion for what it means to have an effective cybersecurity policy at those organizations

What IBM can learn from its own cybersecurity business (NetworkWorld) IBM's fortunes in cybersecurity improved substantially when it abandoned its internally focused strategy and built a business to meet customer requirements

EMC, Hungry for New Cloud IT, Acquires Three Young Companies (eWeek) At this point, it looks like the data storage and security giant will buy anything that moves as long as it provides cloud services

Deutsche Telekom partners FireEye (Telecompaper) The business customer arm of Deutsche Telekom, T-Systems, announced a partnership with IT security company FireEye

Black Lotus Named to San Francisco Business Times' 2014 List of 100 Fastest-Growing Companies (Businesswire) DDoS mitigation provider ranked No. 30 with 295.8 percent growth over two-year period

A10 Networks Hires Ericsson Veteran Gunter Reiss to Lead Expanded Strategic Alliances and Business Development Organization (Marketwired) A10 Networks (NYSE: ATEN), a technology leader in application networking, today announced the appointment of Ericsson veteran Gunter Reiss as vice president of strategic alliances

Research and Development

Raising cryptography's standards (MIT News) Calculating encryption schemes' theoretical security guarantees eases comparison, improvement

Army Releases RFI for Cyber Electronic Warfare R&D Program (ExecutiveGov) The U.S. Army wants information on contractors who could provide electromagnetic research services to the branch?s Cyber Battle Lab, which is scheduled to start operating in October 2015

Security Patches, Mitigations, and Software Updates

Microsoft Plans to Disable SSLv3 in IE, All Online Services (Threatpost) Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company's online services soon

Drupal Core — Highly Critical — Public Service announcement — PSA-2014-003 (Drupal) This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement

Cyber Attacks, Threats, and Vulnerabilities

SC Exclusive: Human rights lawyers hit by Chinese cyber-attack (SC Magazine) Not-for-profit legal group Lawyers Without Borders says that it has been hit by a cyber-attack emanating from China

China's Huawei Accused of Hacking Government and Forging Documents in South Sudan (Epoch Times) Chinese telecom company Huawei is being accused of forging government documents and hacking government emails in South Sudan. Michael Leuth, head of South Sudan's Ministry of Information and Broadcasting, outlined the claims in an Oct. 14 complaint he sent to South Sudan's Ministry of Foreign Affairs

White House network breach was likely nation-sponsored (Help Net Security) The White House has confirmed that the unclassified Executive Office of the President network has been breached by unknown hackers

Five Questions For Cybersecurity Expert Bruce Schneier After the Latest White House Hacking (Bloomberg Politics) Democrats didn't need this: Another cyberattack on an unclassified White House computer network (and unconfirmed reports of Russian involvement) in the closing days of a midterm election in which voter frustration toward President Barack Obama, government dysfunction and national security fears already are hurting their chances of hanging onto control of the Senate

Behold the Russian Sandworm (Daily Signal) Earlier this month, it was discovered that a sophisticated cyber espionage campaign had been targeting Western government leaders and institutions — including the North Atlantic Treaty Organization, energy and telecommunication companies, the Ukrainian and European Union governments, and one academic inside the United States — for almost 5 years

Security Firms Tie Russian Government to Utilities Hacks (Bloomberg) North American utilities are scouring their systems for signs of Russian malware that the U.S. government has warned could give hackers control of water treatment facilities and parts of the electrical grid

Popular Science Website Infected, Serving Malware (Threatpost) The website of widely read Popular Science magazine is reportedly hosting a malicious script that is redirecting site visitors to a third-party domain containing an exploit kit, which is infecting users by uploading files containing malware to their machines

Microsoft Warns of Crowti Ransomware (Threatpost) Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims' machines and then asks for payment to unlock them

Apple Pay rival CurrentC hacked (ZDNet) CurrentC, the merchant's answer to NFC payment systems, has been hacked during its pilot program

Shellshock-Related Attacks Continue, Targets SMTP Servers (TrendLabs Security Intelligence Blog) A new Shellshock attack targeting SMTP servers was discovered by Trend Micro. Attackers used email to deliver the exploit. If the exploit code is executed successfully on a vulnerable SMTP server, an IRC bot known as "JST Perl IrcBot" will be downloaded and executed. It will then delete itself after execution, most likely as a way to go under the radar and remain undetected

Did Drupal Drop The Ball? Users Who Didn't Update Within 7 Hours 'Should Assume They've Been Hacked' (Forbes) Hackers are remarkably quick off the mark. Drupal, the creator of the eponymous content management system that millions use the world over, now knows that all too well. In mid-October it patched a SQL injection flaw, which could be exploited by tricking a database into coughing up data from its tables and columns using the SQL language. But yesterday, it said that thanks to an automated attack that hit up as many Drupal sites containing the vulnerability as quickly as possible, anyone who didn't update to version 7.32 within seven hours of its release should assume they've been hacked

The NO-NAME vuln: wget mess patched without a fancy brand (Register) Directory overwrite bug threatens all *nix boxen

Fidelity National Employees Hacked After Targeted Phishing Attack (Tripwire: the State of Security) Your company's defences against hackers are only as good as the weakest link. That's a message which hopefully is being understood loud and clear right now at Fidelity National Financial, America's largest provider of commercial and residential mortgage services

Online video files used to transport stolen data, cloud security provider says (FierceOnlineVideo) Online video sharing services are becoming a "perfect medium" for cybercriminals to obtain sensitive data about companies without being detected by traditional security tools, a cloud security company says

Apple Users See 246 Percent Spike in Phishing Scams (IT Business Net) CYREN publishes its latest Internet Threats Trend Report

Infographic: The Many Faces of Today's Hackers (Dark Reading) How many of these hacker personas are you dueling with in your organization?

Social Engineers work in teams to harness the power of information (CSO) Proving once again that information viewed as harmless can often enable an attacker, the contestants in this years Social Engineering Capture the Flag (SECTF) contest at DEF CON 22 worked in teams of two in order to collect vital information from some of the nation's largest companies

Academia

AFA's CyberPatriot Receives $55,500 Education Grant for Participant Scholarships (PRNewswire) The Air Force Association's CyberPatriot program announced today the program received $55,500 from the National Security Agency (NSA) to be designated for participant scholarships. With this support, CyberPatriot will continue its growth nationally and provide students financial assistance towards college tuition

Litigation, Investigation, and Enforcement

Colombian general to be dismissed over spying scandal (Fox News) A Colombian general who oversaw a database containing the personal e-mails of government representatives and foreign and domestic journalists will be dismissed later this year, Blu Radio reported here Wednesday

Entirely Coincidentally, NSA Signals Intelligence Director Moved To New Position After Conflicts Of Interest Were Exposed By Buzzfeed (TechDirt) The NSA's newly-developed concern for "optics" is being tested by employees both former and current. Keith Alexander, the NSA's longtime leading man, took his snooping show on the road, offering his expertise to banks for $1 million/month. But he couldn't leave it all behind, attempting to drag the current NSA CTO along with him by offering him an interesting — but conflicting — part-time position with IronNet Security. The NSA said, "That's fine." Then it said, "We're looking into it." Then it said nothing while Keith Alexander pulled the plug on the deal while simultaneously denying any sort of impropriety

FBI assists Texas city with cyber attacks (AP via KLTA 7) Cleburne's mayor says hackers have been attacking the city's computers, email network and emergency dispatch system since a video of a police officer shooting a dog circulated widely online

Wine firm rapped by ACMA after sending unsolicited emails following cyber attack (mUmBRELLA) Melbourne retailer Get Wines Direct has been rapped by the Australian Communications and Media Authority (ACMA) for sending unsolicited marketing emails to consumers who had unsubscribed

Design and Innovation

Facebook, Google, and the Rise of Open Source Security Software (Wired) Facebook chief security officer Joe Sullivan says that people like Mike Arpaia are hard to find

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

BSidesToronto (Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

upcoming Events

Dallas SecureWorld (Dallas, Texas, USA, October 29 - 30, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

CyberMaryland 2014 (Baltimore, Maryland, USA, October 29 - 30, 2014) Entrepreneurs, investors, academia and government will convene in Maryland — the nation's epicenter for cybersecurity for the fourth annual CyberMaryland Conference.

ekoparty Security Conference 10th edition (Buenos Aires, Argentina, October 29 - 31, 2014) ekoparty — Electronic Knock Out Party — Security Conference, is a one of a kind event in South America; an annual security conference held in Buenos Aires, where security specialists from all over Latin America (and beyond) have the chance to get involved with state-of-art techniques, vulnerabilities, and tools in a relaxed environment never seen before.

Cyber Risk Summit (Washington, DC, USA, May 22, 2014) This one-day leadership conference will provide a discussion forum for business executives, insurance companies and policymakers on more effective private and public responses to cyber risk management. Topics to be discussed by expert speakers will include state and federal regulatory and legislative initiatives, efforts to develop a common cyber security framework, the threats from cyber espionage and terrorism, and the development of public and private mechanisms to finance and transfer losses from cyber events.

Senior Executive Cyber Security Conference (Baltimore, Maryland, USA, October 30 - November 1, 2014) North Star Group, LLC and the Johns Hopkins University's Whiting School of Engineering and Information Security Institute sponsor this senior executive focused cyber security conference.This event is designed for non-technical and technical executives who seek to gain a deeper understanding of not just the technical aspects of data breach prevention, but also the important role that insurance, crisis management, legal and human resources play. Speakers include Dr. Ed Schlesinger, Dean of Johns Hopkins University's Whiting School of Engineering, Dr. Andy Ozment, Assistant Secretary of the Office of Cybersecurity and Communications, Department of Homeland Security, and Mr. Eric Joost, Chief Operating Officer, Willis North America

FS-ISAC EU Summit 2014 (London, England, UK, November 3 - 5, 2014) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Its EU Summit will feature sessions of interest to both security professionals and the financial sector

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

Open Source Digital Forensics Conference 2014 (Herndon, Virginia, USA, November 5, 2014) This conference focuses on tools and techniques that are open source and (typically) free to use. It is a one day event with short talks packed with information. There are both tool developers and users in attendance, and this is a unique opportunity to learn about new tools and provide feedback

Bay Area SecureWorld (Santa Clara, California, November 5, 2014) A day of cyber security education. Earn 6-8 CPE credits, network with industry peers, and take advantage of more than thirty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.