The CyberWire Daily Briefing 11.06.14

Summary

By The CyberWire Staff

Other jihadist groups are reported to be taking a page from ISIS's social media playbook, conducting "money jihad" fundraisers over Twitter (so far without ISIS's growing OPSEC wariness).

Researchers are looking into a bug in VMWare's ESXi hypervisor that could corrupt virtual machines. VMWare knows about the problem and addressed it with an advisory early last month; Veeam and other firms are evaluating the adequacy of the fix.

CSO reports that Apple's XProtect fix for the iWorm may be incomplete. The Rootpipe OS X vulnerability continues to induce security headaches. (Rootpipe could be exploited to give attackers control of Macs without the need to enter a password.) These issues, as well as the WireLurker malware Palo Alto finds infecting Apple devices in China, move many observers to predict a coming era of insecurity for Apple users.

A version of the Dridex banking malware revives an old-school attack technique: infected MS Word macros.

eSecurity Planet draws a lesson from Shellshock and extends it to other software with deep pre-Internet roots. What were features in the old days are dangerously buggy in today's connected world.

Samsung answers NIST's warning about the alleged vulnerability in the manufacturer's Find My Mobile service.

Vectra Networks wonders what attackers do after they're inside a network's perimeter, and looks a five-month's worth of incident data to see what's trending. Command and control is the most common activity, exfiltration the least.

Raytheon buys Blackbird Technologies.

The Chinese ambassador to the US accuses the Americans of cyber bad faith.

Notes.

Today's issue includes events affecting Brazil, China, Colombia, India, Israel, Japan, Netherlands, Palestinian Territories, Russia, South Africa, Spain, United Kingdom, United States and Vietnam

Selected Reading

Cyber Trends

Cybersecurity 2014: Breaches and costs rise, confidence and budgets are low (CSO) Following a year of high confidence in their enterprise security programs, CSOs were met with a tough year of stagnant budgets, an increasingly vulnerable Internet, and more successful attacks

Cybersecurity's All-Seeing Eye  (Bloomberg BusinessWeek) One sobering reality of cybersecurity is that defense is far more difficult than offense

Chertoff: Cybersecurity takes teamwork (CSO) Former Homeland Security secretary tells Advanced Cyber Security Center audience in Boston that relying on prevention only spells 'doom'

Are today's leaders prepared for cyberwarfare? (Australian Broadcasting Corporation) One reason the First World War got so bogged down over four years was that generals used to 19th century warfare took so long to understand the new technologies of air and tank warfare

Mobile security breaches impacted 68% of organizations (Help Net Security) Mobile security breaches have affected 68 percent of organizations in the last 12 months, according to a new global study from BT. Despite this, organizations are still not taking sufficient security measures to protect themselves against mobile threats, such as lost or stolen devices and malware infections

Security issues in collaboration platforms (Help Net Security) CipherPoint revealed the results of its second annual survey on security issues in collaboration platforms such as Microsoft SharePoint, Office 365, and Google Apps

More than one third of Americans don’t use basic malware protection, Bitdefender study shows (Hot for Security) Advanced security technologies such as VPN and two-factor authentication are used by less than one in 10 Americans

Legislation, Policy and Regulation

This Country Is Sending the U.S. a Strong Message About NSA Surveillance (Blaze) Brazilian President Dilma Rousseff doesn't approve of the U.S. National Security Agency's surveillance techniques. She's making that much clear by overseeing the construction of a $185 million overseas fiber-optic cable which will stretch across the Atlantic Ocean from Fortaleza, Brazil to Lisbon, Portugal

Chinese ambassador: US has broken cyber faith (The Hill) It's the U.S., not China, that needs to repair tense relations over cybersecurity between the two countries, according to the Chinese ambassador

Spy Chiefs Launch Operation Social Media (Bloomberg View) There is no doubt that Robert Hannigan, the newly appointed chief of the U.K.'s electronic intelligence agency, GCHQ, wants social networks such as Facebook and Twitter to cooperate more closely with his agency. The big question is why he wants to tell them that in public

NSA Director Says Agency Shares Vast Majority of Bugs it Finds (Threatpost) When the National Security Agency discovers a new vulnerability that looks like it might be of use in penetrating target networks, the agency considers a number of factors, including how popular the affected software is and where it's typically deployed, before deciding whether to share the new bug. The agency shares most of the bugs it finds, NSA Director Mike Rogers said, but not all of them

Impact of GOP Win on Cyber Lawmaking (GovInfoSecurity) A look at Sen. Ron Johnson's cybersecurity credentials

Why Mark Udall's Senate Defeat In Colorado Could Slow NSA Reforms (International Business Times) Senator Mark Udall, D-Colo., has been one of the most vocal critics of U.S. intelligence agencies since before anyone ever heard of Edward Snowden. The senator has blasted the National Security Agency, CIA and FBI all while trying to walk the tightrope between transparency and security. Now that he's been voted out of office, critics of America's national security policy are wondering what happens next

Medical Device Security: More Scrutiny (GovInfoSecurity) Watchdog agency outlines 2015 audit plans

Dateline

NICE Conference and Expo (Federal Business Council) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. An ecosystem of technology providers, policy makers, legal expertise, banking, insurance, devices, educational programs and devices have emerged to deal with the cyber security issues that have become commonplace. In turn, the marketplace has responded by demanding a new workforce capable of taking on this challenge

NICE Cyber Education Map (National Initiative for Cybersecurity Education) The NICE Cyber Education Map is an interactive map that highlights schools, teachers, companies and agencies supporting Cyber Education in America

Live Threat Map (Norse) Norse delivers continuously-updated, unique Internet and darknet attack intelligence that helps organizations block attacks that other systems miss. The Norse live attack map is a visualization of a tiny portion (<1%) of the data processed by the Norse DarkMatter™ platform every day

Are STEM mentors really helping students? (eCampusNews) New study highlights institutional problems preventing STEM mentors from being effective

FMA Survey: Cyber Training Top Priority Among Federal Civilian, Defense Agencies (Executive Gov) A new survey from the Fort Meade Alliance indicates that cybersecurity personnel training is a top investment priority for more than 60 percent of federal civilian and defense agencies

Professionalizing Cybersecurity: A path to universal standards and status (Pell Center for International Relations and Public Policy) The Internet, together with the information communications technology (ICT) that underpins it, has revolutionized our world and opened new opportunities for the global economy and civilization at large. Our reliance on this complex infrastructure, however, has also exposed new vulnerabilities and opened the door to a wide range of nefarious cyber activities by a spectrum of hackers, criminals, terrorists, state and non-state actors

Tech's new blue collar: Good-paying jobs that don't require a 4-year degree (IT World) Traditional manufacturing work may be mostly offshored, but there are plenty of tech-industry jobs that don't require a bachelor's degree and can provide a middle-class life

AirPatrol CEO, Cleve Adams Joins Advisory Board of NICE Cyber Education Map (Benzinga) Cleve Adams, CEO of AirPatrol Corporation, a Sysorex (NASDAQ: SYRX) subsidiary, and a developer of mobile device detection and locationing systems, has joined the National Initiative for Cybersecurity Education (NICE) Cybersecurity Map's advisory board

Products, Services, and Solutions

Watchful Software Releases TypeWATCH for Individuals Delivering e-Biometrics to the Mass Market (Realwire) e-Biometric application is now available to protect against fraudulent systems from compromised credentials

WatchGuard Technologies Partners with Fujitsu Fsas to Deliver Managed Network Security Solutions in Japan (Virtual Strategy) WatchGuard Next Generation Firewalls and Unified Threat Management appliances selected for breadth of security services, system management and real-time visibility tools

Microsoft releases free Antimalware for Azure (ZDNet) The service, using the same engine and signatures as Microsoft's other offerings, is now available to most Azure virtual machines. The software is free, but use of it may cost money

Alert Logic Announces Security Solutions for IBM SoftLayer (MarketWatch) Alert Logic first to deliver fully managed IDS and log management capabilities to SoftLayer customers

Halcyon Tackles IBM i Security with New Products (IT Jungle) Halcyon Software moved further into the IBM i security business last month with the release of two new products, including Exit Point Manager and Password Reset Manager. The new software will help organizations secure their IBM i environments, while giving Halcyon additional products to sell to its customer base

South River Technologies Releases New Version of DMZedge Server (Marketwired) South River Technologies, Inc. (SRT), an innovator in secure file transfer, today announced v6.0 of its DMZedge Server product

Boeing tests new cyber warfare anti-jamming technology (Examiner) A Boeing release this morning out of El Segundo, California, indicates the 98-year-old multi-faceted aerospace company has just completed a successful test of new anti-jamming technology. The unnamed piece of equipment will enable the military to send and receive secure communications using either ground-based or satellite-based networking hubs

ZMap 1.2.1 — The Internet Scanner (Kitploit) ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet

Technologies, Techniques, and Standards

U.S. Mulls New Tactics to Stem Wave of Cyberattacks (SecurityWeek) As hacking attacks reach epidemic proportions, the US cybersecurity community is looking at new ways to step up defense, including counterattacking the hackers themselves

Stem the Onslaught of System Wide Attacks (Sarbanes-Oxley Compliance Journal) "By introducing this service, American Express confirms that contemporary data-centric security approaches are necessary to stem the onslaught of system-wide attacks that traditional payment card data defenses cannot sustain on their own," said Mark Bower, Vice President of Product Management, Voltage Security

How to clear out cookies, Flash cookies and local storage (Naked Security) This quick fix will show you how to clear out cookies and the cookie-like things that can be used to track you online

Marketplace

Anthony Hilton: Are cyber-attacks the real threat to banks? (London Evening Standard) A banker told me the other day of a stress test his organisation had to perform at the request of the Prudential Regulation Authority as part of its efforts to develop a regime where no one is too big to fail

Former NSA lawyer: the cyberwar is between tech firms and the US government (Guardian) Stewart Baker said that Apple and Google could be restricting their business in markets like China and Russia by encrypting user data

Security Buyer Beware: Breach Detection Market Contains Unproven Tech (CRN) The market for breach-detection technologies is growing rapidly, but an NSS Labs market study warns organizations that fledgling security startups bearing unproven platforms are flooding it

Cyber security is essential in today’s marketplace (National Journal) On 5 November, Francis Maude, Minister for the Cabinet Office with responsibility for the UK Cyber Security Strategy, co-hosted a summit of CEOs from the UK's insurance sector in conjunction with Marsh, the insurance broker and risk adviser, to discuss how the sector can help ensure that the UK is one of the safest places to do business in cyberspace

As company plans to split, Symantec posts mixed Q2 earnings (ZDNet) Symantec's revenue and earnings were both down from the same quarter last year, and the outlook for the next three months looks a bit soft

FireEye's (FEYE) Disappointing Third Quarter Hits Cyber Security Stock Hard (Equities) Cyber security has been a particularly hot topic over the last year. When Target (TGT) had to admit that millions of credit card numbers had been compromised, it seemed like the retailer was in hot water — and It was. Yet, at this point, enough major box stores have admitted to similar security breaches that not having one could just as easily be a sign a store has failed to expose their leak rather than it not existing

Debunking the BlackBerry Security Myth (Seeking Alpha) Let me start by saying BlackBerry's (NASDAQ:BBRY) security for mobile devices and MDM is top-notch. No one is debating that, and in fact, BlackBerry has had likely the best mobile security for quite some time

Dell Makes Security a Business Enabler with Innovation and Integration Across Solution Portfolios (BusinessWire) With an approach based on simplicity, efficiency and connectivity, Dell is rapidly unifying the fragmented security market, making security a true business enabler

Raytheon acquires special operations and cybersecurity firm Blackbird Technologies (Raytheon Media Room) Enhances offerings in persistent surveillance, secure tactical communications and cybersecurity solutions in intelligence and special operations markets

Palerra Emerges From Stealth, Changes Its Names And Jumps On The Security Bandwagon (Forbes) I'm always a little dubious about companies that change their names even before they launch. It seems a little presumptuous to me and, in my view, plays to the Silicon Valley bubble where a good name and sufficient use of buzzwords gives a company a better chance of success. Despite my skepticism, it's worth having a look at newly emerged Palerra, which is also newly renamed from its previous incarnation as Apprity

Spanish cybersecurity firm S2 Grupo to begin operating in Colombia in 2015 (Fox News Latino) Spanish cybersecurity firm S2 Grupo will begin operating in Colombia in the first quarter of 2015 as part of an expansion effort that also includes plans to set up shop elsewhere in Latin America and other parts of Europe later this decade

Global Rise in Privileged Account Abuse Drives Record Growth for Thycotic (Virtual Strategy) Thycotic, a provider of smart and effective privileged account management solutions for global organizations, today announced that more than 180,000 IT professionals worldwide are now using the company's Secret Server solution

Symantec and Deloitte establish Cyber Security Alliance to include Middle East (Albawaba) Symantec Corp. in alliance with Deloitte announced today an innovative cyber threat vulnerability management service. The integrated offering will pair Symantec's cyber intelligence and information protection technologies with Deloitte's consulting services to help businesses address concerns around cyber security and information protection. The alliance will focus on growth markets across EMEA, including Middle East as a priority region given it is a hub of targeted cyber crime activity

IBM looks beyond its uneasy IoT pact with GE (Rethink Wireless) While the IT giant is a founder of GE's Industrial Internet Consortium, it also needs IoT groups it can control itself

Microsoft and VNISA cooperate on information security and privacy in Vietnam (VietNamNet Bridge) Microsoft Vietnam and the Vietnam Information Security Association (VNISA) today signed a Memorandum of Understanding (MoU), aimed at strengthening information security and privacy in Vietnam while addressing increasing security risks in the country

Safe-T Appoints Derek Schwartz as CEO (PRNewswire) Safe-T Data, the provider of Unified Secure Data Exchange Solutions desgined to securely bridge the gap between the Enterprise and The Cloud, announced today the appointment of Derek Schwartz as CEO. In his role, Mr. Schwartz will lead Safe-T and be responsible for growing Safe-T's business around the world with a strong focus on the Americas, while continuing to deliver innovative products to market

CrowdStrike™ Appoints Johanna Flower as Chief Marketing Officer (PRNewswire) CrowdStrike Inc., a leading provider of next-generation endpoint threat protection, intelligence, and services announced today that Johanna Flower has joined the leadership team as Chief Marketing Officer

Research and Development

The Next Big Thing To Fight Hackers? Self-Healing Computers (Defense One) Now that the Department of Homeland Security has ponied up $6 billion for governmentwide, automated computer safeguards, a top National Security Agency cybersecurity official says the approach has its shortcomings

Getting Inside the Adversary's OODA Loop: Automation and Information Sharing for Cyber Defense (The CyberWire) The CyberWire interviewed Mr. Philip Quade, Chief Operating Officer of NSA's Information Assurance Directorate, who participated in SINET ITSEF 2014. The NSA's Information Assurance Directorate is responsible for the security of US national security systems. He shared his views on Active Cyber Defense, and how it depends upon automation and information sharing for a risk-based approach to Sensing, Sense-making, Decision-making, and Acting in cyberspace

Security Patches, Mitigations, and Software Updates

Cisco patches serious vulnerabilities in small business RV Series routers (IDG via CSO) Cisco Systems released patches for its small business RV Series routers and firewalls to address vulnerabilities that could allow attackers to execute arbitrary commands and overwrite files on the vulnerable devices

Cyber Attacks, Threats, and Vulnerabilities

Gaza Jihadis Launch Twitter Fundraising Drives To Arm And Supply Their Men (MEMRI) Salafi-jihadi groups in the Gaza Strip have recently launched Twitter fundraising campaigns to finance their activities, with the stated goal of purchasing weapons and ammunition, paying jihad fighters' salaries, financing military activity, and otherwise aiding in waging the war against Israel. The campaigns remind supporters that the "money jihad" is religiously important and propagate the idea that while it is not equal to active participation in jihad, assisting the jihad via financial contributions is still a religious obligation

VMware's ESXi Has Backup Bug (InformationWeek) The version of VMware's hypervisor that's embedded in shipping servers has a bug that under certain circumstances corrupts backup virtual machines

Apple's iWorm fix still leaves major hole (CSO) XProtect isn't protecting against everything

Unpatched bug in Mac OS X gives root access to untrusted people (Ars Technica) Rootpipe allows attackers to take control of Macs without entering a password

Apple customers face 'new era' of cyber attacks (Telegraph) Cyber security company Palo Alto Networks discovers new malware that targets Apple devices and acts like a traditional virus

Malware Discovered In China Could Herald 'New Era' Of iOS And Mac Threats (TechCrunch) Conventional wisdom suggests that the vast majority of mobile malware cases impact Android devices. Or at least that those who do not jailbreak their iPhones are safe most threats — even Apple CEO Tim Cook has bashed Android for "dominating" the mobile malware market. Yet a new virus found in China by US-based researchers could herald the first serious security threat to Apple devices

Experts: Don't use Apple Pay, CurrentC until crooks get a shot at them (Network World via CSO) Despite designers' diligence, these payment systems haven't been tested by real-world criminals

Nov 5 Root Cause Analysis of CVE-2014-1772 — An Internet Explorer Use After Free Vulnerability (TrendLabs Security Intelligence Blog) We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It's rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability — CVE-2014-1772

'Dridex' malware revives Microsoft Word macro attacks (IDG via CSO) A recent piece of malware that aims to steal your online banking credentials revives a decade-old technique to install itself on your PC

Is Shellshock a Feature, not a Bug? (eSecurity Planet) The Shellshock flaw highlights a major security issue. Software created before mass adoption of the Internet is highly susceptible to today's security risks

Experts troubled by Drupal's latest security snafu (FierceContentManagement) Drupal's latest cyberattack may have affected as many as 12 million websites, leaving security experts concerned that similar future exploits could create a ripple effect compromising thousands more sites

Still Spamming After All These Years (KrebsOnSecurity) A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email

Samsung Fires Back at NIST, Says Find my Mobile Service Safe (Threatpost) Samsung this week tried to quell recent reports that its Find My Mobile service is vulnerable to hacking, firing back at NIST (National Institute of Standards and Technology) who warned last month that the feature could be exploited

What attackers do after bypassing perimeter defenses (Help Net Security) Vectra Networks collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks

Reflected File Download a New Web Attack Vector (Trustwave's SpiderLabs) Attackers would LOVE having the ability to upload executable files to domains like Google.com and Bing.com. How cool would it be for them if their files are downloaded without ever being uploaded! Yes, download without upload! RFD is a new web based attack that extends reflected attacks beyond the context of the web browser. Attackers can build malicious URLs which once accessed, download files, and store them with any desired extension, giving a new malicious meaning to reflected input, even if it is properly escaped. Moreover, this attack allows running shell commands on the victim's computer

Tearing down CryptoWall (Cylance) There are not many things that can ruin a day as much as an attacker holding your files for ransom. There are feelings of violation, as they have clearly tampered with your private data, a pit in your stomach when you see how much it will cost to get your files back, and overwhelming guilt as you weigh the pros and cons of actually paying these low life criminals. Many have been feeling these emotions lately as CryptoWall has been on the rise, most recently with the campaign infecting users via malvertising on sites such as Yahoo and AOL

Which Government Websites Host the Most Phishing Attacks? (Cyveillance Blog) Last month we shared some data from a year's worth of collected phishing URLs. In that post, we described the relationship between Alexa rankings and the likelihood that a URL leads to a phishing attack. In this post we'll examine another insight gained from examining that data

Guy Fawkes Night special: The ultimate 2014 guide to hacking and cyber terrorism (IT Pro Portal) It's now over 409 years since Guy Fawkes and his band of conspirators plotted to blow up the Houses of Parliament with King James I inside. Since then, the world of crime and terrorism has come a long way, and perhaps a modern day Guy Fawkes would be more interested in hacking the parliamentary computer system rather than blowing it to pieces

Cyber Espionage — China in the Crosshairs (Check and Secure) The business world is getting bigger and it is long since known that in this globalised world, the markets in the far east are of vital importance to any company wanting to expand internationally

Alaska's Online Voting Leaves Cybersecurity Experts Worried (IEEE Spectrum) Some Americans who lined up at the ballot boxes on Tuesday may have wished for the convenience of online voting. But cybersecurity experts continue to argue that such systems would be vulnerable to vote tampering — warnings that did not stop Alaska from allowing voters to cast electronic ballots in a major election that had both a Senate seat and the governorship up for grabs

Is Easy WiFi Access Putting You at Risk? (Tripwire: The State of Security) Throughout National Cyber Security Awareness Month (NCSAM), I must admit I realized I was reading the same advice we have always pushed out — the same obvious methodologies and procedures to help keep us all nice and secure

LUS says Internet service outage result of cyber attack (KATC) The loss of services many users of Lafayette Utility Systems' fiber Internet experienced since Tuesday was the result of a cyber attack, LUS said in a news release Wednesday

Canadian church website hacked with hate messages by pro-ISIS hackers (HackRead) A group of pro-ISIS hackers hacked and defaced the website of a Inniswood Baptist Church in Barrie city of Canada, Monday afternoon

Capital One Acknowledges Insider Breach (eSecurity Planet) An employee improperly accessed an undisclosed number of customers' names, account numbers and Social Security numbers

Litigation, Investigation, and Enforcement

Government demands for Facebook user data soar by 24% (Naked Security) Government requests for Facebook's user data rose by almost a quarter in the first half of 2014 compared with the second half of the previous year, according to the social network

Alleged Russian hacker one step closer to facing justice in U.S. (CBS News) The Dutch government has approved the extradition to the United States of a Russian citizen accused of participating in a hacking ring that penetrated computer networks of more than a dozen corporations and stole at least 160 million credit and debit card numbers

STD dating site PositiveSingles.com faces $16.5 million fine for sharing user profiles (Naked Security) The claimant signed up with a dating site for people with sexually transmitted diseases (STDs) that promised "100% anonymity"

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

POC2014 (Seoul, Republic of Korea, November 4 - 7, 2014) POC (Power of Community) started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and creative discussion and shows real hacking and security. POC wears both black hat and white hat. POC will share knowledge for the sake of the power of community. POC believes that the power of community will make the world safer.

National Initiative for Cybersecurity Education Conference and Expo (Columbia, Maryland, USA, November 5 - 6, 2014) The NICE 2014 Conference and Expo features thought leaders from education, government, industry and non-profits to address the future cybersecurity education needs of the nation

Managing BYOD & Enterprise Mobility USA 2014 (San Francisco, California, USA, November 5 - 6, 2014) The Managing BYOD & Mobility USA 2014 conference will provide a unique networking platform, bringing together top executives from USA and beyond. They come together not only to address mobility challenges and set the precautions framework, but most importantly to provide the necessary tools, insights and methodological steps for constructing a successful mobility policy. These policies will fulfill the BYOD prophecy of increased productivity, employee satisfaction, cost savings and corporate competitive advantage

Journal of Law and Cyber Warfare First Annual Cyber Warfare One Day Symposium (New York, New York, USA, November 6, 2014) The Journal of Law and Cyber Warfare is proud to present the First Annual Cyber Warfare One Day Symposium. Join us as senior lawyers, technology chiefs, government officials, and academics discuss the current threat of cyber security and how it is affecting US corporations. CLE credit is available on certain panels

RiseCON 2014 (Rosario, Santa Fe, Argentina, November 6 - 7, 2014) Rosario Information Security Conference: es el primer y mayor evento de seguridad informática y hacking realizado en la ciudad de Rosario, con nivel y trascendencia internacional

Israel HLS 2014 (Tel Aviv, Israel, November 9 - 12, 2014) The third International Conference on Homeland Security will bring together government officials, public authorities, and HLS industry leaders from around the world to share their knowledge and experience. They will participate in high-level discussions on securing the safety of citizens and protecting critical infrastructure and property, and explore Israel's advanced HLS technologies and systems.

Critical Infrastructure Cyber Community (C3) Voluntary Program Meeting (San Diego, California, USA, October 13, 2014) Join stakeholders from across the cyber community to discuss building a cyber risk management program, using DHS resources, and to learn how organizations of all sizes are using the Cybersecurity Framework

i-Society 2014 (London, England, UK, November 10 - 12, 2014) i-Society 2014 is a global knowledge-enriched collaborative effort that has its roots from both academia and industry. The conference covers a wide spectrum of topics that relate to information society, which includes technical and non-technical research areas.

Seattle SecureWorld (Seattle, Washington, USA, November 12 - 13, 2014) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

AVAR 2014 (, January 1, 1970) The 17th Association of anti-Virus Asia Researchers International Conference: Security Down Under. Topics will include case studies of targeted attacks, real-life attack demonstrations, web-inject attacks/code insertion attacks, man-in-the-browser attacks, targeted advanced persistent threats, dedicated advanced evasion techniques, and mitigations to all of these. The conference will also take up identification and investigation of targeted threats, how to spot targeted attacks in collections, COINTEL (counter intelligence) on determined adversaries (e.g, detecting the attacker, running honeypots, etc.), mobile malware, and security policies.

ZeroNights 2014 (Moscow, Russia, November 13 - 14, 2014) ZeroNights is an international conference dedicated to the practical side of information security. It will show new attack methods and threats, showcase new possibilities of attack and defense, and suggest out-of-the-box security solutions. ZeroNights gathers experts, infosecurity practitioners, analysts, and hackers from all over the world

Cyber Security Awareness Week Conference (New York, New York, USA, November 13 - 15, 2014) Get ready for CSAW: the largest student-run cyber security event in the nation, with a research conference that attracts some of the biggest names in the industry, and a career fair with an impressive list of corporate partners. It's a weekend of competitions, keynote talks and cyber security events, designed to prepare best-performing students with the skills and knowledge to shape the future of the industry

Ground Zero Summit, India (New Dehli, India, November 13 - 16, 2014) Ground Zero Summit (GOS) 2014 in its second year promises to be Asia's largest Information Security gathering and proposes to be the ultimate platform for showcasing researches and sharing knowledge in the field of cyber security. GOS rationale: The increasing volume and complexity of cyber threats - including phishing scams, data theft, and online vulnerabilities, demand that we remain vigilant about securing our systems and information. Enterprises and governments worldwide are grappling the grim reality of data and critical systems being exploited. This summits aims at addressing these new forms of cyber attack and formulate solutions

Cyber Threats to Critical Infrastructure: A Discussion of Challenges, Responses and Next Steps (Herndon, Virginia, USA, November 18, 2014) The vulnerability of the nation's critical infrastructure to cyber attack or disruption, whether from nation-states, non-state actors, hackers or disgruntled insiders, is of increasing concern to both the government and the private sector. INSA's Homeland Security Intelligence Council and Cyber Council are bringing together a panel of nationally-recognized experts to respond to a fictional scenario involving a cyber attack on critical infrastructure in the energy sector

Deepsec 2014 (Vienna, Austria, November 18 - 21, 2014) DeepSec is an annual European two-day in-depth conference on computer, network, and application security. This is a non-product, non-vendor-biased conference event. Our aim is to present the best research and experience from the fields' leading experts.

BugCON (Mexico City, Mexico, November 19, 2014) BugCON Security Conference is hardcore technical conference focused on the technical side of the security. Running since 2008 BugCON is the oldest forum where researchers, students and professionals shows their latest research and projects

Navy Now Forum: Admiral Rogers (Washington, DC, USA, November 19, 2014) Leaders from the Navy will present new initiatives in-depth, providing the audience with a thorough knowledge of the Navy's future plans. During the luncheon, military personnel and industry leadership will provide feedback on these initiatives to help chart the Navy's direction. This luncheon will feature NSA Director Admiral Michael Rogers

International Cyber Warfare and Security Conference (Ankara, Turkey, November 19 - 20, 2014) In-depth discussions will cover: new emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects of cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, and the next generation of cyber attacks—mapping the future threat environment.

EDSC 2014 (Seattle, Washington, USA, November 20 - 21, 2014) EDSC is a security conference focusing on embedded systems, hardware, and anything behind the silicon curtain. Embedded testing is a rapidly expanding area of the security industry staying current is important for engineers, researchers, and testers alike. EDSC will bring the top thought leaders in the embedded security field together for two days to share knowledge, techniques, and research.

Cyber Security World Conference 2014 (New York, New York, USA, November 21, 2014) Welcome to Cyber Security World Conference 2014 where renowned information security authorities and innovative service providers will bring their latest thinking to hundreds of senior executives focused on protecting today's enterprises. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

Ethiopia Banking and ICT Summit (Addis Ababa, Ethiopia, November 21, 2014) he one day summit is designed to highlight the key Investment opportunities especially in the Banking & ICT Sectors. As an emerging economic capital for the region, Ethiopia is leading the way in industrial growth, international trade and global integration for sub-Saharan Africa as a whole.

BSidesVienna (Vienna, Austria, November 22, 2014) BSidesVienna will open it's doors again in 2014. Be part of it and stay tuned

BSidesToronto (Toronto, Ontario, Canada, November 22, 2014) This year the conference is bigger, better, faster and…well, still one day in length but, we have an awesome line up. And no I'm not just paying "lip service"

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.