The CyberWire Daily Briefing 12.31.14

Summary

By The CyberWire Staff

Swedish authorities report their Parliament's Website has sustained an attack, but as a matter of policy release no details or attribution while investigation continues.

India has moved to block GitHub and some thirty other sites on the grounds that they're being used as conduits for "anti-India" propaganda by ISIS sympathizers.

Gmail access within China appears partially restored.

Speculation over attribution of the Sony hack continues apace. The US National Security Council "stands by" the FBI's finding that North Korea did it, but various off-the-record statements elsewhere in the Government suggest the US is investigating a more complicated attribution involving hacktivists, skids, disgruntled insiders, extortionists, and hired guns, possibly colluding with, or acting under the direction of, the DPRK. Anti-War offers a somewhat over-heated denunciation of confirmation bias in attribution (itself offering a minor example of confirmation bias — terms like "neocon" and "Obamite" are symptomatic). Norse, an early critic of the DPRK thesis, discusses its own investigation in DarkMatters. The New York Times and Wall Street Journal publish accounts of Sony's reaction as the attack proceeded.

LizardSquad, perhaps departing from its customary stance of disinterested lulz and exposure of network vulnerabilities, is said to offer denial-of-service for a monthly subscription.

Card data stolen from OneStopParking have made it into criminal black markets. Banks warn Chick-fil-A that they're seeing evidence of a data breach.

On the last day of 2014 lots of people are happy to share their predictions for 2015.

Insurers look at the Sony hack and shape their offerings accordingly.

Notes.

Today's issue includes events affecting China, Iran, Iraq, India, Democratic Peoples Republic of Korea, Republic of Korea, New Zealand, Sweden, Syria, United States

We wish all a happy new year. The CyberWire will take tomorrow off, but we'll resume normal publication Friday.

Selected Reading

Cyber Trends

In Cyber Battlefield, Banks Reportedly Go On Offensive (ValueWalk) In the new battlefields of cyber warfare,big banks, protected at so many levels by government, are on their own when it comes to the most venerable attacks. In an environment lacking government protection in cyber attacks, or even any guidelines on what critical infrastructure should be protected, banks and other large corporations are taking matters into their own hands and turning to offensive hacking teams, according to a new report by Michael Riley and Jordan Robertson of Bloomberg News

'Cyber warfare may have similar impact on security as nukes' (Russia Today) A country with professional computer programmers and access to intelligence gathering capabilities has great potential for affecting global security as nuclear weapons did 50 years ago, Dr. Duncan Earl, Chief Technology Officer of Qubitekk Inc. told RT

Is 'CyberPearl Harbor' Coming? (WND) Sony gets hacked and a major movie project is disrupted. Xbox and Playstation systems are taken down. Millions of pages of names, addresses and other private information vanish into cyberspace so your routine includes getting an all-new credit-card number and security code

Most IT Security Pros 'Guarantee' Customer Data Will Be Safe Next Year (Talkin' Cloud) IT security admins confident in organization's ability to prevent security breaches in 2015

What Are The Top Cybersecurity Threats Of 2015? (Investor's Business Daily) Hackers who've long used malware to slip inside company computer networks are hunting down administrative and other privileged accounts, enabling them to go undetected for months, says a cybersecurity expert in a look ahead to the top threats of 2015

Targeted attacks the 'new normal', says Trend Micro exec (Malay Mail) If there was one surprise for David Siah, it was the fact that despite a rapidly changing IT landscape, targeted attack campaigns were expected to continue to multiply in 2015, becoming the norm rather than the exception

Top Cybercrime Trends and Predictions for 2015: ESET (Technuter) ESET, a global player in proactive protection for more than two decades, has compiled and published a summary of the top cybercrime trends and predictions for 2015. These highlights are explored in further detail in ESET's Cybercrime Trends & Predictions 2015 report. While last year's focus was on internet privacy and Android malware, new areas of InfoSecurity risks are bubbling to the top in 2015

In Cybercrime, What’s Old Is New Again (TechCrunch) Like most cases, this one started with a frantic call from a restaurant owner. The panic and uncertainty bled through the phone. He had just been notified his business suffered a payment card data breach and his acquiring bank mandated he hire an investigator to determine what happened

2015 Network Security Predictions: 8 Things That Won't Happen (Gartner Blogs) You've probably read your fill of security prophets (many employed by security vendors) prognosticating about all the scary/wonderful security stuff that will happen in 2015. Rather than go down that too-traveled route, I've decided to take a different angle and discuss 8 buzzed-about vendor-wished-for phenomena that will not occur in the coming year, and will confuse your security posture

Tech 2015: Deep Learning And Machine Intelligence Will Eat The World (Forbes) Despite what Stephen Hawking or Elon Musk say, hostile Artificial Intelligence is not going to destroy the world anytime soon. What is certain to happen, however, is the continued ascent of the practical applications of AI, namely deep learning and machine intelligence. The word is spreading in all corners of the tech industry that the biggest part of big data, the unstructured part, possesses learnable patterns that we now have the computing power and algorithmic leverage to discern — and in short order

CSA to closely monitor enterprise cloud data privacy issues in 2015 (TechTarget) The Cloud Security Alliance says cloud data privacy has emerged as a top issue for industry amid Microsoft's battle with the U.S. government over customer emails stored in Ireland

This is what you told us about computer security in 2014 (Naked Security) Two weeks ago we asked you to tell us, "Did computer security get better or worse in 2014?" We asked some of our regular writers for their thoughts; then we invited you to vote in our poll and write your own commentaries on the article and on our Facebook page

Parsippany native leads charge against cyber attacks (Asbury Park Press) A Parsippany native on the front lines of the global cyber wars says if you thought 2014 was wild, wait until 2015

Dave McClure, Chief Strategist, Veris Group (Federal News Radio) Four new pieces of cybersecurity legislation give federal IT leaders some new tools to deal with network and information security. But that law may be responding to threats — or problems — that are being overcome by events

Legislation, Policy and Regulation

Chinese FM responds: Against any cyber attack (China Daily) China is against cyber attacks in any form, Chinese Foreign Minister Wang Yi said on Tuesday

Is India prepared to tackle a Sony like cyber attack? (Business Standard) A national cyber crime and coordination centre meant to fend off such attacks is still awaiting approval

New Zealand Spy Agency Has New Cyber Warfare Defence System (International Business Times) New Zealand's spy agency, Government Communications Security Bureau, has a new cyber attack defence system. GCSB director Ian Fletcher has revealed the intelligence agency will invest in the system to protect New Zealand from cyber warfare

From cloud to security, experts predict active 2015 for feds (Fedscoop) With the past few years spent laying so much groundwork to modernize federal IT, many experts expect 2015 is the year where the government will begin to reap what it has sown

Rogers' legacy: Security state? (Livingston Daily Press & Argus) Mike Rogers might not have been the architect of America's post-9/11 security state

A New Year's resolution for Obama: Dismantle the NSA (The Week) Two new reports reveal that the spy agency is even more lawless than we thought

Products, Services, and Solutions

FireEye Expands Security Platform (eSecurity Planet) FireEye CTO Dave Merkel details his firm's latest additions and offers some security predictions for 2015

Free vs. Paid Antivirus: Avira vs. Bitdefender (Tom's Guide) Do you really need to pay for Windows antivirus software?

EMET your enterprise for peak Windows security (ZDNet) Microsoft's Enhanced Mitigation Experience Toolkit (EMET) tightens the security screws in Windows and applications. It's set up for enterprise deployment and management

MegaCryption Adds Record-Level Encryption Adapter for Innovative Cryptography Options (Virtual Strategy Magazine) MegaCryption now offers the ability to encrypt and decrypt individual records for usage in a specific program or transaction, commonly known as record-level encryption, through its Record-Level Encryption Adapter (RLEA)

Technologies, Techniques, and Standards

Hey, devs! Those software libraries aren't always safe to use (IDG via Computerworld) Flaws in third-party software libraries often find their way into products, a problem that will occupy developers and sysadmins next year

4 Infosec Resolutions For The New Year (Dark Reading) Don't look in the crystal ball, look in the mirror to protect data and defend against threats in 2015

Would your supply chain survive a cyber-attack? 5 ways to tell (Strategic Sourcer) Right on the heels of Sony's run-in with hackers, the US cyber security firm, Cylance, is calling attention to the threat Iran poses in the digital landscape. Hackers aren't a new phenomenon, but the threat of cyber-attacks on American businesses is getting more common and potentially much more devastating than ever before

Hackers test, teach computer pros at Cyber Range (Milkwaukee Journal Sentinel) You won't find this town on a map, but it's a very scary place

Data Breaches: Why Prevention Isn't Enough (Corporate Counsel) Cyberattacks and data breaches are an all-too-common fact of modern business. The news is full of stories about major U.S. banks and retailers being hacked, and the perpetrators are stealing the financial and personal information of clients, customers and others. While the masterminds and motives behind such attacks are not always immediately apparent, one thing is clear: In-house counsel must understand that traditional network security approaches are no longer enough. Firewalls and intrusion-prevention systems have become mere nuisances for determined hackers. In many instances, the malware and method of attack are more sophisticated than normal preventative measures can account for. This means that companies must accept the fact that data breaches could happen to them, regardless of the strength of their protective approaches

Attribution As A Weapon & Marketing Tool: Hubris In INFOSEC & NATSEC (Krypt3ia) In talking to Steve Ragan over the time between the Sony initial hack and now he confided in me that he had some emails and data that may come to bear on the whole attribution drum that I have been banging on. As he is a friend I cajoled him into sending me the data (THANKS STEVE-O!) and lo and behold it?s got some interesting twists for all those out there playing the home attribution game! As you all likely have seen on my Twitter feed and here I am not a real fan of the whole attribution thing to start and now with everyone screaming CYBERWAR NOW! I have been all the more disgusted with the companies all falling over each other for air time on CNN and CBS to conjecture their own theories cum free advertising

Wi-Fi router security: Assessing the vulnerability of backdoor attacks (TechTarget) Multiple Wi-Fi routers are reportedly vulnerable to backdoor attacks. Expert Kevin Beaver explains how to detect if your system is at risk

IoT In Protocol War, Says Startup (InformationWeek) There's no clear end in sight for the protocol wars in the Internet of Things, according to Tanuj Mohan, co-founder and CTO of building controls startup Enlighted, which developed its own 802.15.4 protocols

NGFW benefits include identity awareness, secure mobile access (TechTarget) Security expert Diana Kelley outlines three major benefits of next-generation firewalls: their ability to thwart unknown attacks, to make decisions using identity awareness and to ensure secure access by remote and mobile users

Final considerations before a next-gen firewall purchase (TechTarget) View expert advice on seven final factors to take into account before making a next-gen firewall purchase, from vendor support options and ongoing costs to integration capabilities and community support

Avoid security issues with new tech toys (Dispatch) As the gift-giving season comes to a close, many children and children at heart will be playing with their new electronics

Marketplace

2 big lessons from the Sony Pictures cyber attack (Property Casualty 360) There are several lessons to be learned by the attack on Sony Pictures, and businesses and the insurance industry need to take notice

Network security spend on steady growth curve — Forrester (Channelnomics) Research shows firms prefer to use one vendor for network security solutions

Global or Inter-site Threat Intelligence Represents Key Opportunity for IoT Systems Security, According to New Research by VDC (Virtual Strategy Magazine) Few organizations currently employ all the security advantages enabled by IoT

The Insider Sales Brief: Palo Alto Networks (Seeking Alpha) Palo Alto Networks is one of the best performing stocks of 2014 with 118% return. 5 insiders including both CEO and CFO sold $8.8 millions worth of stock in the last week. In the last 12 months, 12.07 times more insider sales have been reported than that of insider buys

FireEye Inc (FEYE) Is Still A Buy At Topeka Capital (Bidness ETC) Analyst Frederick Ziegel reaffirmed a Buy rating with a $45 price target for FireEye shares

Don’t Get Fired Up About FEYE Stock (Investor Place) The Sony hack gave FireEye a boost, but FEYE has other problems

Is Splunk Inc. on Solid Financial Ground? (Motley Fool) There are few trends larger than big data, the catch-all term for the seemingly endless stream of bits and bytes being generated, collected, and stored across every sector, industry, and business. The growing Internet of Things, including the networking of all things electrical, is creating substantial challenges for companies eager to find new ways to mine increasingly larger data sets to improve and protect their businesses

Security Patches, Mitigations, and Software Updates

XXE Bug Patched in Facebook Careers Third-Party Service (Threatpost) A vulnerability was discovered and patched in a third-party service that handles resumes on Facebook's careers page

Android Lollipop 5.0.2 is out, but some Nexus users are still stuck on KitKat (Naked Security) Google recently released yet another version of Android Lollipop, 5.0.2, but published a firmware image for only one device in its Nexus family

Android 2.3 Gingerbread — Four years later, the OS just won't die (Ars Technica) Years of support means the OS looks very different today than it did in 2010

Cyber Attacks, Threats, and Vulnerabilities

Cyber attack on Swedish Parliament's website (The Local (Sweden Edition)) The official website of the Swedish Parliament was taken down on Tuesday, in what officials labelled "an outside attack"

A threat from ISIL prompts India to block Github and a handful of other sites (Quartz) The Indian government has apparently blocked a clutch of websites — including Github, the ubiquitous platform that software writers use for sharing and working on open-source code — because they were carrying "anti-India" content from ISIL (a.k.a. Islamic State or ISIS)

India's Government Asks ISPs To Block GitHub, Vimeo And 30 Other Websites (TechCrunch) China may be the 'home' of global internet censorship, as recent issues accessing Gmail from the country proved, but India seems to be doing its best to rival its neighbor. Today it emerged that the Indian government has asked internet service providers and mobile operators to block access to 32 sites in the name of its censorship laws

Access To Gmail Partially Restored In China (TechCrunch) Gmail access is partially restored in China, according to some reports as well as Google's own real-time traffic charts. The bump in traffic follows a multi-day outage that began just after Christmas, which saw Gmail users blocked from using a workaround that allowed them to download their messages through third-party apps like Apple Mail and Microsoft Outlook which use POP, SMAP and IMAP. The latest shutdown appeared to have closed up that final loophole, blocking Gmail almost entirely in the country

The unusual suspects: Ex-employees, Lizard Squad may have aided Sony hack (Ars Technica) Analysts point to at least six insiders; DDoSers say they gave passwords to GoP

Ex-Sony Worker Hacking Theory Casts Doubt on North Korea Origins (Bloomberg) At least one former employee of Sony Corp. (6758) may have helped hackers orchestrate the cyber-attack on the company's film and TV unit, according to security researcher Norse Corp

Sony Hacked By N. Korea, Hacktivists, Ex-Employee, Or All Of The Above? (Dark Reading) FBI gets briefed on ex-Sony employee's possible role in hack as questions remain about who did what and when in epic breach of the entertainment company

Norse Investigation Focusing on a Small Group, Including Sony Ex-Employees (DarkMatters) An investigation into the massive breach at Sony has focused on a group of at least six individuals that may have worked to compromise the company's networks, including at least one ex-employee who had the technical background and system knowledge to carry out the attack

Doubts Remain About North Korea's Role in Sony Pictures Cyber-Attack (AFP via NDTV) Even after Washington pointed the finger at North Korea for the massive cyber-attack on Sony Pictures, some experts say the evidence is far from clear cut

The Sony Hack Fraud (Anti-War) A classic case of confirmation bias

Some Experts Still Aren't Convinced That North Korea Hacked Sony (Business Insider) Even after Washington pointed the finger at North Korea for the massive cyberattack on Sony Pictures, some experts say the evidence is far from clear cut

White House Deflects Doubts on Source of Sony Hack (Dow Jones Business News via Nasdaq) The White House pushed back Tuesday against criticism from some cybersecurity experts who have challenged the government's conclusion that North Korea was behind the hacking of Sony Pictures Entertainment Inc

U.S. suspects North Korea hired outside hackers for Sony Pictures strike (Reuters-AFP via Japan Times) U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month's massive cyberattack against Sony Pictures, an official close to the investigation said

Sony Hacking Attack, First a Nuisance, Swiftly Grew Into a Firestorm (New York Times) It was three days before Thanksgiving, the beginning of a quiet week for Sony Pictures. But Michael Lynton, the studio's chief executive, was nonetheless driving his Volkswagen GTI toward Sony's lot at 6 a.m. Final planning for corporate meetings in Tokyo was on his agenda — at least until his cellphone rang

Behind the Scenes at Sony as Hacking Crisis Unfolded (Wall Street Journal) The day after Sony Pictures employees discovered that company email was unusable following a cyberattack, senior executives came up with an old-style communication network: a phone tree, in which updates on the hack were relayed from person to person

Low-risk 'worm' removed at hacked South Korea nuclear operator (Reuters) South Korean authorities have found evidence that a low-risk computer "worm" had been removed from devices connected to some nuclear plant control systems, but no harmful virus was found in reactor controls threatened by a hacker

Cellular Privacy, SS7 Security Shattered at 31C3 (Threatpost) The recently concluded Chaos Communications Congress (31c3) in Hamburg, Germany was an all-out assault on cellular call privacy and security. Of particular interest was the SS7 protocol used to route calls between switching centers

Majority of 4G USB Modems, Sim Cards Exploitable (Threatpost) Researchers say 4G USB modems contain exploitable vulnerabilities through which attackers could, and researchers have, managed to gain full control of the machines to which the devices are connected

Hackers Offer DDoS Monthly Subscription Services (HackSurfer) This year many were surprised to find on Christmas day they couldn't play their newly acquired game systems and games on the Playstation or Xbox networks thanks to a hacking group called Lizard Squad. They ran a DDoS attack on the networks that resulted in a blackout. This wasn't some random, whim, attack. According to a report from Tom's Hardware this was an advertising campaign

Card Data of OneStopParking.com Customers Available for Sale on Underground Forum (Softpedia) Cards belonging to customers that have used the online service OneStopParking have been put up for sale on an underground forum. Although the company did not detect any abnormal activity on their systems, it did receive complaints from customers about fraudulent charges. The immediate reaction was to scan the website for malicious files, as well as to upgrade the security software used for protecting the site

NVIDIA Network Breached, 500+ Staff Urged to change account details (HackRead) NVIDIA, the American global technology company known for manufacturing graphics processing units (GPUs), as well as system-on-a-chip units (SOCs) for the mobile computing market has asked its staff of over 500 employees to change their log in account credentials on their company accounts following what they say was an "unauthorized access" to their computer network in Santa Clara, California

Banks: Card Breach at Some Chick-fil-A's (KrebsOnSecurity) Sources at several U.S. financial institutions say they have traced a pattern of credit card fraud back to accounts that all were used at different Chick-fil-A fast food restaurants around the country. Chick-fil-A told KrebsOnSecurity that it has received similar reports and is working with IT security firms and law enforcement in an ongoing investigation

Expert's warning: Likelihood of future cyberattacks on U.S. emanating from Cuba is '100 percent' (Washington Times) The U.S. and Cuba are enjoying a nice honeymoon following the recent reconciliation between the two nations after five decades of acrimony. But don't get too chummy, warns one information security expert. "Apparently the United States has not yet learned its lesson of the downside of giving away communication technology to Communist regimes, and will once again pay the price. In a year or two when Cuba gets advanced broadband circuits promised by President Obama, the likelihood that we will see attacks on U.S. public and private networks emanating from Cuba is 100 percent," predicts James W. Gabberty, professor of information systems at Pace University in New York City and an alumnus of both the Massachusetts Institute of Technology and New York University Polytechnic Institute

Cyber crooks scouting for vulnerabilities in Apple Pay: Trend Micro (Economic Times) Cyber criminals are looking at ways to exploit tech giant Apple's recently-launched digital payment solution Apple Pay, according to top cyber security solutions firm Trend Micro

Social Engineering: Be Careful What You Share (Tripwire: the State of Security) There is a certain psychology involved with the games that advertisers play with us in order to collect valuable information based on our habits. Consider social engineering, the ability for a person to gather information or favors that they normally wouldn't provide based on the human element

Academia

Data Scientist Training Programs Gain Steam (InformationWeek) More universities are launching programs to develop the big data talent businesses need

Litigation, Investigation, and Enforcement

FBI Investigating Whether Companies Are Engaged in Revenge Hacking (Bloomberg) The hacked are itching to hack back

Intelligence, defense whistleblowers remain mired in broken system (McClatchy) When Ilana Greenstein blew the whistle on mismanagement at the CIA, she tried to follow all the proper procedures

Director of Europol: 'Top computer graduates are being lured into cybercrime' (Independent) Rob Wainwright has a fine view from his office in the forbidding HQ of the European police agency Europol — but his attention is fixed far beyond the The Hague

Over 80 Percent of Dark-Web Visits Relate to Pedophilia, Study Finds (Wired) The mysterious corner of the Internet known as the Dark Web is designed to defy all attempts to identify its inhabitants. But one group of researchers has attempted to shed new light on what those users are doing under the cover of anonymity. Their findings indicate that an overwhelming majority of their traffic is driven by the Dark Web's darkest activity: the sexual abuse of children

WikiLeaks claims employee's Google mail, metadata seized by US government (Ars Technica) Google alerted organization on Christmas Eve of served warrant

Deschutes' digital forensics lab stretched (Bend Bulletin) Growing demand for forensic services stretches computer forensics lab

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market (Washington, DC, USA, January 12, 2015) Join the U.S. Commercial Service Market Briefings on Europe's Cyber Security & IT Market. The value of the global cyber security market is expected to grow by 11.3% each year, reaching $120 billion by 2017. The Western Europe region alone is estimated to contribute $28.1 billion to this industry, driven by changing threats and technologies. These briefings aim to provide the latest information on Cyber Security & IT markets in Europe

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings address State and Federal cyber legislation; provide updates on Task Force efforts to improve California's cyber workforce and education; promulgate critical information to enhance California's cyber awareness and preparedness; discuss state advances in cybersecurity and digital forensics; and grant residents an opportunity to share cyber information and innovation

IARPA Proposers' Day for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program (Washington, DC, metropolitan area, January 21, 2015) The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers' Day Conference for the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program on January 21, 2015, in anticipation of the release of a new solicitation in support of the Program. The Conference will be held from 9:00 AM to 4:00 PM EDT in the Washington, DC metropolitan area. The purpose of the Conference will be to provide introductory information on CAUSE and the research problems that the Program aims to address, to respond to questions from potential proposers, and to provide a forum for potential proposers to present their capabilities and identify potential team partners

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure and overall operations. Our two-day summit will provide insights on the most unique and thought provoking active defenses currently available for physical and personnel security, as well as, cyber threats. By supplying intelligent focus through tailored solutions our presenters and sponsors will be contributing to a forum to discuss ways to mitigate the risk of insider threats. This event allows for a truly unique opportunity to hear from experts in the field talk about their current and future solutions, giving way to an optimal setting for networking

upcoming Events

Cybersecurity World Conference (New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting the information of today's enterprises and government agencies, respectively. Cyber security experts will discuss topics such as protecting individuals and companies against cyber-attacks, cyber security in the Internet of Things age, biometrics as the future of security, risks brought by mobile computing, and protecting corporate and national infrastructure against foreign attacks

FloCon 2015 (Portland, Oregon, USA, January 12 - 15, 2015) FloCon is an open network security conference organized by Carnegie Mellon University

National Cybersecurity Center Of Excellence (NCCOE) Speaker Series: Security In A Cyber World (Rockville, Maryland, USA, January 14, 2015) The National Cybersecurity Center of Excellence (NCCoE) Speaker Series showcases global thought-leaders to highlight critical cybersecurity issues of national importance. The keynote speaker will be Chris Inglis, former Deputy Director of the National Security Agency

ShmooCon (Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks called One Track Mind. The next two days bring three tracks: Build It, Belay It and Bring It On

FIC 2015 (Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a priority for the European Union as stated in the Stockholm Programme for 2010–2015. Its objective is to open up the cybersecurity debate by bringing together security and risk management experts with non-specialists to enable them to compare viewpoints and lessons learnt

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human behavior within and across networks. The conference will bring together subject matter experts to discover and share new means of recognizing human related cyber indicators, and the evolution of these human indicators in the coming decades. The Human Cyber Forensics Conference will focus on such topics as insider threat, next generation social engineering, progressive communications, neuroscience, social cognition, social media, and neuro-ethics

AppSec California (Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get the right work done faster, so organizations are better able to meet their goals

Financial Cryptography and Data Security 2015 (San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the FC program features invited talks, academic presentations, technical demonstrations and panel discussions. In addition, several workshops will be held in conjunction with the FC conference

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.