Anonymous commemorated Guy Fawkes yesterday with a wave of attacks on firms and agencies worldwide. The hacktivists' claims are still being sorted out, but Symantec, VMWare, Telecom Italia, and the UK Ministry of Defense appear to be among the victims.
Co-located virtual machines are found vulnerable to a side-channel attack that steals crypto keys. More VMWare ESX source code is leaked online. North Carolina State researchers find an Android smishing (phishing via SMS) vulnerability. Malware targeting Android (and, surprisingly, Nokia's practically abandoned Symbian OS) becomes more prevalent.
More commentary on belated disclosures of compromises: Coca Cola and Chesapeake Energy concealed successful hacks from investors (apparently at law enforcement's request). Oddly, companies are surprised that laid-off employees would steal data as they're shown the door. The US elections today prompt observers to warn about cyber voting fraud and various election-related phishing capers (and other observers sensibly point out that voting fraud is as old as voting).
Mozilla's Firefox will henceforth enforce HTTPS more stringently. Sophos warns of a vulnerability in its security software and plans to issue a patch later this month.
Australia bucks global trends toward increased BYOD adoption. Canada's Communications Security Establishment says "Made in Canada" is no panacea for network security. A surprising entry into the cyber marketplace occurs in Maryland as armored car company Dunbar announces its expansion into cyber security services. Virtualization and cloud migration feature in IT cost-cutting case studies.
US cyber policy moves closer to public-private collaboration. Germany revives its controversial Internet monitoring effort.
Today's issue includes events affecting Australia, Canada, China, Estonia, Germany, India, Republic of Korea, Singapore, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
What's up with the Anonymous hackfest?(Network World) Hackers apparently linked to the hactivist group Anonymous today kept up a hacking spree to dump data they said they stole from Symantec, VMware, PayPal, Hyundai, and the U.S. Department of Energy and Transportation, among others. Symantec says it's still "investigating the recent claims made online regarding the security of our networks," and adds that it has found "no evidence that customer information was exposed or impacted," and "will continue to monitor the situation and aggressively investigate these and any related claims." But at least one other security vendor that's looked at the data dumped online says it does seem to be Symantec employee names and password hashes
Telecom Italia Hacked by Anonymous, 30,000 Credential Sets Stolen(Softpedia) Anonymous hacktivists claim to have breached the systems of Telecom Italia, Italys largest telecommunications company. The hacktivists have stated that the organizations systems are plagued by over 3,000 vulnerabilities and errors that can be leveraged by third parties to access sensitive information. The hacker say theyve gained access to over 30,000 credential sets, including social security numbers, social insurance numbers and user passwords
Various Australian sites hacked by Anonymous(E Hacking News) Earlier Today, we have reported that the Australian entertainment site GreekCity hacked by Anonymous. As part of Nov 5 protests, Australia Anonymous hackers has attacked more Australia's websites. The affected sites includes Fremantle Arts Centre
VMware ESX Source Code Leaked Online -- Again(Dark Reading) A hacker has made source code for VMware's ESX hypervisor available for download. More source code for VMware's ESX hypervisor technology has been leaked onto the Internet
Android Smishing Vulnerability Found in Android Open Source Project Firmware(Threatpost) A vulnerability discovered in the Android Open Source Project enables malicious applications to send SMS messages without user permission across all recent Android platforms. While no exploits are active in the wild, one could be built that could be at the center of various SMS phishing, or smishing, attacks, said Xuxian Jiang, associate professor in the North Carolina State University computer science department
Android, Symbian Malware on the Rise(Threatpost) Yes. You read that headline correctly. F-Secure is talking about the beleaguered and nearly defunct Symbian operating system, upon which Nokia halted nearly all development in February before announcing that it had been put in maintenance mode in September. Despite a nearly 63 percent drop in shipments of Symbian devices in the second quarter of this year and its modest 4.4 percent share of the global smartphone market, Symbian was the new home for 21 variants of malware in Q3, up 17 percent from Q2
Coca-Cola investors kept in dark after hacking incident(National Post) Chesapeake Energy Corp. also kept mum after cyber attackers made off with files from its investment banking firm about natural gas leases that were up for sale. Each of these cases was detailed to Bloomberg News either by people involved
Data theft a big issue in layoffs(Fierce Finance IT) Layoffs used to be a rather cut-and-dried affair. Banks would round-up employees, maybe give them some time to gather up their personal belongings, and then escort them out. Or they might call a meeting to inform employees that they are being let go, and while they are meeting, have their belongings packed up for them and moved outside of the building
UK organisations fail to address social networking risk(Computer Weekly) Unguarded corporate social media accounts are leaving companies exposed to serious security breaches, a survey of more than 1,000 senior UK executives has revealed. Most respondents (87%) said they use social media strategies to enhance their business, but 45% said they had experienced a security scare as a direct result in the past year, according to the survey by OnePoll on behalf of KPMG. Security scares ranged from a complaint campaign that affected the companys operations or reputation, to a leak of company sensitive information from an internal source
China Most Threatening Cyberspace Force, US, Panel Says(Businessweek) The commission in March released a report by Northrop Grumman Corp. (NOC) that concluded China's cyber capabilities are advanced enough to disrupt U.S. military operations during a conflict over Taiwan. The draft report cites the Northrop Grumman study
Beyond Stuxnet: Preparing for Internet Armageddon(Computer World) Could sophisticated denial of service attacks against American telecommunications carriers and ISPs, perhaps backed by the resources of a hostile foreign power, take down the Internet in the U.S? During an interview for this week's Computerworld cover story (After Stuxnet: The new rules of cyberwar), AT&T chief security officer Ed Amoroso said it hasn't happened yet, but "we need to be prepared" for the possiblity that segments of the Internet backbone could be overwhelmed. The threat is growing in both scale and sophistication. Where AT&T had two people dealing with occasional distributed denial of service (DDoS) attacks a few years ago it now has upwards of 60 full-time staff fighting off a continuous onslaught, Amoroso says
What to watch out For on Election Day(Internet Storm Center) Today (Tuesday) is election day in the US. Many voters have already cast their ballot via absentee and early voting, but the vast majority will vote today. Like any major event, this is likely going to be used and abused in some way online. Here are some of the network security related issues to watch out for
Security Researchers Warn New Jersey's Emergency Email Voting Could Be An Insecure, Illegal Nightmare(Forbes) New Jerseys decision to allow voters stranded by superstorm Sandy to vote by email in Tuesdays election may be an innovative experimental response to a badly-timed natural disaster. But security researchers are warning that the unprecedented move could leave another more political storm in its wake. Over the weekend, New Jerseys lieutenant governor Kim Guadagno announced that voters in some Sandy-hit sections of the state could apply by email for a ballot, fill it out at home, scan it, and email it to voting officials, a measure designed to accommodate voters stranded by storm damage and unable to reach polling places
Security Patches, Mitigations, and Software Updates
Mozilla Adding More Stringent HTTPS Enforcement to Firefox(Threatpost) Firefox BetaMozilla is adding an extra layer of security in its Firefox browser by implementing HTTP Strict Transport Security (HSTS), a mechanism that will force some sites into establishing a secure, HTTPS connection with the browser if its presented with the right certificate
Sophos products and Tavis Ormandy(Naked Security) As a security company, keeping customers safe is Sophos's primary responsibility. As a result, Sophos experts investigate all vulnerability reports and implement the best course of action in the tightest time period possible. Recently, researcher Tavis Ormandy contacted Sophos about an examination he had done of Sophos's anti-virus product, identifying a number of issues
Cyberheists A Helluva Wake-up Call to Small Biz(KrebsonSecurity) The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the companys coffers in an overnight heist on May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers
Gartner says EMEA IT spending will grow(Help Net Security) IT spending in Europe, the Middle East and Africa (EMEA) will reach $1.154 trillion in 2013, a 1.4 percent increase from 2012 projected spending of $1.138 trillion, according to Gartne
Pentagon Arms Buyer Sees Deal By Congress To Delay Spending Cuts(Reuters) The Pentagon's top arms buyer on Monday said he expected U.S. lawmakers to agree in coming weeks to delay implementation of an additional $500 billion in automatic defense spending cuts that are due to start taking effect in January. Undersecretary Frank Kendall said the Defense Department had begun early planning for the process known as sequestration, which would cut the military's budget by an extra $50 billion a year, on top of over $50 billion in annual cuts already on the books
Made in Canada not a perfect solution to secure new email system, cyber spook says(Montreal Gazette) No matter where the pieces of a new federal email system is built or developed, any commercial product will come with vulnerabilities that could allow hackers to find a way into the governments systems, Canadas top cyber spies say. High-ranking officials in the Communications Security Establishment, the governments ultra-secretive cyber-security agency, told a Senate committee Monday that it will help evaluate every piece of hardware that will go into the governments new email system. The department responsible for the system, Shared Services Canada, has already invoked national security provisions for the purchase of the system that will service more than 40 of the governments heaviest IT-dependent departments
Dunbar to launch division to armor websites against cyber criminals(Baltimore Sun) Hunt Valley company ventures into cybersecurity for banks, retailers. Dunbar Armored has been in the armored-car business for nearly 90 years. But the Hunt Valley-based company now is branching into a new way to protect banks' and businesses' money and valuables: cybersecurity
KEYW provites rise $236M in 3rd Q(CapitalGazette.com) Hanover cyber security firm KEYW Holding Corp.'s profits rose by $236 million in the third quarter of 2012 compared to the same time in 2011
Qualys Inc.: Qualys Announces Third Quarter 2012 Financial Results(4-Traders) Revenue Growth of 21% Year-Over-Year; GAAP EPS of $0.06, Non-GAAP EPS of $0.10; Cloud Platform Expansion Continues to Drive Growth. Qualys, Inc. (Nasdaq:QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced financial results for the quarter ended September 30, 2012. For the quarter, the Company reported revenues of $23.4 million
US banks walk away from struggling BlackBerry(Finextra) American banks are ditching planned BlackBerry apps as the Canadian brand's market share tumbles in the face of Apple's iPhone and Google's Android, according to Keynote Systems. Chase Bank comes out on top of the Keynote mobile banking scorecard, for its second consecutive win, ahead of Wells Fargo and Bank of America. BB&T has been crowned the winner for text banking, Wells Fargo for mobile Web, Chase for iPhone and BlackBerry apps and Bank of America for its Android app
SAP goes mobile(Fierce Mobile IT) Business management software giant SAP wants to leave the desktop and go mobile, according to Sanjay Poonen, who heads the company's mobile division. Poonen told Business Insider that his firm is focusing on mobile apps and cloud services in order to double the number of software users by 2015. As part of this mobility effort, SAP is revamping many of its enterprise apps to run on mobile devices
Profile: Matthew McCormack, DIA CISO(ExecutiveGov) He also advises the agency's director and chief information officer on information assurance and cybersecurity matters and supports the agency's responsibilities in this area as defined in national, defense and intelligence community policies
SAIC Names Tony Moraco, John Jumper CEOs for New Companies(Govconwire) As part of plans to separate into two independent publicly-traded companies, Science Applications International Corp. (NYSE: SAI) announced Monday an initial set of executive appointments for both firms. By the second half of fiscal year 2014, one company will focus on science and technology in the national security, health and engineering sectors while the other
Top tools for BYOD management(IT World) When we tested mobile device management (MDM) last year, the products were largely focused on asset management - provisioning, protecting and containing mobile devices
Standard Chartered Singapore embeds security tokens in cards(Finextra) Standard Chartered Bank's Singapore unit has unveiled a payment card featuring an embedded security token for online transactions. Earlier this year the Association of Banks in Singapore (ABS) outlined plans to start issuing online tokens with enhanced features such as "transaction signing" as part of an industry-wide security push. Standard Chartered says that it is first out the blocks, giving online and mobile banking customers the option to replace their existing credit, debit or ATM cards with the security-token one
How to make big data more useful, reliable and fast(GCN) Government IT managers are looking for tools that make it easier to identify meaningful patterns and statistical trends in far-flung data sets. At the same time, these tools must work well with other technologies in order to help analysts make decisions in real-time. Splunk, a firm that offers tools for collecting and analyzing machine data generated by back-end IT systems, is looking to address these concerns by bringing real-time operational intelligence to big data storage and batch processing
PHD Virtual unveils enterprise backup solutions(Help Net Security) PHD Virtual Technologies announced their solutions are well-suited for large enterprise environments as well as small businesses with growing data storage, backup and recovery needs
Protect web browsing sessions on iOS devices(Help Net Security) Quarri Technologies released Quarri Protect On Q (POQ) Mobile for iOS, a web information security solution that enables organizations to protect and control end-user web browsing sessions on iOS devic
New Facebook users will be educated on privacy(Help Net Security) Facebook has announced that when signing up for the social network, new users will be subjected to a more prominent and detailed education about privacy and information sharing
Android vs iOS vs BlackBerry: Which is the most secure holiday gift?(CSO) Which smartphone and tablet OS provide the best security? Steve Hunt and Neohapsis provide a guide for holiday gift-givers. As the holiday season approaches, smartphones and tablets are some of the most in-demand items for anyone with even a hint of gadget love in their DNA. Coverage of these exciting new tools is full of hype about new features (SIRI) and also new fears (Carrier IQ)
Crapware Lives On Windows 8(InformationWeek) Windows 8 is a clean slate in many ways. But one scourge that is not gone is crapware, a.k.a. bloatware, junkware, trialware, and stupid games that drag down the performance and experience of so many Windows PCs. We asked Acer, Toshiba, Dell, Samsung and Lenovo what they preload on their Windows 8 systems. Some PCs are cleaner than others. The surprise? A Microsoft store might be the best place to buy
Quarri Extends Mobile Web Browser Protection to iOS Devices(Virtual-Strategy) Quarri Technologies, a security software company that empowers organizations to keep their sensitive data secure, today announced the release of Quarri Protect On Q Mobile for iOS, the only web information security solution that enables organizations to protect and control end-user web browsing sessions on Apple iOS devices. Protect On Q (POQ) Mobile for iOS provides malware protection and prevents unauthorized copying and saving of information delivered via browsers on iOS smartphones and tablets to prevent confidential data from residing on end-user devices
Preventing Infrastructure From Becoming An Insider Attack(Dark Reading) Vulnerable technology supply chains have become a concern of security professionals and politicians alike, but a few steps could help minimize the possibility of attacks. From foreign-built routers and laptops to open-source software, vulnerable technology supply chains have become a concern of security professionals as well as government officials
NARUC on cyber sec, Part Two: maintaining vigilance(Intelligent Utility) Association's focus remains awareness, education. Yesterday we featured the first part of this two-part Q&A with Commissioner Terry Jarrett of the Missouri Public Service Commission, who also chairs the Committee on Critical Infrastructure at the National Association of Regulatory Utility Commissioners (NARUC). (See "NARUC on Cyber Sec: Maintaining Vigilance.") Jarrett answered questions on the role of his committee and NARUC in ongoing cyber security practices, as well as the critical role of training for regulators and their staff
Overcoming the 'Forgetting Curve': How to Improve Passwords(Security Sceptic) Colleague Lance Spitzner wrote an interesting post at Securing The Human titled, The Forgetting Curve - The Importance of Reinforcement. In the post, Lance discusses the Forgetting Curve research by Herman Ebbinghausin in 1885. Many of us have come into contact with this research, which postulates that humans tend to forget half of newly aquired knowledge in a matter of days if they don't make an effort to review what they'd been taught or presented
Passwords are the Weak Link in IT Security(CIO) (Passwords weren't the only fail in last summer's widely publicized "epic hack" of tech journalist Mat Honan -- Amazon, Apple and, to a lesser extent, Google and Honan himself share the blame. But passwords played a part in the perfect storm of user, service provider and technology failures that wiped out Honan's entire digital life. As he concluded in his account of the hack, "Password-based security mechanisms -- which can be cracked, reset and socially engineered -- no longer suffice in the era of cloud computing."The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant
When IT Becomes A One Man Show(InformationWeek) Investment firm Hearthstone laid off its IT team during the economic downturn. CTO Rob Meltz turned to cloud services and virtualization to keep the business running and growing
Scottish-based research to help tackle e-crime(hw.ac) Using quantum physics and tiny light particles to foil hackers and online criminals may sound like the stuff of Bond movies and sci-fi thrillers, but scientists have now successfully demonstrated how to protect finance, retail and other sectors from crippling e-crime. Physicists at Heriot-Watt University and University of Strathclyde have worked with tiny particles of light to create a new way of verifying electronic messages and transactions as authentic, helping address the huge cost of e-crime (205. 4 million in 2011/12 for the UK retail sector alone) and avoiding potentially catastrophic fraud, online hacking and theft of digital data
Imagine iPad, Mac Combined(InformationWeek) Apple's and Google's efforts at mobile devices treat them as a completely new and separate class of devices. Even before them, Microsoft did essentially the same thing with Windows Mobile. Yes, it used the name "Windows" and there were superficial similarities to the real Windows in the UI and the programming, but they didn't fool anybody. Microsoft's great, bold gamble with Windows 8 is that combining tablets and PCs into one class of devices is a winning approach that users will love. At this point we just don't know if consumers will buy in, but if they do, Apple has a big problem. Mac OS and iOS are vastly different beasts. They can't easily take the same approach
Can Technology Help Your Community(Peace Corps) The Peace Corps Innovation Challenge is a global collaboration to develop technology-based solutions to challenges faced by people in the developing world
Sandia Labs partner with Northrop Grumman, GE(R & D Magazine) The umbrella CRADAs, which enable Sandia and its partners to pursue multiple projects in a variety of categories, are with Northrop Grumman Information Systems and General Electric Global Research
Lawrence Livermore National Laboratory Wins 2012 National Cybersecurity Innovation Award(Sacramento Bee) The innovation: Combating cyber attacks through real-time sharing of a Master Block List (MBL). The Department of Energy's Lawrence Livermore National Laboratory (LLNL) has won a 2012 U.S. National Cybersecurity Innovation Award for proving that defenders can work together to improve security by combating advanced persistent threats through real-time sharing of reputation data in an operational Master Block List (MBL). Multiple Department of Energy labs and plants actively share block information through the MBL tool
After Stuxnet: The new rules of cyber war(InfoWorld) Michael Hayden, principal at security consultancy The Chertoff Group, was director of the National Security Agency, and then the CIA, during the years leading up to the event. "I have to be careful about this," he says, "but in a time of peace, someone
Cybersecurity: Obama vs. Romney(Bank Info Security) Regardless of who wins the U.S. presidential election, cybersecurity will be a top administration priority. What remains uncertain is how a President Romney would differ from a second-term President Obama on his approach to IT security over the next four years
7 Technologies That Will Make It Easier for the Next President to Hunt and Kill You(Wired Danger Room) Robotic assassination campaigns directed from the Oval Office. Cyber espionage programs launched at the president's behest. Surveillance on an industrial scale. The White House already has an incredible amount of power to monitor and take out individuals around the globe. But a new wave of technologies, just coming online, could give those powers a substantial upgrade. No matter who wins the election on Tuesday, the next president could have an unprecedented ability to monitor and end lives from the Oval Office
5 Election-Day Decisions That Will Impact Startups and the Web(Wired Business) There is more than the race for president that will impact business. We've identified three city and state measures, as well as two races for elected office whose outcomes are likely to affect startups, some very large tech companies and
UK government adopts IT open standards policy(Fierce Government IT) All U.K. national government departments and their agencies are now required to comply with open standards principles outlined in a Nov. 1 document from the Cabinet Office. The open standards policy promotes the use of interoperable information technology systems, data and document formats
New Jersey's ill-considered decsision to permit email voting(Fierce Government IT) In the face of turmoil caused by Hurricane Sandy, a decision by the New Jersey state government to permit those who have been displaced by the storm to submit their votes by email in the Nov. 6 election is a well-intentioned one
Attorney Adds Security Company, State IT Department to Data Breach Lawsuit(Threatpost) A former South Carolina lawmaker has added the data security firm Trustwave and the state's technology department to a lawsuit filed in the wake of a massive data breach at the state's Department of Revenue. The Associated Press reports attorney John Hawkins in an amendment claims Trustwave "violated and failed to comply with the duties imposed upon them to encrypt data and to expeditiously disclose the breach of security
Apple Vs Motorola Mobility: U.S. Judge Dismisses Apple Patent Licensing Lawsuit(TechCrunch) A judge in a U.S court has dismissed a case brought by Apple against Google-owned Motorola Mobility. Apple had complained Motorola was seeking excessive royalties for standards-essential patents. It's another small blow for Apple in its legal war against Android. The patents in question are among the 17,000 acquired by Google when it bought Motorola Mobility last year.
KAPO not to launch criminal proceedings into cyber attack case(Baltic Business News) KAPO has said before that it has identified the individuals who organized a cyber attack against Estonian government websites on October 12 and said that the key person was an underaged person from Vaike-Maarja. According to Harry Puusepp, press
EFF teaches how to file FOIA requests(Help Net Security) The Electronic Frontier Foundation (EFF) has announced a new project that should make it easier for interested parties to search for information the organization received following their Freedom of Information Act
U.S. banks not in position to spot reported flow of dirty money from China, sources say(Trust) There is little that U.S. banks can do to stem the torrent of corruption funds and other illicit money that is reportedly flowing out of China, sources told Compliance Complete. Because U.S. banks may clear related transactions but generally do not have customer relationships with the Chinese originators, "it's going to be awfully difficult for them to detect capital flight or the proceeds of corruption," said Peter Djinis, a former regulatory policy official with the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN)."There are more concrete steps you can take when you have a account relationship, because then all the due diligence steps that kick in for private banking would apply, including looking at the nature, amount and source of the funds and trying to identify if they are a politically exposed person," he said
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
TechExpo Cyber Security Careers(Columbia, Maryland, November 1, 2012) Profit from presentations by leading industry figures and networking opportunities designed for serious job-seekers.
Anatomy of an Attack(New York, New York, November 15, 2012) Join Sophos security experts in exploring how threats like malware, Trojans, worms and spyware actually work and what you can do to protect your company, even if you're on a tight budget.
ZeroNights(Moscow, Russia, November 19 - 20, 2012) ZeroNights is an international conference dedicated to the technical side of information security. The mission of the conference is to disseminate information about new attack methods, threats and defense...
Digital Security Summit(Riyadh, Saudi Arabia, December 1 - 2, 2012) A major conference to discuss the growing threat to digital security in the Middle East, especially in Saudi Arabia.
Passwords^12(, January 1, 1970) Passwords^12 is a 3-day conference only about passwords & PIN codes. With an "all-star" cast of speakers, including Joan Daemen (AES/SHA3), Jens Steube (alias "atom", hashcat author), Colin Percival (CSO...
CIO Cloud Summit 2012(, January 1, 1970) The CIO Cloud Summit will help C-level executives better understand the true capabilities of cloud computing and the transformational opportunities it can bring.
BayThreat(Sunnyvale, California, December 7 - 8, 2012) The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle.
e-Crime Congress 2013(London, England, March 12 - 13, 2013) The e-Crime Congress is designed to meet the needs of key stakeholders and decision makers who are responsible for designing and coordinating information security and risk management strategy, safeguarding...
The Future of Cyber Security 2013(London, England, UK, March 21, 2013) Cyber Security and the Citizen 2013 is a one-day conference and exhibition for senior decision-makers of central and local government organisations, NGOs and major private sector enterprises.
25th Annual FIRST Conference(Bangkok, Thailand, June 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.