skip navigation

More signal. Less noise.

Daily briefing.

SophosLabs finds a new PlugX malware variant directed against a fresh target: the Japanese word processor Ichitaro. TrustWave uncovers a very large "trove" of credentials—Facebook, Twitter, Google, Yahoo, LinkedIn—as it rummages the Pony botnet.

Banking Trojan Neverquest is identified (by Symantec) as an evolved version of the Snifula family. And ZeuS is now routinely packaged as an anti-virus update.

Visual basic scripting malware, formerly found mostly in targeted attacks, is now spreading widely through Latin America.

Windows XP exploits grow as the obsolescent OS nears the end of its supported life. Some of them are now circumventing sandboxes in unpatched versions of Adobe Reader. The Chinese government wants Microsoft to rethink its decision to stop support of XP, but few think this likely to happen.

The InfoSec Institute offers some advice on coping with CryptoLocker ransomware.

Healthcare.gov continues to draw tepid security reviews. The private sector has its own issues in the form of the iPharmacy Drug Guide & Pill ID app, said to be unpleasantly leaky with personal information.

Bitcoin crooks remain on the cyber-lam.

Sure, it's a stunt, but SkyJack's drone-hacking offers food for thought about hacker R&D.

Webroot's redoubtable Mr. Danchev notes another way in which criminal markets ape legitimate ones—celebrity endorsements: a dodgy Russian VPN service touts itself as "recommended by Edward Snowden."

The US and UK continue to seek a cyber-security modus vivendi with China.

Speaking of Snowden, the Guardian says it has lots more stuff to reveal, and promises it's "shocking."

Notes.

Today's issue includes events affecting Australia, China, Estonia, France, India, Indonesia, Israel, Japan, Lebanon, New Zealand, United Arab Emirates, United Kingdom, United States..

Dateline SINET Innovation Showcase

The 2013 SINET 16 Innovators have been announced (SINET) SINET has selected the top 16 entrepreneurs from 115 entries to share emerging Cybersecurity solutions at SINET Showcase

Cyber Attacks, Threats, and Vulnerabilities

From the Labs: New PlugX malware variant takes aim at Japan (Naked Security) SophosLabs Principal Researcher Gabor Szappanos takes on a recent PlugX malware sample. He finds a curious mixture of similarities and differences with earlier versions - and a brand new target group: users of the Japanese-language word processor Ichitaro

Almost 2 million stolen passwords uncovered in cybercrime haul (Graham Cluley) Security researchers at Trustwave have uncovered a stash of almost two million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo, LinkedIn and many other sites

Look What I Found: Moar Pony! (TrustWave SpiderLabs Anterior) In our last episode of "Look What I Found" we talked about a fairly large instance of the Pony Botnet Controller

Dangerous New Banking Trojan Neverquest Is an Evolution of an Older Threat (Symantec Connect) There has been recent media coverage around a new online banking Trojan, publicly known as Neverquest. Once Neverquest infects a computer, the malware can modify content on banking websites opened in certain Internet browsers and can inject rogue forms into these sites

ZeuS — now packed as an antivirus update (Securelist) Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers. The messages we detected used the product and service names belonging to Kaspersky Lab, McAfee, ESET NOD32 and many others

Adobe Sandbox Circumvented By Windows XP Zero–Day (Tripwire State of Security) Researchers have determined that a zero-day vulnerability in Windows XP and Windows Server 2003 is being actively exploited in the wild in order to bypass the sandbox in unpatched versions of Adobe Reader

VBS Malware Spreading in Latin America (TrendLabs Security Intelligence Blog) During the past few months, we've been observing increases in the number of systems infected by VBS (visual basic scripting) malware, specifically VBS_SOSYOS, VBS_JENXCUS and VBS_DUNIHI. Most of these systems were found in Latin America, a region typically targeted by the Banker/Bancos Trojan

Cybercriminals increasingly using compromised digital certificates to camouflage malware (FierceITSecurity) Cybercriminals are increasingly employing compromised digital certificates to camouflage malware, warns McAfee Labs' third quarter security report

A taste of the horrible things to come for Windows XP (BGR) Windows XP is now more than 12 years old but according to data from Net Applications, it is still used on more than 31% of desktop and laptop computers around the world. Those tens of millions of PC users could be in for a very rude awakening next year once Microsoft cuts off support for the aged operating system

Beijing leans on Microsoft to maintain Windows XP support (The Register) Come on, we've only just ditched our pirated copies

Tips to avoid being bit by CryptoLocker (and what to do if you are) (CSO) InfoSec Institute's Kim Crawley details CryptoLocker, the latest in scareware, and offer suggestions for avoiding infection

Expert: Healthcare.gov Security Risks Even Worse After 'Fix' (Washington Free Beacon) Obamacare website more vulnerable to security breaches

Mobile Threat Monday: Android App Leaks Your Medical Info Online (PC Mag) We trust medical practitioners to give us good advice, and to keep the deeply personal information about our health and our ailments secure. But the iPharmacy Drug Guide & Pill ID app is playing fast and loose with your personal info

Thieves Covering Tracks Following $100M Bitcoin Heist (Threatpost) As if Bitcoin malware and Bitcoin mining malware weren't enough to worry about, there was more trouble for the users of the digital crypto-currency last week as 96,000 Bitcoins disappeared from the Sheep Marketplace exchange

Flying hacker contraption hunts other drones, turns them into zombies (Ars Technica) Ever wanted your own botnet of flying drones? SkyJack can help

Cyber–security puzzle: Who is sending Internet traffic on long, strange trips? (Christian Science Monitor via Yahoo! News) The Internet traffic of governments and financial companies is being quietly and momentarily diverted to overseas locations, cyber-security experts say. Who is doing it and why are mysteries

Cybercrime–friendly VPN service provider pitches itself as being 'recommended by Edward Snowden' (Webroot Threat Blog) We've recently spotted a multi–hop Russian cybercrime–friendly VPN service provider — ad featured not syndicated at a well known cybercrime–friendly community — that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it's pitching itself as being recommended by ex–NSA contractor Edward Snowden

The 12 scams of Christmas (CSO) McAfee has released its "12 Scams of Christmas" list, warning shoppers of this season's biggest threats

Anonymous factions threaten cyber–war on one another over anti–NSA hacks (CyberWarZone) Hackers affiliated with the Anonymous Australia collective have posted a video warning their counterparts in Indonesia that if they do not stop infiltrating private Aussie web sites the two factions could engage in an all-out cyber-war

Security Patches, Mitigations, and Software Updates

Ubuntu 12.04 LTS Receives Major Kernel Update (Softpedia) Once again, Canonical does a good job at protecting its supported Ubuntu Linux distributions by releasing security updates from time to time. On December 3, Ubuntu 12.04 LTS received a major kernel upgrade that fixed twelve vulnerabilities discovered in the upstream Linux 3.2 kernel by various developers

Botched Outlook 2013 patches KB 2837618 and KB 2837643 break Out Of Office reply, Free/Busy, and more (InfoWorld) Installing KB 2837618 has caused a slew of problems, and adding KB 2837643 to the mix makes it impossible to fix them through a simple uninstall

VMware Patches Lgtosync.sys Privilege Escalation in Workstation, Fusion, ESX and ESXi (Softpedia) Certain versions of VMware's Workstation, Fusion, ESX and ESXi products are impacted by a vulnerability in the Lgtosync.sys driver that could be leveraged for privilege escalation on older Windows-based guest operating systems

Important Security Fixes Included in Ruby on Rails 4.0.2 and 3.2.16 (Softpedia) Versions 3.2.16 and 4.0.2 of Ruby on Rails have been released to address a number of important security issues. Users are advised to update their installations as soon as possible

Cyber Trends

What Would Nostradamus Have Said About Cyber Security in 2014? (SecurityWeek) It's that time of year again when everyone wants to wow you with their insights and predictions about what the next year will bring us in terms of technology and hacks in the security industry. Don't get me wrong, always thinking ahead and applying a predictive approach to security is an idea and practice I fully endorse. However, I would like to ask the security community as a whole to please not waste our time with vagaries and statements that are so broad that they could apply to anything, and/or at the same time, nothing

Banks Must Not Take The Internet For Granted (TechWeek Europe) Banks and other bodies can be hit badly if their Internet service fails, warns Stephen Bonner

Lost forever — 60% of users in the UAE could not fully restore data damaged by malware (Mid-East.Info Via Acquire Media NewsEdge) When malware strikes, the impact on data can be disastrous. And to make matters worse, there's no guarantee of getting that valuable information back

Over 80% of employees use unauthorized apps at work (Help Net Security) More than 80 percent of employees admit to using non-approved SaaS applications in their jobs, say the results of a McAfee survey. But what's even more interesting is that IT employees use a higher number of non-approved SaaS applications than other company employees

SMBs in A/NZ are continually vulnerable to cyber attacks: Check Point (ComputerWorld) Over the last 12 months, Check Point Software Technologies A/NZ engineering director, Geoff Prentis, has seen security threats "expand greatly" with a particular focus on SMBs

Businesses Suffer An Average Of 9 Targeted Attacks Per Year (Dark Reading) New study reveals breadth—and apparent success—of the typical advanced persistent threat (APT)–type attack

Reported Data Breaches Double in New Zealand (Security Current) Data breach notifications in New Zealand more than doubled in the year ending June 30, 2013 climbing to 107, New Zealand's Office of the Privacy Commissioner stated in its annual report last week. Three quarters of the breaches originated in the public sector

Could Google and the NSA Make Whistleblowers Disappear? (The Nation) There will be no need to kill a future Edward Snowden. He will already be dead

Is Cyber War Around the Corner? Collective Cyber Defense in the Near Future (Brookings) Information technologies and infrastructure—from satellites orbiting the earth to the smart phones in our hands, from undersea cables to wireless networks all around us, and from the global banking system to household appliances—play an increasingly indispensable role in daily life. At the same time, threats to cyber security are becoming both more numerous and more serious

The Network Security Implications of the Internet of Things (Information Security Buzz) The Internet of Things (IoT) has been weaving itself into the fabric of everyday life for some time now, including everything from connected cars to smart home applications, such as lighting and security systems, smart grids, smart meters and more

Worm may create an Internet of Harmful Things, says Symantec (Take note, Amazon) (ComputerWorld) Security researches are gradually raising warnings that the Internet of Things will increase, by multitudes, the number of things that can be hacked and attacked

Snowden, Cyber–espionage, hacktivism and Bitcoins cause security headaches (ARN) Kaspersky labs reveals security incidents that shaped 2013

Marketplace

US firms and the continuing battle against Chinese cyberespionage (FierceITSecurity) In this Editor's Corner, I want to take a deeper dive into the 2013 annual report from the U.S.-China Economic and Security Review Commission, particularly the threat posed by Chinese cyberespionage to U.S. firms

NSA spying scandal accelerating China's push to favor local tech vendors (InfoWorld) Revelations about U.S. secret surveillance have put a strain on the China business of Cisco and Qualcomm, the companies say

How to Build U.S.–China Cyber–Trust (Bank Info Security) A 2010 survey of IT security experts stunned many by naming the United States, not China, as the most feared nation in cyberspace

Wanted: One developer / sysadmin / masochist (ITWorld) Penny Arcade gets points for honesty in their recent job posting, but not much else

Snowden picked up hacking skills in India (ZDNet) NSA whistleblower Edward Snowden spent a week in New Delhi, training in advanced ethical hacking, where he earned his certification as an EC-Council Certified Security Analyst

A post–mortem of the Nirvanix shutdown (FierceCIO: TechWatch) You must know about cloud storage provider Nirvanix abruptly announcing that it was closing shop, leaving customers with just weeks to find a new provider and move their data off its cloud storage service. As we wrote at that time, this is all the more shocking as the company has collected some $70 million in funding since its launch in 2007, and has been touted as having "excellent" product viability by Gartner

Raytheon to Build Army Electronic Warfare Planning, Management Tool (GovConWire) Raytheon logoRaytheon (NYSE: RTN) has won a potential five-year, $97,850,000 contract to design and build a tool for the U.S. Army to plan and manage electronic warfare

Michael Fraser Joins Artel as Business Development, Strategy VP (GovConWire) Michael Fraser, formerly an executive vice president at satellite communications vendor iDirect Government Technologies, has joined SATCOM contractor Artel as vice president of strategy and business development

Rebecca Garcia Named Camber Corp. Business Development VP (GovConWire) Rebecca Garcia, who most recently served as director of SAS Federal's national security group, has been appointed vice president of business development at Camber Corp., GovCon Wire has learned

BlackBerry's Latest Letter Points To The Enterprise Escape Road (Forbes) BlackBerry's interim CEO John Chen has followed in the steps of previous incumbent Thorsten Heins by writing an open letter (available via the Blackberry For Business Blog), reassuring their Enterprise customers of an ongoing commitment to the BlackBerry infrastructure and their activities in the mobile enterprise management department

Pentagon Disconnects iPhone, Android Security Service, Forcing A Return To Blackberry For Some (Nextgov) Some military members who were working off Apple and Android-based smartphones and tablets now must return to using older model BlackBerrys because of a security service switchover, according to an email obtained by Nextgov and confirmed by Pentagon officials

Apple Purchases Data Analytics Firm With Access to Full Twitter Stream (Reason) Apple has acquired a company with access to "the hose" – the nickname for Twitter's stream of 500 million tweets per day

Products, Services, and Solutions

Happtique tests, certifies inaugural class of mHealth apps (FierceMobileHealthcare) New York-based mobile healthcare provider Happtique announced that it has certified 19 health and medical apps submitted by developers through its Health App Certification Program (HACP), in what the company calls a "first-of-its-kind program to test app privacy, security, and content"

Symantec to pull the plug on Backup Exec.cloud service (FierceCIO: TechWatch) Symantec plans to close down its Backup Exec.cloud service, and has informed its resellers to stop providing annual subscriptions to the service by January 6

New Blancco vCloud Eraser Securely Removes Virtual Server Data from VMware Platforms (Virtual-Strategy Magazine) Working seamlessly with VMware vCloud Director, Blancco software adds extra dimension to cloud security

Votiro Launches Free Cloud–Based File Sanitization Service (Sacramento Bee) New service neutralizes cyber–threats attached to suspicious files

Camber Corporation proves its mettle in the field of Cyber Defense (Sacramento Bee) Using their CENTS®, SLAM-R®, CYNTRS®, RGI®, and HOTSIM® tools, Camber Corporation provides real-time cyber training via scenarios that train and prepare responders to fight cyber-crimes and network attacks resulting in comprehensive network defense

Lookingglass Expands Threat Intelligence Capabilities (Dark Reading) Unveils new version of ScoutVision

Securonix Announces Access Scanner (Dark Reading) Scanner automatically identifies and helps remove high-risk access in critical business applications and systems

Stonesoft And Tufin Deliver Integrated Security Management Capabilities Enhancing Situational Awareness And Network Automation (Dark Reading) Companies announce completion of first phase of the integration of their management interfaces

Technologies, Techniques, and Standards

For a PCI–compliant database, implement database security controls (SearchSecurity) What are the most commonly accepted database security controls used to comply with PCI DSS? I'm concerned that since there is some subjectivity involved, our assessor won't be OK with our choices

Launch code for US nukes was 00000000 for 20 years (Ars Technica) PALs were not the pals of Strategic Command generals

Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES (The Register) Botnet decap should be a team effort — ex–detective infosec bod

The fundamentals of Google Hacking (Security Affairs) Rafael Souza (CISOof hackers online club) introduces the fundamentals of Google Hacking

The art of disrespecting AV (and other old-school controls) (Hexacorn) commenting about antivirus solutions

How the NSA Could Be Breaking SSL (Threatpost) How is the NSA beating or breaking SSL? Cryptographer Matthew Green lays out a number of possibilities

Research and Development

Picture This: Leveraging Big Data to Bolster Social Image Search (Wired) Hidden within each photo is a wealth of information about the objects, people, settings, and environment in which the photo was taken

Legislation, Policy, and Regulation

UK proposes formal talks on cyber security with China (ComputerWeekly) Prime minister David Cameron has called on China to be more open about cyber security, proposing formal talks on the "issue of mutual concern"

David Cameron challenges China over cyber spying (The Telegraph) PM makes clear concerns about cyber spying on Government and British companies during talks with Li Keqiang, the Chinese premier

Estonia, U.S. sign cyber security deal (Baltic Times) Estonian Foreign Minister Urmas Paet and US Secretary of State John Kerry have signed a major Cyber partnership statement on Dec. 3

MPs ask MI5 boss to justify claim that NSA leaks endangered national security (The Guardian) Keith Vaz, chairman of home affairs select committee, says spy chief Andrew Parker has been summoned to give evidence

Govt must come clean on spying — Labour (Stuff) Prime Minister John Key must tell the public if US spies are conducting mass surveillance on New Zealanders, Labour says

Lebanon Claims: Israel Launched a 'Cyberwar' Against Us (Arutz Sheva) Lebanese parliamentary committee claims Israeli spying devices have infiltrated UNIFIL and army networks

Carmakers grilled over hacking (Stuff) A US senator has asked 20 of the world's biggest automakers for information on how they secure their vehicles from cyber attacks, in light of reports by security experts who say they have identified ways to hack into cars

NSA, Security Issues Forced Out of Defense Debate (Roll Call) The uproar over domestic surveillance and national security issues may die down to a whimper in the Senate this year

Some NSA Opponents Want to 'Nullify' Surveillance With State Law (US News and World Report) Activists say legislation can cut water, kill snooping at Utah Data Center

Clinton Says NSA Spying Revelations Harmed U.S. Ties With Allies (Bloomberg) Former President Bill Clinton said allegations that the National Security Agency spied on world leaders have damaged relations with U.S. allies and show the need for stricter rules on intelligence gathering

India will ask the US government for help in spying on its citizens (Quartz) When you need help with a difficult problem, it's always wise to turn to an expert. Maybe that's why India's home ministry is planning to ask the United States for assistance in decrypting communications over Skype, BlackBerry, WeChat, and other services

Litigation, Investigation, and Law Enforcement

Google, Bing, Yahoo Ordered by French Court to Block Video Streaming Sites (Search Engine Watch) Typically, Google gets pirated content sites out of the search index when companies file a DMCA — numerous pirate sites have already been removed from the index due to webmaster guideline violations. However, a group of some companies, distributors and producers in France took Google and other search engines to court in order to see the search engines remove a group of pirate sites from the index permanently

China Exclusive: China detains Bitcoin fraud suspects (Xinhua via Global Post) Chinese police have detained three people who allegedly operated an online Bitcoin trading platform, shut it down unexpectedly, and vanished with investors' assets

Guardian Newspaper Staff May Face Charges For Assisting Terrorists (Huffington Post) British police are examining whether Guardian newspaper staff should be investigated for terrorism offences over their handling of data leaked by Edward Snowden, Britain's senior counter-terrorism officer said on Tuesday

Editor Describes Pressure After Leaks by Snowden (New York Times) The top editor of the British newspaper The Guardian told Parliament on Tuesday that since it obtained documents on government surveillance from a former National Security Agency contractor, Edward J. Snowden, it has met with government agencies in Britain and the United States more than 100 times and has been subjected to measures "designed to intimidate"

Espionnage : les documents à venir de Snowden vont «choquer» (Libération) Glenn Greenwald, qui s'est notamment fait connaître en publiant des révélations sur l'espionnage émanant de l'agence de sécurité américaine, a confié à «Télérama» ses projets

The Guardian has WAY MORE Snowden stuff left to leak (Daily Caller) Guardian editor Alan Rusbridger told Parliament Tuesday that the UK-based newspaper has only released one percent of the documents leaked by former National Security Agency contractor Edward Snowden

Army Investigates China Spy Incident…That Involves No Secrets (Foreign Policy) No secrets were spilled. And all of the documents in question are publicly available. But the U.S. Army has nonetheless launched an internal review of its administrative practices after members of a Chinese military delegation began asking for U.S. government manuals a bit too aggressively during a September visit to an American base

This Is the MIT Surveillance Video That Undid Aaron Swartz (Wired) The door to the network closet pops open and a slender figure enters, a bicycle helmet hanging from one arm. He sheds his backpack and pulls out a cardboard box containing a small hard drive, then kneels out of frame

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybertech — Cyber Security Conference and Exhibition (Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible...

The 2014 Cyber Security Summit (New York) (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives...

Operationalize Threat Intelligence (Webinar, December 4, 2013) Security teams are overloaded with threat feeds. It doesn't end with third party providers. It includes alerts, logs, and tips from their own security and IT solutions. We need help transforming this data...

Cloud Security Alliance Congress 2013 (Orlando, Florida, USA, December 4 - 5, 2013) The CSA Congress is the industry's premier gathering for IT security professionals and executives who must further educate themselves on the rapidly evolving subject of cloud security. In addition to offering...

SINET Showcase: THE SINET 16 (Washington, DC, USA, December 4 - 5, 2013) The SINET Showcase is supported by the Department of Homeland Security, Science & Technology Directorate and provides a significant opportunity for industry's most innovative global entrepreneurs to present...

Strengthening the NIST Cyber Framework Against Advanced Threats (Washington, DC, USA, December 5, 2013) NIST's Cybersecurity Framework has tremendous value for risk management and defines best practices to block known threats. This discussion will share intelligence about campaigns by sophisticated cyber...

The 8th International Conference for Internet Technology and Secured Transactions (London, England, UK, December 9 - 12, 2013) The 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013) is an international refereed conference dedicated to the advancement of the theory and practical implementation...

World Congress on Internet Security (London, England, UK, December 9 - 12, 2013) The WorldCIS-2013 is an international forum dedicated to the advancement of the theory and practical implementation of security on the Internet and Computer Networks. The inability to properly secure the...

ACSAC 2013 (New Orleans, Louisiana, USA, December 9 - 13, 2013) The Annual Computer Security Applications Conference (ACSAC) is an internationally recognized forum where practitioners, researchers, and developers in information and system security meet to learn and...

Cylance Talk: Risk Does Not Equal Threat (Arlington, Virginia, USA, December 10, 2013) Attacks, malware and careless users may trigger alarm bells, but that does not mean your business is in danger. Compliance and risk management requirements, while necessary, result in additional work,...

cybergamut Tech Tuesday: Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques (Columbia, Maryland, USA, December 10, 2013) Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction...

2013 ASE International Conference on Cyber Security (Orlando, Florida, USA, December 10 - 15, 2013) The annual ASE Cyber Security Conference is a leading international forum for cyber security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange...

ACG® New York Cyber Security Investor Conference (New York, New York, December 11, 2013) The ACG New York Cyber Security conference will feature experts in Cyber Security that will enable you to understand the opportunities for investment in a number of areas that constitutes Cyber Security.

Cyber Defense Initiative 2013 (Washington, DC, USA, December 12 - 19, 2013) NetWars Tournament runs over an intense two- to three-day period, at a conference or hosted onsite. Many enterprises, government agencies, and military bases are using NetWars OnSites to help identify...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.