It looked too effective for hacktivists, and it now seems the ongoing cyber campaign against South Korea is the work of the DarkSeoul gang (h/t Symantec). The PinkStats downloader and a new disk wiper have also been found in these attacks.
Hacktivists (or provocateurs) remain active as "Antileaks" hits Russia Today's site to protest Wikileaks. (Expect continuing hacktivist fraternal and sororal strife.) RedHack attacks Turkish government sites (and claims they've erased citizen debt). Islamist hacktivism rises in the Maghreb and Sahel, with effects felt in Africa, South Asia, Europe, and North America.
When malware becomes widely available, it evolves and spreads. It's happening with the venerable Citadel Trojan now—formerly targeting banks, it's now seen in exploits against e-commerce site users, like Amazon customers. Expect similar transformation and repurposing of Carberp. Note, too, that a commodity version of Zeus source code is also out.
Thefts of a laptop in Tennessee and backup tape in Iowa compromise personal information.
Cisco, Facebook, and Ruby all patch vulnerabilities.
The PRISM affair continues to induce people to mull the nature of privacy, and the "I-have-nothing-to-hide" school of thought appears to be losing this war of ideas. General Alexander responds to Guardian PRISM reporting with an account of how NSA did in fact work to safeguard privacy. Russia beats the UK with a diplomatic stick crafted from GCHQ surveillance allegations. The architect of China's Great Firewall retires amid surprising obloquy.
Retired General Cartwright is formally notified he's the target of an investigation into Stuxnet leaks.
Today's issue includes events affecting Algeria, Brazil, China, Ecuador, France, Germany, Iceland, India, Republic of Korea, Mauritania, Nigeria, Russia, South Africa, Spain, Turkey, United Kingdom, United States..
Cyber Attacks, Threats, and Vulnerabilities
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War(Symantec) Yesterday, June 25, the Korean peninsula observed a series of cyberattacks coinciding with the 63rd anniversary of the start of the Korean War. While multiple attacks were conducted by multiple perpetrators, one of the distributed denial-of-service (DDoS) attacks observed yesterday against South Korean government websites can be directly linked to the DarkSeoul gang and Trojan.Castov
Symantec links South Korean cyber attacks to DarkSeoul gang(Computer Business Review) A gang called the 'Dark Seoul Gang' is said to be behind the cyber attacks on South Korea four years ago, which coincided with the 63rd anniversary of Korean War, according to research conducted by US security software maker Symantec. North Korea was
New Disk Wiper Found in Korean Attacks(Symantec) Yesterday, Symantec published details about a new distributed denial-of-service (DDoS) attack carried out by a gang dubbed "DarkSeoul" against South Korean websites. We identified their previous attacks against South Korea, including the devastating Jokra attacks in March 2013 that wiped numerous computer hard drives at South Korean banks and television broadcasters. As a result of our continued investigations into attacks against South Korea, we have come across a new threat—detected as Trojan.Korhigh—that attempts to perform a similar wiping action
Anti-Wikileaks Hackers Claim Credit for DDoS Attack Against 'Russia Today'(Legal Insurrection) If you happened to read my prior post, you're aware by now that today was Day One in the Trial of Accused Wikileaker Bradley Manning. One of the sites that has been reporting on the trial and the ongoing protests by supporters of Bradley Manning is Russia Today. The site has long offered coverage that is, shall we say, favorable to Manning and Wikileaks
New Breed of Banking Malware Hijacks Text Messages(Cyberwarzone) Out of band authentication communicating with a customer outside of his mobile banking app to verify his identity or a specific transaction is a generally respected means of deflecting mobile banking fraud
Self-propagating ZeuS-based source code/binaries offered for sale(Webroot Threat Blog) Like every ecosystem, the cybercrime ecosystem has its own set of market disrupting forces whose applicability and relevance truly shape the big picture at the end of the day. For years, cybercriminals have been porting, localizing (MPack/IcePack, FirePack) and further contributing to the the development of malware/crimeware/Web malware exploitation kits, either through direct cooperation with the original author of a particular release, or on the basis of leaked or commercially available source code
Fake Invoice Notification Malspam Uses Dropbox Link To Spread Malware(Trend Micro Threat Encyclopedia) The team received a mail sample recently, with the body of the mail written in Portuguese. Upon analysis, we discovered that the mail's FROM headers does not contain the same email domains and seems to be randomly generated. The mail's content talks about an issued invoice, and then goes on to ask the reader to click the link provided in the mail. The link, once clicked, would direct users to a legitimate dropbox link. The files that customer would download after clicking the link are far from legitimate, instead being malware which is detected by Trend Micro as TROJ_BANLOAD.IMO
Data-slurping Facebook Graph Search flaw revealed(Help Desk Security) A mobile developer has discovered what he claims is a security vulnerability in the Facebook Graph Search that allowed him to automate the compilation of a list of some 2.5 million phone numbers
Opera got pw0n3d: But did you get pw0n3d too?(Internet Storm Center) Opera recently suffered a compromisse to one of the servers it uses to distribute software updates. You probably read about the fact, that as part of this compromisse an expired certificate was used to sign malicious software. This software was then distributed using Opera's update servers. Users checking for updates during the time the malicious software was live automatically downloaded and installed the software using Opera's automatic update feature
Spyware Hides Behind Stolen Opera Digital Certificate(TrendLabs Security Intelligence Blog) Opera recently disclosed that attackers compromised their network and stole at least one expired Opera code signing certificate. The attackers then used this certificate to sign their malware, which tricked the target system and (even) security software into thinking that the file was legitimate
Citadel Trojan variant delivers localized content, targets Amazon customers(Threatpost) With builders for the Citadel Trojan freely available on any number of underground criminal forums, it's no surprise to see some legs left in the malware despite a takedown of more than 1,400 Citadel botnets less than a month ago by U.S. law enforcement and Microsoft. A new variant has popped up in the last few weeks targeting not only banks and financial institutions, but social networks and ecommerce websites such as Amazon
One-click/key attack forces IE and Chrome to execute malicious code(Ars Technica) Minimal user interaction increases chances that social engineering will succeed. A researcher says he has uncovered a security weakness that can easily trick people into executing malicious code when they use the Microsoft Internet Explorer and Google Chrome browsers to visit booby-trapped websites
Foundations Recovery Network Admits Security Breach(eSecurity Planet) Patients' names, birthdates, addresses, phone numbers, Social Security numbers and medical information may have been exposed. Tennessee's Foundations Recovery Network (FRN) recently began notifying patients that a company laptop was stolen from an employee's home during a buglary in the early morning hours of June 15, 2013
Sextortion Warning: Masking Tape Time For Webcams(InformationWeek) New worries for the always-connected crowd: Attackers may remotely activate your webcam -- without tripping the warning light -- and remotely record your every activity, public and private. Is it time to invest in some masking tape? For years, malware known as remote-access tools (RATs) have included the ability to surreptitiously activate microphones and webcams -- dubbed "camjacking" -- amongst other nefarious activities, such as sucking up all of your bank account details
Apache Santuario XML Security For C++ Heap Overflow(Packet Storm) The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Apache Santuario XML Security for C++ library versions prior to 1.7.2 are affected
Apple of discord(SecureList) As Apple's popularity grows, so does the desire among fraudsters to make money from the people who own the company's devices. The cybercriminals are aiming to steal Apple ID data which provides access to users' personal information stored in iCloud (e.g., photographs, contacts, documents, email, etc.) as well as to the purchases made in the company's iTunes Store. Many malicious users go further and try to the steal bank card details used to pay for those purchases
Security Patches, Mitigations, and Software Updates
SMS Account Hijack Exploit Fixed by Facebook(Threatpost) A vulnerability existed in Facebook that an attacker could have exploited via SMS in order to take complete control of any mobile-linked account on the world's largest social network
OpenSSL Man-in-the-Middle Flaw Fixed in Ruby(Threatpost) The maintainers of Ruby have fixed a serious flaw in its SSL client that could have allowed an attacker to conduct man-in-the-middle attacks by spoofing an SSL server
We All Have Secrets(Forbes) Here is a chilling thought regarding the wholesale surveillance that much of the world has only recently discovered they are subject to. What happens to the legal underpinnings of commerce: trust and the expectation of confidentiality in communication
Technology and the death of privacy(Help Net Security) After the PRISM scandal broke, there were a lot of those who said "So what? I have nothing to hide", but I am convinced that they didn't do a lot of thinking before saying it
Researchers: Health IT creates its own 'reality'(FierceHealthIT) Electronic records create a third "reality" in healthcare--one beyond the patient's physical reality and the clinician's understanding of the issues and treatment--and yet another way to miscommunicate, according to a new study
Navy awards NGEN to incumbent HP Enterprise Services(FierceGovernmentIT) The Navy Department announced June 27 it awarded a $3.45 billion, 5 year contract to incumbent HP Enterprise Services for its Next Generation Enterprise Network information and communications technology contract
Entrepreneurs need not apply: Companies shun the self employed(Quartz) In this economy, some unlucky workers are getting snubbed—twice. Recession prompted millions of laid off workers and new graduates to jump into self-employment—some with enthusiasm and others with reluctance because they couldn't find anything better. Now, according to new research, it seems they aren't wanted back
Bruce Schneier joins EFF; stays with BT(Infosecurity Magazine) Schneier, author of Applied Cryptography, Secrets and Lies and other books, founder of Counterpane (now BT Managed Security Solutions), and designer of the Blowfish and Twofish encryption algorithms, has joined the board of EFF
Lockheed Wins SBA Partnership Award(GovConExecutive) Lockheed Martin has won an award from the U.S. Small Business Administration to acknowledge the company's partnerships with small businesses, which Lockheed invested $6.4 billion in last year
Logicube® Sets a New Standard in Digital Forensics with Forensic Falcon(ForensicFocus) Logicube Inc., has announced the launch of a new forensic imaging solution, the Forensic Falcon. This new addition features imaging speeds of 20GB/min, images and verifies from 4 source drives to 5 destination drives and allows users to image to and from a network location. A unique feature of the Falcon is "Parallel Imaging" which allows the user to simultaneously perform two imaging tasks form the same source drive to multiple destinations using different imaging formats
Nuix Launches Two New Investigation Products(ForensicFocus) Nuix has launched two new products: a Nuix Investigator bundle and Nuix Investigator Lab. Both incorporate Nuix's powerful, reliable data collection, processing and investigation capabilities and are available at heavily reduced pricing for law enforcement and government investigative agencies in North America, the United Kingdom and the EMEA region
DFLabs Announces the Availability of Ptk 3.0 Computer Forensic Software(ForensicFocus) DFLabs, a leading provider of IT GRC and Digital Data Breach Investigations technologies and services, today announced the release of v3.0 of DFLabs PTK Computer Forensic software. PTK Forensics is an advanced computer forensic framework based on command line tools from the OS forensic market space to which many new software modules were added. Thanks to this approach, users can investigate a system much easier, without spending huge money for less affordable software
Preview of Mobile Support on Magnet Forensics' Internet Evidence Finder™ (Ief)(ForensicFocus) Over the past year we have been asked many times if we would consider adding support for recovery of Internet related artifacts on mobile devices. After a great deal of research and development, we are pleased to announce that IEF will soon have support for recovering artifacts from mobile images/file system dumps
Nuix and cellebrite announce technology partnership(ForensicFocus) Nuix, a worldwide provider of information management technologies, and Cellebrite, a global provider of mobile data extraction, decoding and analysis solutions, announced they have formed a technology partnership to leverage their complementary strengths in mobile forensics, investigation and eDiscovery. The alliance will enable forensic investigators, law enforcement, military and intelligence analysts and eDiscovery practitioners to efficiently incorporate forensically sound mobile device data into investigations and legal discovery procedures
Accessdata introduces Forensic Toolkit (Ftk) 5(ForensicFocus) With this major release, AccessData brings an even faster and more comprehensive FTK capable of exposing more data in less time. FTK 5 includes data visualization and explicit image detection (EID) out of the box. These two critical investigative capabilities give FTK users a great advantage, compared to tackling these tasks with other products
Bitdefender Internet Security 2014 (v17)(PC Advisor) New features this time start with what Bitdefender are calling their Photon technology, which they claim is "an innovative antivirus technology that accelerates scanning speed by gradually adapting to your PC". The suite now includes the Wallet, a
Getting Real About Real-Time Security(SecurityWeek) I recently wrote in this space about the rise of the phrase "continuous monitoring" and the confusion it causes. In a nutshell, federal organizations, facing FISMA mandates, have very clear guidance on the meaning of the phrase. What they mean by it makes a ton of sense, but doesn't match what many people outside the Beltway think of first when they hear the term
FireEye: Malware attribution not key in cybercrime fight(ZDNet) The industry places too much emphasis on finding out the source of cyberattacks, which does little to improve the state of security. Instead resources should be invested in security innovation around mobile, social media and cloud
Email, Privacy, Strong Cryptography and the NSA Whistleblower(SYS-Con) Encryption is a broad term. Not all email encryption and methods of use are the same, in terms of privacy. There has been quite a buzz around the power of the alleged NSA eavesdropping considering the insights that the NSA Whistleblower, Edward Snowden, presented to the American public
Malware attackers leave behind digital clues(Infosecurity Magazine) Just as the science of fingerprints, DNA, and fiber analysis have become invaluable in criminal forensics, connecting the dots of an advanced cyber-attack can help identify even the most sophisticated threat actors – if researchers know what to look for
Parenting in the Information Age: A Practical Guide(Infosecurity Magazine) Research conducted in Hong Kong shows that blocking websites is no substitute for hands-on digital parenting. Former Hong Kong government CIO, Jeremy Godfrey, says governments should assist parents and teachers in getting up to speed, so they can help children have a positive and safe online experience
Design and Innovation
How the Rest of Us Can Build the Internet of Things(Wired) Ayla Networks isn't going after the cream of Silicon Valley with its cloud-based platform to connect everything from dog bowls to light switches to the internet. Instead, it is after everyone else
Marc Andreessen: Beijing Should Be Another Silicon Valley, But…(TechCrunch) Marc Andreessen, the Netscape co-founder and namesake behind venture capital firm Andreessen Horowitz, said that he's skeptical that efforts globally to recreate the Silicon Valley ecosystem will succeed. Even the most promising city and rival to the U.S.'s Silicon Valley, Beijing, faces lots of potential complications because laws around contracts aren't as straightforward as
The most hated man on China's internet shouldn't expect any "get well soon" emails(Quartz) Most of the world has never heard of Fang Binxing, but the creator of the Great Firewall of China is all too familiar to Chinese internet users—and they really hate the guy. So when Fang, currently the president of Beijing University of Posts and Telecommunication, announced during the university's graduation ceremony that he was resigning, the reaction was brutally unkind
Legislation, Policy, and Regulation
Army restricts access to The Guardian in the wake of NSA leaks(Ars Technica) UK site blocked to prevent employees from accidentally accessing still-classified docs. On Thursday afternoon, The Monterey County Herald reported that the US Army was restricting access to the UK version of The Guardian's website. The Herald discovered yesterday that the site was blocked for military employees at the California-based Presidio of Monterey installation and confirmed today that the block was Army-wide
The U.S. Senate Wants to Control Malware Like It's a Missile(Foreign Policy) The Senate Armed Services Committee wants to get control of those pesky cyber weapons that are available for purchase by just about anyone by establishing an arms control regime along the lines of what's done for missiles, tanks, and fighter jets
How The NSA Is Still Harvesting Your Online Data(Business Insider Australia) A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011
Details Emerge On NSA's Now-Ended Internet Program(Wall Street Journal) Newly divulged documents confirm that the National Security Agency collected vast amounts of "metadata" about domestic Internet and email use, beginning under the Bush administration and continuing into the Obama presidency
Report: NSA collected U.S. email records, Internet use for years(CSO) The Bush White House authorized the NSA to collect US records following the 9/11 attacks, documents show. The U.S. National Security Agency collected the email and Internet use records of some U.S. residents for about a decade following the 9/11 terrorist attacks, according to documents published Thursday by the U.K. newspaper the Guardian
Surveillance Aided 54 Cases, NSA Says(Washington Post) Gen. Keith B. Alexander, the director of the National Security Agency, provided new details Thursday about the extent to which the government believes its sweeping surveillance powers have led to the disruption of terrorist plots or the arrest of suspects
Snowden Leaks Delay US Anti-Hacking Law Favored by Verizon(Businessweek) Legislation to give Verizon Communications Inc. (VZ) and Google Inc. (GOOG) legal protection for sharing cyber-attack information with the U.S. government has stalled after leaks about spy programs showed the companies are already turning over data
US defence chief rejects Chinese cyber snooping comparison(The Age) The top US military officer on Thursday dismissed comparisons of Chinese and American snooping in cyber space, saying all countries gathered intelligence on their potential adversaries but Beijing's problematic "niche" was intellectual property theft
Battle of the Clipper Chip(New York Times) On a sunny spring day in Mountain View, Calif., 50 angry activists are plotting against the United States Government. They may not look subversive sitting around a conference table dressed in T-shirts and jeans and eating burritos, but they are self-proclaimed saboteurs. They are the Cypherpunks, a loose confederation of computer hackers, hardware engineers and high-tech rabble-rousers
Official Describes Joint Information Environment Blueprint(Department of Defense) Ronnie D. Hawkins Jr. expressed confidence that DISA -- working with U.S. Cyber Command, the National Security Agency and the services -- can offer enhanced cyber and warfighter command and control capabilities with a single security architecture
US Defense Dept. Readies Elements Crucial To Cyber Operations(Eurasia Review) Hard work by the administration, the services and the leadership at U.S. Cyber Command is putting in place elements crucial to defending U.S. and allied interests in cyberspace, the deputy assistant secretary of defense for cyber policy said in a
Dempsey: China Doesn't Think Cyber Theft is Wrong(DefenseNews.com) Part of the work to bolster US capabilities has been the establishment of US Cyber Command (CYBERCOM) in 2010, a sub unified command under US Strategic Command (STRATCOM) led by Gen. Keith Alexander, who also leads the National Security
Pentagon Is Updating Conflict Rules In Cyberspace(New York Times) The Pentagon is updating its classified rules for warfare in cyberspace for the first time in seven years, an acknowledgment of the growing threat posed by computer-network attacks and the need for the United States to improve its defenses and increase the nimbleness of its response, the nation's top military officer said Thursday
US Army Reviews Rules of Engagement over Cyber Threat(SecurityWeek) The US military is reviewing its rules of engagement to deal with the growing threat of cyber crime, military chief Martin Dempsey said Thursday. Dempsey, the Chairman of the Joint Chiefs of Staff, the highest-ranking officer in the US military, said the review was in response to soaring cyber attacks
Four-Star General Is Targeted In Leak Probe(Washington Post) A retired four-star Marine Corps general who served as the nation's second-ranking military officer is a target of a Justice Department investigation into a leak of information about a covert U.S.-Israeli cyberattack on Iran's nuclear program, a senior Obama administration official said
Report: U.S. general under investigation for Stuxnet leak(CSO) Retired Marine Gen. James Cartwright was formerly a vice chairman of the Joint Chiefs of Staff. A former high-ranking U.S. military official is reportedly under investigation for leaking classified information related to the use of malicious software to disrupt Iran's uranium refinement program
Snowden has much more info, says Assange(Sydney Morning Herald) On June 12, Mr Snowden told the South China Morning Post that his position at the intelligence contractor Booz Allen Hamilton had granted him "access to lists of machines all over the world the NSA hacked". He revealed specific institutions in Hong Kong
SC dismisses PIL on US snooping(Hindustan Times) The Supreme Court on Thursday refused to entertain a PIL seeking direction to the government to initiate action against Internet companies involved in sharing Internet data from India with US' National Security Agency. The apex court said it cannot
Snowden: A tale of security lapses and other US errors(Chicago Tribune) Here are some key areas of concern that have emerged following the leaks by Snowden, who most recently worked as a contractor for the U.S. National Security Agency: 2011 BACKGROUND CHECK Snowden's 2011 background investigation, to renew his
The Criminal N.S.A.(New York Times) The twin revelations that telecom carriers have been secretly giving the National Security Agency information about Americans' phone calls, and that the N.S.A. has been capturing e-mail and other private communications from Internet companies as part of a secret program called Prism, have not enraged most Americans. Lulled, perhaps, by the Obama administration's claims that these "modest encroachments on privacy" were approved by Congress and by federal judges, public opinion quickly migrated from shock to "meh."
FSB illegally obtained the conversation from Facebook between Vrublevsky and Kurochkina(Cyberwarzone) During the hearing in Tushino court correspondence taken from Facebook was attached to criminal case materials. The text of this conversation that belongs to Pavel Vrublevsky who is accused in regard with the criminal case on DDoS-attack towards Aeroflot and witness Anastasia Kurochkina was obtained as a result of unauthorized special investigation activities. The court allowed only coulisse from technical communication channels that is official coulisse of documents where the protocol of coulisse had to be made. "However, experts from Information Security Center of FSB, ignoring the international conventions and agreements, illegally obtained necessary data using SIA. The above was reported in the letter to Tushino District Court of Moscow, having referred that such data can't be obtained legally" - stated lawyer Pavel Zaytsev
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
ShakaCon(Honolulu, Hawaii, USA, June 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better...
American Technology Awards Technology and Government Dinner(Washington, DC, USA, June 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology...
QUESTnet 2013 Conference(Gold Coast, Queensland, Australia, July 2 - 5, 2013) Queensland Education, Science and Technology Network (QUESTnet) is the Queensland regional component of the Australian Academic and Research Network (AARNet). The QUESTnet conference is an annual event...
Digital Forensics and Incident Response Summit(Austin, Texas, USA, July 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as...
London Summer 2013(London, England, UK, July 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The...
3rd Cybersecurity Framework for Critical Infrastructure Workshop(San Diego, California, USA, July 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations,...
cybergamut Technical Tuesday: Remote Digital Forensics(Columbia, Maryland, USA, July 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information...
Mobility Solutions for the Federal Market(Falls Church, Virginia, USA, July 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents.
2013 World Comp(Las Vegas, Nevada, USA, July 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields...
Black Hat 2013(Las Vegas, Nevada, USA, July 27 - August 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013(Reykjavik, Iceland, July 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.