skip navigation

More signal. Less noise.

Daily briefing.

Anonymous delivers its promised pro-Palestine OpIsrael attacks. This campaign had some impact on its targets (at least insofar as it prompted restrictive security measures on several Israeli government sites) but whether it's "successful" remains to be seen: as usual, Anonymous hacktivists count specious coup by re-posting data grabbed in earlier, often unrelated, exploits.

South Korea detects a cyber espionage attempt by the North: defense secrets were sought. Some low-grade cyber vandalism defaces an Indian university's sites with Pakistani nationalist bric-a-brac.

Securelist publishes a post mortem of Syria's most recent Internet outage. While the March disruption was attributed to cut fiber-optic cable (cause unclear), the event gives analysts an opportunity to review Syrian malware samples and trends.

Unknown hackers exploit a cross-site scripting vulnerability in a yet-to-be named video sharing site to commit a denial-of-service attack. Incapsula thinks the unusual browser-based exploit is a proof-of-concept preparing for a much larger attack yet to come.

Android remains under attack. Security experts report targeted phishing campaign, "growth-hacking" spam in social apps, and an SMS Trojan designed to raid digital wallets.

German police find 18M stolen or abused sets of login credentials.

Patch Tuesday will feature four Microsoft bulletins; it also represents, of course, Windows XP's valediction.

Chinese acquisitions of US tech firms trend upward; US Government scrutiny rises with them.

Brazil and Germany protest US surveillance. The US "tries candor" to effect a cyber rapprochement with China. Observers wonder why President Obama thinks he needs Congressional authority to curtail mass telephony data collection.

Notes.

Today's issue includes events affecting China, European Union, Germany, India, Israel, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Pakistan, Palestinian Territories, Syria, United States..

The CyberWire's coverage of ITSEF 2014 begins with tomorrow's issue. See the Events section below for information on the conference.

Cyber Attacks, Threats, and Vulnerabilities

Government Websites Disabled by Cyber Attack (Arutz Sheva) Israeli government Websites, including those of the Ministry of Education and the Airports Authority were disabled at various times, Monday morning, as part of a hacking attack by the "Anonymous" group. People who tried to enter the sites received error messages

OpIsrael: Anonymous Hackers Target Websites of Israeli Banks and Government (Softpedia) Today, April 7, hacktivists from several countries have launched a new campaign against Israel. Hundreds of websites have been targeted in the pro-Palestine campaign dubbed Operation Israel (OpIsrael)

Hackers Threaten Cyber-Attack Against Israel (Arutz Sheva) 'We will not stop until Palestine is freed,' hackers warn. But how serious is the threat?

S Korea detects suspected N Korea hacking attempt (Channel News Asia) South Korea detected a suspected North Korean hacking attempt Thursday to steal military data by using a journalist's notebook computer, defence ministry officials said

Hackers deface AU website (Times of India) Students of Andhra University logged onto the varsity's website … on Saturday only to be greeted by a black and green page screaming 'Pakistan Zindabad' along with a Pakistani flag and names of prominent Pakistani personalities like M A Jinnah, Dr A Q Khan, Shahid Afridi and Javed Miandad, among others

Garfield Garfield True, or the story behind Syrian Malware, .NET Trojans and Social Engineering (SecureList) It's been a while since the last massive Internet outage took down Syria's backbone network (AS29386). More recently, however, Syria suffered yet another large-scale Internet black out that lasted for about seven hours. In contrast to previous incidents, where networking routes began to disappear gradually from border routing devices, this time a cut off fiber optic cable was deemed responsible for leaving most of the country off-line

XSS flaw in popular video-sharing site enabled DDoS attack through visitors' browsers (IT World) Attackers exploited the vulnerability to hijack 22,000 browsers and launch a large-scale DDoS attack, researchers from Incapsula said

Researchers Uncover Interesting Browser-Based Botnet (Threatpost) Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users' browsers in order to flood the site with traffic

Smart malware campaign attacks only Android (ZDNet) A recent email campaign contains links that send most users to a conventional spam site, but Android users get Android malware

Android social apps slated for sending 'growth hacking' spam (CSO) Mobile security firm AdaptiveMobile has named and shamed a clutch of popular Android apps it believes have been using the 'growth hacking' technique to spam large volumes of invitations to the contacts database of installed users

SMS Trojan goes after digital wallets (Help Net Security) Not satisfied with the money earned via mobile Trojans sending out text messages to premium numbers, cyber crooks have begun adding other money-stealing functionalities to the malware. Kaspersky Lab experts have recently spotted and analyzed an SMS Trojan for Android devices that is currently mostly targeting Russian users, and which along with the premium SMS-sending also attempts to steal money by emptying the victims' QIWI digital wallet

German police finds 18M stolen and misused account logins (Help Net Security) Police in northwestern German city of Verden have discovered a collection of 18 million stolen email addresses and corresponding passwords that are being actively used to send out spam, compromise social networks' accounts and event to occasionally plunder the victims' banking accounts

Credit Cards for 1.2 Million Drivers Vulnerable at TxTag.org (David Longenecker) It's been a bad couple of weeks for transportation authorities in the two biggest US states. On March 22, Brian Krebs broke the story of a wide-ranging credit card breach at the California DMV. That breach apparently involved credit cards used at the CA DMV's online web site over a 6 month period from August 2013 to January 2014. Today I discovered a serious flaw at TxTag.org, the Texas Department of Transportation's toll road account management and payment system. This flaw exposes personal information for the (as of December 31) 1.2 million drivers with active TxTags, including names, full mailing addresses, email addresses, phone numbers, and credit card numbers with expiration date

Kansas State Assessments Hit by DDoS Attacks (eSecurity Planet) 'We don't know if it was two bored teenagers or an anti-testing attack,' Center for Education Testing and Evaluation co-director Marianne Perie says

LewisGale Regional Health System Suffers Insider Breach (eSecurity Planet) An employee of LewisGale's billing service accessed 40 patients' names, Social Security numbers, home addresses and health insurance information

Computer Theft Exposes 2,394 Texas Children's Personal Data (eSecurity Planet) Names, addresses, birthdates, Social Security numbers, Medicaid numbers, photos and/or health information may have been accessed

Can You Spot The Fake SWIFT Transaction Document? (Digital Dao) We've been working our way through almost 1GB of documents that were part of the Russian Industrial Investment Fund leak last month by Russian Cyber Command (@Rucyborg on Twitter)

Security flaws could give hackers control of power plants and oil rigs (ITProPortal) Power plants, oil rigs and refineries could be at risk from hackers, new research shows, as there are vital bugs in their software that could allow an outsider to gain remote access. Around the world about 7,600 plants are using the vulnerable software that could allow an attacker with the "lowest skill in hacking" to exploit them. The software, named Centum CS 3000, was first released to run on Windows 98 and is used to monitor and control the heavy machinery in many of the globe's large industrial installations

Gov't contractor Klas Telecom responds to getting hacked by NullCrew (ZDNet) A skirmish erupted last week when hacking group NullCrew successfully broke into tactical communications company Klas Telecom. The global government contractor had an interesting response to its attackers

Security Patches, Mitigations, and Software Updates

Microsoft to release only four bulletins on Tuesday (Help Net Security) The Microsoft April security release is almost upon us with security updates scheduled to deploy on Tuesday, April 8th. This day will go down in history as a major milestone for Windows XP and Office 2003 since it will be the last day these products will be supported

Patch Tuesday for April 2014 — it's Goodbye, Farewell and Amen for Windows XP (Naked Security) The date's been in our diaries since 2007. But even with seven years to prepare for it, you'll be forgiven for approaching this month's Microsoft Patch Tuesday with a bit of a lump in your throat

WIndows XP End-of-Life Breeding Equal Parts FUD, Legit Concerns (Threatpost) For those of you anticipating the start of a Walking Dead-style malware apocalypse next Tuesday, calm yourselves

IE 12 to Support HSTS Encryption Protocol (Threatpost) Microsoft confirmed today it will support HTTPS Strict Transport Protocol (HSTS) in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol

Cyber Trends

Emerging trends in cyber-attack methodology (Help Net Security) Websense documented the latest shift in complex attack trends, evolution in the threat ecosystem and shifting motivation of cyber-attacks. "Cybercriminals continue to evolve their attack planning and execution to stay ahead of most existing security measures," said Charles Renert, vice president of security research for Websense. "While the determined, persistent attackers continue to have success in advanced, strategic attacks using zero-day exploits and advanced malware, there has also been a boom in cybercriminal activity on a massive scale. Even these more 'common' forms of attack are easily slipping past organizations without real-time defenses"

Cybercriminals use legitimate sites to launch attacks: Websense (ARN) Report finds 85 per cent of malicious links in web or email attacks on legitimate websites

Exploit Kits and Redirection Anchor the Data Theft 'Kill Chain' (InfoSecurity Magazine) There is a growing global criminal-infrastructure-as-a-service economy being perpetrated through exploit kits and compromised website redirection chains — with billions of attacks adding to cybercriminals' sophistication and ability to evade detection. According to the latest Websense Security Labs 2014 Threat Report, the infrastructure of an attack campaign is now typically constantly developed, enhanced and reused throughout the entire threat lifecycle

Security is Not a Commodity — Breaking Out of Security Paralysis (SecurityWeek) Security is in the midst of a renaissance in most organizations. High profile breaches and lost intellectual property have made cybersecurity top of mind from the boardroom to the practitioner, and everywhere in between. However there is a very big difference between talking about security and actually becoming more secure. In fact, there is an unsettling tendency for organizations to invest considerable time and money in security solutions that don't take action at the critical moment of an attack. For instance, a recent post-mortem of the Target breach showed that the security team had advanced tools that identified the malware used to steal credit card data, but the information and alerts were not acted upon

Marketplace

Security acquisitions: Palo Alto buys Cyvera; Trustwave buys Cenzic (TechTarget) March 2014 saw a pair of notable acquisitions in the information security market

GlobalFoundries rumoured to be sniffing around IBM's fabs (Bit-Tech Net) GlobalFoundries has been named as the strongest contender in a deal to purchase IBM's unwanted semiconductor fabrication facilities

How US surveillance efforts spiked interest in overseas cloud providers (FedScoop) Since summer, revelations about the scope of the National Security Agency's surveillance efforts have ignited debates about privacy and the government's boundaries when it comes to protecting citizens from terrorism and security concerns

Does nationality still matter in tech buys today? (ZDNet) It does apparently to the U.S. government, which reportedly will be scrutinizing Lenovo's move to buy IBM's server business to ensure it doesn't lead to a backdoor access to U.S. national secrets and infrastructure

Chinese Investment In U.S. Tech Booms Despite Cybersecurity Fears (Huffington Post) Chinese tech companies have splurged on major acquisitions of U.S. high tech firms in the first quarter of 2014, spending big bucks in pursuit of the markets, technology and talent found in the U.S., according to a report released Tuesday by the Asia Society and the Rhodium Group. But with cybersecurity questions driving a wedge in U.S.-China relations recently, the acquisitions are generating equal amounts of excitement and anxiety

Facebook doled out $1.5 million to researchers in 2013 for bug bounties (SC Magazine) Facebook awarded more than $1 million in bug bounty awards last year and received close to 15,000 submissions

DHS Prepares Overhaul of Internal Security Operations (Nextgov) The Homeland Security Department late Thursday announced future plans to overhaul an organization that defends DHS' own internal networks

Not dead yet: Dutch, British governments pay to keep Windows XP alive (Ars Technica) Governments pay Microsoft millions to continue support for "end of life" OS

Products, Services, and Solutions

Microsoft will block adware without easy uninstall (Computerworld) Company revises policies for classifying, detecting and handling adware programs in its security software

Google adds extra encryption for Gmail, but remains silent on other apps (FierceCIO:TechWatch) A couple of weeks ago, Google made an announcement that it has enabled end-to-end data encryption for messages handled by the company's Gmail service. This means that every email message that is sent and received is encrypted while moving internally, explained Nicolas Lidzborski, the engineer lead for Gmail Security

Allot Builds Gateway to SDN (Light Reading) At the behest of a large European mobile operator, deep packet inspection (DPI) specialist Allot has developed a new service gateway designed to help operators deliver new services as they transition to software-defined networking

DuckDuckGo: the plucky upstart taking on Google with secure searches (The Guardian) Gabriel Weinberg launched DuckDuckGo as a search engine that puts privacy first, rather than collecting data for advertisers and security agencies

A Complete Operating System Optimized For Anonymous Surfing (Gizmo's Freeware) If you want to use the internet while remaining completely anonymous, there are plenty of tools that you can use. Encrypted email programs, an operating system that never stores any files on your hard disk and which wipes all your RAM memory when you've finished, and a web browser that uses the Tor network of anonymizing proxies to ensure that your IP address is untraceable

Technologies, Techniques, and Standards

Why marketing principles can help a security awareness program succeed (TechTarget) Marketing is an ongoing communications exchange with customers in a way that educates, informs and builds a relationship over time. The "over time" part is important because only over time can trust be created

Twitter uses code refactoring to reduce risk and improve testing (TechTarget) Andrés Ornelas, Web DevOps lead at Twitter, decided to go a step beyond software testing. He took a peek underneath the covers of Twitter's code in order to manage the risks associated with defects, and ultimately, to simplify testing. He found that by developing better techniques for analyzing its code, it could also improve, reuse and reduce the costs of adding new features

Encryption: the key to online privacy (Deutsche Welle) As more details of systematic, global government surveillance come to light, maintaining online privacy appears increasingly difficult. But there are some steps that are still effective at protecting privacy

Tech Insight: Making Data Classification Work (Dark Reading) Data classification involves much more than simply buying a product and dropping it in place. Here are some dos and don'ts

Design and Innovation

Kaspersky's Real Time Cyber Threat Map Is One Part Cool, Two Parts Terrifying (Hot Hardware) Sometimes it's helpful to have a visual aid to better understand something, and with that in mind, security vendor Kaspersky Labs has launched an interactive cyber threat map that lets viewers see cyber security incidents as they occur around the world in real time. It includes malicious objects detected during on-access and on-demand scans, email and web antivirus detections, and objects identified by vulnerability and intrusion detection sub-systems. In other words, you have a front row seat to the attempted carnage that's constantly taking place on the web

One big reason we lack Internet competition: Starting an ISP is really hard (Ars Technica) Creating an ISP? You'll need millions of dollars, patience, and lots of lawyers

Research and Development

New "Unbreakable" Encryption Is Inspired By Your Insides (Gizmodo) A new form of encryption promising to be "highly resistant to conventional methods of attack" could make our digital lives more secure—and it's all inspired by the way our heart and lungs coordinate their rhythms by passing information between each other

Coupling Functions Enable Secure Communications (Physical Review X) Secure encryption is an essential feature of modern communications, but rapid progress in illicit decryption brings a continuing need for new schemes that are harder and harder to break. Inspired by the time-varying nature of the cardiorespiratory interaction, here we introduce a new class of secure communications that is highly resistant to conventional attacks. Unlike all earlier encryption procedures, this cipher makes use of the coupling functions between interacting dynamical systems

Cookies that give you away: Evaluating the surveillance implications of web tracking (Randomwalker (h/t Bruce Schneier)) We investigate the ability of a passive network observer to leverage third-party HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which emits a unique pseudonymous identifier, then the adversary can link visits to those pages from the same user (browser instance) even if the user's IP address varies. Using simulated browsing profiles, we cluster network traffic by transitively linking shared unique cookies and estimate that for typical users over 90% of web sites with embedded trackers are located in a single connected component. Furthermore, almost half of the most popular web pages will leak a logged-in user's real-world identity to an eavesdropper in unencrypted traffic. Together, these provide a novel method to link an identified individual to a large fraction of her entire web history. We discuss the privacy consequences of this attack and suggest mitigation strategies

Academia

DSU Offers New Doctoral Degree in Cyber Security Beginning Fall (University Herald) Dakota State University, well-known for its cyber security-related programs, is adding another program to its already strong cyber curriculum

Midshipmen to participate in NSA's Cyber Defense Exercise competition (Capital Gazette) A team of midshipmen will participate in the National Security Agency's annual Cyber Defense Exercise competition this week at the Naval Academy

Anne Arundel Community College wants to train business pros on how to prevent cyber attacks (Baltimore Business Journal) Anne Arundel Community College is partnering with Hanover-based OPS Consulting to launch a new cyber training initiative aimed at educating businesses on how to handle cyber threats

Legislation, Policy, and Regulation

Germany's de Maiziere hits out at Washington over NSA (Deutsche Welle) German Interior Minister Thomas de Maiziere has strongly criticized the US over revelations about electronic surveillance by intelligence services. The minister complained that German questions have not been answered

Brazil's senate warns of country's 'vulnerability' to spying (Reuters) A Brazilian senate inquiry on U.S. spying in the country found Brazil "unprepared" to deal with eavesdropping by foreign agents and proposes a new law to address its "profound vulnerability," according to a copy of a report obtained by Reuters

Developments in Iranian Cyber Warfare, 2013-2014 (Independent Media Review and Analysis) Over the course of 2013, Iran became one of the most active players in the international cyber arena. Iran's progress can be attributed to a combination of two elements: a certain easing of the restraints on offensive activity in cyberspace by Iranian decision makers, and a qualitative leap by the Iranian cyber warfare system. The rapid development of Iran's cyber warfare capability means that Israel and other Western countries must work decisively and systematically to maintain qualitative and operational superiority in cyberspace

U.S., Japanese officials to hold cybersecurity talks next week (Inside Cybersecurity) The United States will host the next U.S.-Japan Cyber Dialogue at the director-general level on April 10. State Department Coordinator for Cyber Issues Christopher Painter and Ambassador Jun Shimmi, deputy director-general of Japan's foreign policy bureau, will lead the talks, a State Department spokesman told Inside Cybersecurity

U.S. Tries Candor to Assure China on Cyberattacks (New York Times) In the months before Defense Secretary Chuck Hagel's arrival in Beijing on Monday, the Obama administration quietly held an extraordinary briefing for the Chinese military leadership on a subject officials have rarely discussed in public: the Pentagon's emerging doctrine for defending against cyberattacks against the United States — and for using its cybertechnology against adversaries, including the Chinese

Watching the watchmen (Daily News) The problem isn't the NSA. It's the people giving them authority

If President Obama wanted the NSA to quit storing phone metadata, he'd act now (Ars Technica) Obama's pen, not Congress, could stop NSA bulk telephone metadata collection immediately

US agency that created "Cuban Twitter" faces political firestorm (Ars Technica) Senator calls the subversion project "dumb, dumb, dumb"

Firms that breach data rules may be fined up to €100m (Irish Times) A resolution of the European Parliament last month saw MEPs call for an end to blanket mass surveillance activities by the US National Security Agency. The resolution was made in the context of a report and recommendations by MEPs aimed at increasing EU citizens' privacy through EU-wide data protection rules. MEPs want to see firms that breach these new rules fined up to €100 million, or up to 5 per cent of their annual worldwide turnover

Businesses face rising political pressure from data breaches (CSO) FTC encourages Congress to pass national breach notification legislation, among other efforts

Is it time to make cyber jobs a national priority? (Nextgov) With research showing a vast shortage of skilled talent to fill cybersecurity jobs, it may be time for the United States to make cybersecurity a national imperative in much the same way it did with aerospace technology, nuclear science and biotechnology

Litigation, Investigation, and Law Enforcement

Government breaches at all-time high, press blunder under-reports by millions (ZDNet) This is one of those articles that spoils your faith in mankind. Not only are government security incidents fully into holy-cow territory, the press is reporting numbers three magnitudes too low because someone misread a chart and everyone else copied that report

One Chart Shows Why You Shouldn't Trust the Feds With your Data (Nextgov) We reported in January about the spike in government data breaches that has compromised the personal information of federal employees and citizens

Hayden: Pollard Release Would Signal Willingness to Negotiate on Snowden (National Review) The intelligence community would see the release of Israeli spy Jonathan Pollard as a signal of the administration's willingness grant clemency to National Security Agency leaker Edward Snowden, according to former NSA and CIA director Michael Hayden. "They would believe that this kind of behavior could actually be politically negotiated away, and that would be a very disturbing message for the people who provide America with intelligence," he told Fox News' Chris Wallace on Sunday

Hayden suggests Feinstein too 'emotional' about CIA interrogation techniques (Washington Post) Former CIA and National Security Agency director Michael Hayden suggested Sunday that Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) might have compromised the objectivity of a report on CIA interrogation techniques because she personally wants to change them

Experian in hot seat after exposing millions of social security numbers (Ars Technica) Did Experian subsidiary play fast and loose with Americans' data? Regulators from several states are investigating a data breach from a subsidiary of the credit-tracking behemoth Experian

Neiman Marcus Data Breach Said Work of Russians Who Eluded U.S. (Bloomberg BusinessWeek) Hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. belong to a sophisticated Russian syndicate that has stolen more than 160 million credit-card numbers from retailers over seven years, according to people with knowledge of the matter

Italy slaps Google with $1.4m fine over Street View privacy concerns (ITProPortal) Google has paid a fine of 1 million euros to Italy's Data Protection Authority (DPA) to settle complaints that the Street View cars used to record mapping images in the country four years ago were not distinctly marked

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security...

2014 GovCon Cyber Summit (McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...

2014 GovCon Cyber Summit (McLean, Virginia, USA, April 9, 2014) The U.S. Computer Emergency Readiness Team (US-CERT) noted that last year federal networks saw a substantial increase in hacking incidents, with 48,000 attacks reported by agencies. In recognition of this...

2014 Computer Security Day (Eugene, Oregon, USA, April 11, 2014) The Fourth Computer Security Day at the University of Oregon will feature a slate of distinguished speakers from academia, industry, and government, discussing current challenges and future opportunities...

Women in Cyber­security Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring.

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

cybergamut Technical Tuesday: Malware Reverse Engineering (Columbia, Maryland, USA, May 6, 2014) An introduction to the tools, workflows, and tricks of the trade to attack sophisticated malware by Dale Robson of CyberPoint. Industry standard cyber security products do a good job in blocking and defending...

STEM Café (Geneva, Illinois, USA, May 6, 2014) At the next STEM Café, Raimund Ege, associate professor in NIU's Department of Computer Science, will lead a lively discussion on how computer crime affects our everyday lives and what we can do to protect...

Kirtland AFB - Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA) - Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force...

Kirtland AFB — Cyber Security Seminar & Information Technology Expo (Albuquerque, New Mexico, USA, May 7, 2014) Join FBC and the Armed Forces Communications & Electronics Association (AFCEA)-Albuquerque Chapter for the Cyber Security Seminar & Information Technology Expo set to take place at Kirtland Air Force Base.

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.