skip navigation

More signal. Less noise.

Daily briefing.

The US Department of Homeland Security warns hackers are scanning networks looking for Heartbleed holes. The Department is also investigating rumors that Heartbleed has already been used to attack encrypted communications of industrial control systems (the rumors are, it is stressed, unconfirmed).

CloudFlare believed late last week there was reason to think that private keys would prove inaccessible through Heartbleed, and so sensibly set up a public challenge to test the hypothesis. They found, contrary to expectations, that private keys were indeed accessible, and that the vulnerability is thus more dangerous than feared. It's also proving difficult to patch, as fixes often turn out to have undesirable (and cascading) collateral effects.

Bloomberg reported late Friday that the US NSA knew about, and exploited, Heartbleed for some time before the vulnerability was discovered and disclosed by Codenomicon researchers. The Office of the Director of National Intelligence and the White House categorically deny the claim.

Germany's DLR aerospace research center has come under sustained, persistent cyber attack. There's no attribution yet, but Deutsche Welle reports the Chinese government is suspected.

Israeli cyber vigilantes seek to out hacktivists responsible for attacks on Israel's networks and Websites. (They claim most attacks come from Malaysia and Indonesia.)

Anonymous woofs "OpSafeEdu," in which the hacktivists will redress (by attacks on schools) the many ills schools inflict on students.

The US Administration announces that its policy is one of "bias toward [zero-day] disclosure" (absent a national-security reason to exploit such zero-days).

Nigeria opens a cyber-crime enforcement unit.

Notes.

Today's issue includes events affecting Algeria, Canada, China, Finland, Germany, Indonesia, Israel, Italy, Malaysia, Nigeria, Portugal, Saudi Arabia, Switzerland, United Kingdom, United States..

Cyber Attacks, Threats, and Vulnerabilities

U.S. government says hackers trying to exploit 'Heartbleed' bug (Reuters) The U.S. Government warned on Friday that hackers are attempting to exploit the 'Heartbleed' bug in targeted attacks by scanning networks to see if they are vulnerable

DHS alert: Heartbleed may have been used against industrial control systems (Christian Science Monitor) Specifically, there are unconfirmed reports that the Heartbleed cybervulnerability has been used to attack encrypted communications systems of these control systems. DHS is investigating

The Results of the CloudFlare Challenge (CloudFlare) Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit

Private keys may be inaccessible to Heartbleed (ZDNet) Research by CloudFlare indicates that Heartbleed can be used to obtain contents of server memory, but not private keys

Bloody Cert Certified (Dan Kaminsky's Blog) Oh, Information Disclosure vulnerabilities. Truly the Rodney Dangerfield of vulns, people never quite know what their impact is going to be. With Memory Corruption, we've basically accepted that a sufficiently skilled attacker always has enough degrees of freedom to at least unreliably achieve arbitrary code execution (and from there, by the way, to leak arbitrary information like private keys). With Information Disclosure, even the straight up finder of Heartbleed has his doubts

"Heartbleed" — would 2FA have helped? (Naked Security) You won't have missed the "Heartbleed" bug. Recent versions of OpenSSL — in fact, versions available for two years — have a buffer overflow vulnerability that can cause data leakage

Reverse Heartbleed Testing (Internet Storm Center) I wanted to know if the tools/software I execute regularly are vulnerable to scraping my system memory. Now the reverse heartbleed scenario is very possible, but the likelihood seems to be much more of a non-issue

Heartbleed Fixes Taking Longer as Websites Plug Gaps (Bloomberg) Websites afflicted by the Heartbleed security flaw are finding that it's taking longer than anticipated to recover from the fallout

Heartbleed Bug Shutters More Canadian Gov't Websites (SecurityWeek) Canada's government on Friday ordered all federal department websites vulnerable to the "Heartbleed" bug to be shut down

Heartbleed: What is the impact on health IT? (FierceHealthIT) When it comes to maintaining the safety of health information technology and patient data, encryption is almost always one of the first recommendations made by security experts

Before Heartbleed: Worst vulnerabilities ever? (ZDNet) There have been some pretty bad vulnerabilities before Heartbleed. Is it really any more severe than CodeRed or Blaster?

Germany's DLR research center reported to have come under cyber attack (Deutsche Welle) A major German research center is reported to have come under a sustained cyber attack for a period of months. There are indications that a foreign power may have been behind the attack

One year on: diplomatic fail as Chinese APT gangs get back to work (The Register) Mandiant says past 12 months shows Beijing won't call off its hackers

Israeli hackers track anti-Israel cyber-attack perpetrators (Haaretz) Attackers' names, countries of origin, usernames and passwords for various websites published by Israeli hacker team

Anonymous may be targeting educational institutions in 'OpSafeEdu' (SC Magazine) The Center for Internet Security (CIS) has issued an alert warning about the potential for an increase in attacks on educational institutions

(Pwn2Own) Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability (Zero-Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file

Advantech WebAccess DBVisitor.dll SQL Injection Remote Code Execution Vulnerability (Zero-Day Initiative) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability

A Cloud-Connected Car Is a Hackable Car, Worries Microsoft (IEEE Spectrum) Way back in the 1980s I watched my computer-geek friend manipulate the hot-rolling process of his client's steel mill in Cleveland in real time—from his home. I wondered whether millions of dollars and dozens of lives might be destroyed should this great power somehow fall into the wrong hands. "Yes," he explained. That's the difference between hacking a physical rather than a virtual entity

Bulletin (SB14-104) Vulnerability Summary for the Week of April 7, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information

Security Patches, Mitigations, and Software Updates

BlackBerry to release Heartbleed messaging security updates (The Guardian) BlackBerry said on Sunday it plans to release security updates for messaging software for Android and iOS devices by Friday, to address vulnerabilities in programs related to the "Heartbleed" security threat

Vendors address the Heartbleed bug (Help Net Security) Which products and services are affected by the Heartbleed bug in OpenSSL? Vendors have started issuing security advisories telling users which of their products are safe and which will have to be updates

Heartbleed bug: Checking websites and changing passwords (Help Net Security) In the wake of the discovery of the Heartbleed bug in OpenSSL, some security experts even went as far as advising users to avoid the Internet for a few days until the problem is sorted.

Cyber Trends

The effect of the Heartbleed bug on open source projects (Help Net Security) The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of worms

Three Questions for Eugene Kaspersky (MIT Technology Review) It's only a matter of time before more cyberweapons emerge, says the founder of the Moscow-based computer security firm Kaspersky

As companies grow, managing risks gets more complex (CSO) Davi Ottenhelmer says security is still an afterthought when it comes to Big Data. Size matters when it comes to security, according to Davi Ottenhelmer. Ottenhelmer, senior director of trust at EMC, titled his presentation at SOURCE Boston Wednesday, "Delivering Security at Big Data Scale," and began with the premise that, "as things get larger, a lot of our assumptions break"

HHS CISO on Healthcare Cybersecurity (HealthcareInfoSecurity) Kevin Charest Discusses Cyberdrill, Threats and HealthCare.gov. Many healthcare organizations need to improve their basic cybersecurity "blocking and tackling," and most also need to improve their willingness to share cyber-security information, says Kevin Charest, chief information security officer at the U.S. Department of Health and Human Services

Inadequate 'Internet of Things' Security Puts Our Lives at Risk (International Business Times) Even pacemakers and insulin pumps are now connected meaning failure to adequately test them could leave them vulnerable to cyber-attack. Security vulnerabilities in devices which we do not typically thing of as connected are often not fixed in some cases leaving users's lives at risk

The Internet of Things: An exploding security minefield (CSO) Duo Security duo tells SOURCE Boston audience that security is not even an afterthought for small IoT device entrepreneurs

Rogue IT Driven By Need For Speed (InformationWeek) We've lost control to business users before. But this time, the thing that initiated our pain (the cloud) may also be the cure

Advanced attackers go undetected for 229 days (Help Net Security) A new FireEye report details the tactics used by threat actors to compromise organizations and steal data. It also highlights emerging global threat actors, their suspected motives, as well as the types of targets and information they are after

Phishing cybercriminals find most success with midweek attacks (TweakTown) Phishing continues to be a major problem, with cybercriminals using social engineering with a large amount of success, according to Mandiant

The state of remote access security (Help Net Security) At the end of 2013, HOB conducted a survey of more than 200 CIOs and CTOs in the U.S. The survey quantified the trends and challenges IT decision makers experience when implementing remote access solutions and revealed that remote access solutions are still gaining momentum, despite the associated security risks

Most cloud services are putting businesses at risk (Help Net Security) A new Skyhigh Networks report analyzes usage data from more than one million users across more than 40 companies spanning the financial services, healthcare, high technology, manufacturing, media, and professional service industries to quantify the use of cloud services and the security risk that they pose to enterprises

Why collaboration is the only way to combat cyber threats (TechTarget) Cyber threats are now the most effective way to attack an organisation and the fact is that those with malicious intent are finding ever more sophisticated ways of carrying out their activities. According to the Bank of England's Financial Stability Report, 25% of banks perceive cyber attack as a major risk

Inside jobs — the security risks from the rise in temporary staff (TechTarget) One feature of recent economic times has been the rise in temporary staff. According to the Chartered Institute of Personnel and Development (CIPD), 29% of new recruits in the UK are employed on a temporary basis. Their numbers and their range of responsibilities are growing rapidly. While there are many sound management reasons for doing so, this is leaving companies vulnerable to a new kind of fraud — executive-level impersonation

Marketplace

It's not a fun week to work at OpenSSL (Ars Technica) A look at the volunteer organization whose project suffers Heartbleed

Federal Government Still Facing Cyber Brain Drain (Defense News) The US federal government is losing talent in cyber fields, and the problem is only going to get worse, according to one expert

Huawei Tries to Overcome 'Fear of Huawei' (EE times) For the past few years, Cisco Systems and other telecom hardware manufacturers have been successful at convincing American businesses, telecoms, and government agencies to stay away from Huawei and ZTE products for fear of industrial and communications espionage by Chinese organizations and authorities. So far the market share of Huawei products in the United States has dropped to a record low of 5%

IBM Squeezing Israel Cyber Guru as $584 Million Wiped Out (Bloomberg) Shlomo Kramer, the Israeli entrepreneur who made his name by co-founding the world's second-largest security networks maker, is seeing investor support vanish for his latest cyber venture

McAfee outlines its plan to secure the Internet of Things (ZDNet) The Intel Security subsidiary said that to ensure the foundation of IoT security, IP-connected devices must be designed with protection standards built into the devices, and not as an afterthought

Egnyte Ramps up In Europe to Meet Growing Market Demand; Opens Regional Headquarters, Increases Hiring and Expands Partner Network (MarketWatch) New activities leverage existing Amsterdam data center and Poland design office

Check Point Holds Top Spot in Worldwide Combined Firewall and UTM Appliance Market for Full Year 2013 According to Leading Market Research Firm (Yahoo! Finance) Check Point® Software Technologies Ltd. CHKP -1.26% , the worldwide leader in securing the Internet, today announced that the company held the number one vendor position in worldwide combined Firewall and UTM appliance revenue for the Full Year (FY) 2013(1) according to the latest IDC Tracker research data

DB Networks Honored as 'Hot Companies' Finalist (CIO Today) DB Networks, an innovator of behavioral analysis in database security, today announced that Network Products Guide, the industry's leading information security research and advisory guide, has named the DB Networks IDS-6300 as a finalist in the 9th Annual Hot Companies and Best Products Awards Program for the Security Hardware Awards category

ZeroFOX Wins 2014 CRTC Rising Star Award (PR.com) ZeroFOX, the Social Risk Management Company, named CRTC's breakout tech company for 2014

nPulse Technologies Named Finalist for CBIC 2014 Award (Broadway World) nPulse Technologies today announced that Charlottesville Business Innovation Council (CBIC) has named the company's Capture Probe eXtreme (CPX) 4.0 appliance as a finalist for the annual CBIC awards. CPX 4.0, an ultrafast, multi-petabyte traffic recording and analysis platform for security operations centers (SOCs), is competing in the Breakthrough Category, which recognizes a remarkable breakthrough or a quantum advance in a currently existing solution

ManTech's FBI Enterprise Security Operations Center Customer Wins Prestigious NSA Frank B. Rowlett Award for Information Assurance Excellence (MarketWatch) ManTech International Corporation's customer, the Federal Bureau of Investigation (FBI) Enterprise Security Operations Center (ESOC), was awarded the Frank B. Rowlett Award by the National Security Agency (NSA) in recognition of the ESOC's outstanding organizational and individual excellence in the field of information systems security

Former Palo Alto Networks Executive Joins DB Networks Board (MarketWatch) IT security industry veteran Larry Link Brings unique understanding of the next-generation security challenges facing today's enterprises

Products, Services, and Solutions

APT Management Software provides real-time visibility (Thomasnet) Available on WatchGard UTM and NGFW appliances, APT Blocker v11.9 delivers real-time threat visibility and protection in minutes. Program identifies and submits suspicious files to cloud-based sandbox using full-system-emulation environment for detecting advanced persistent threats and zero day malware

ZoneAlarm Cloud-scans Email Attachments Before they Open (ComputerWorld) Check Point has announced the new version of its popular ZoneAlarm antivirus program which features a cloud sandbox technology designed to check email attachments for malware before they are opened

Do You Really Need to Pay for Antivirus Software? (Tom's Guide) It's a free world out there. Free maps, free navigation, free calls on the Internet, free email, free apps for smartphones — but should you trust your digital security to a free program? For Windows users, some measure of security is needed on every computer. Malware, botnets, keyloggers and viruses are daily nuisances and constant threats

Facebook wages war on Like-baiting and spammy posts (Naked Security) It's a full frontal assault on cute kittens and the Pages that pimp them out for Likes. Facebook's tweaked its algorithms to try to scrape off the clingy, whiny, needy stories published by Pages that deliberately try to game Facebook's News Feed to get more distribution than they normally would

Facebook spam crackdown may reduce organic reach even further (FierceCMO) Facebook has updated its News Feed algorithm again, this time with the intent to reduce the amount of spam users see. The update specifically targets like-baiting, spammy links and frequently circulated content

Technologies, Techniques, and Standards

CISOs Respond to Heartbleed Bug (GovInfoSecurity) CISOs in all sectors are taking steps to mitigate the risks posed by the OpenSSL vulnerability known as the Heartbleed bug

Here are the options with Heartbleed-flawed networking gear (Hint: there aren't many) (CSO) Companies faced with the threat posed by networking equipment that contains the notorious Heartbleed bug have few security options beyond working closely with affected vendors

Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say (CSO) Website operators should assess their whole Web infrastructure when patching the critical Heartbleed flaw in OpenSSL, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers

Why should passwords be encrypted if they're stored in a secure database? (Ars Technica) It's not just about your programming problem this time

Securing mobile applications (Help Net Security) In this interview, Dan Cornell, Principal of Denim Group, talks about the most common pitfalls of securing mobile applications, discusses the challenges involved in performing a detailed mobile application security assessment, and illustrates what future threats we can expect down the road

Thwarting Cyber-Induced External Business Disruptions (Business Solutions) Global dependence on the Internet as the backbone for conducting business is leading to a surge in malicious and sophisticated cyber attack activity aimed at interrupting or compromising these economically-critical online activities. These threats are frequently referred to as distributed denial-of-service, or DDoS, attacks

Op-Ed: UK banking cyber-attack test draws attention (Digital Journal) During the last few years, there has been increase in security issues affecting stock markets and investors. Cyber criminals now pose a larger threat to corporate and personal information

Academia

UTSA cybersecurity center collaborates on $800,000 FEMA grant to create cybersecurity consortium (Phys.org) The University of Texas at San Antonio Center for Infrastructure Assurance and Security (CIAS), the University of Arkansas System's Criminal Justice Institute and the University of Memphis' Center for Information Assurance have received a three-year, $800,000 grant from the Federal Emergency Management Agency (FEMA) to help states and communities prepare for, detect and respond to cyber attacks in a consistent manner

Universities now have access to cybersecurity education (Help Net Security) (ISC)² is making its educational resources, which are updated regularly by its members and industry luminaries, available to academia to help meet the global demand for more skilled cybersecurity professionals. With nearly 100,000 members worldwide, the (ISC)² common body of knowledge (CBK) incorporates disciplines within information security, software security, forensics and healthcare

U.S. Army Compares New Hacker School To "The Birth Of The Air Force" (OhhWorld (h/t DC3 Dispatch)) Over the next three years, the U.S. Army will be filling its brand new cyber warfare institute at West Point with the best and brightest hackers it can find. Not just hackers, however: the institute will bring together psychologists, lawyers, mathematicians—anyone who can help the country win the inevitable cyber war and save America

Legislation, Policy, and Regulation

NSA Said to Exploit Heartbleed Bug for Intelligence for Years (Bloomberg) The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said

NSA never used Heartbleed to spy, White House says (CBC News) Denial comes after Bloomberg report that NSA used Heartbleed to steal data for 2 years

Statement on Bloomberg News story that NSA knew about the "Heartbleed bug" flaw and regularly used it to gather critical intelligence (IC on the Record) NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong

Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say (New York Times) Stepping into a heated debate within the nation's intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday

Obama lets NSA use zero-day flaws given "clear national security" need (Ars Technica) White House officials: policy dates back to January 2014, during review process

NSA has Obama's backing in exploiting Internet flaws? (Dehli Daily News) NSA has Obama's backing in exploiting Internet flaws? In a startling revelation, it has been claimed that US President Barack Obama allowed National Security Agency (NSA) to exploit some major flaws in Internet security for espionage or cyber attack activities

Hunter Gross: Despite Cyber Espionage, U.S.-China Relations Are Business as Usual (Council on Foreign Relations: Asia Unbound) Just as U.S. president Barack Obama and Chinese president Xi Jinping were set to meet in The Hague, documents leaked by Edward Snowden revealed that the National Security Agency installed backdoors in the computer networks of the Chinese telecommunications firm Huawei. Despite extensive U.S. media coverage and angry reactions from Chinese news sources such as Xinhua and the Global Times, this revelation follows the pattern of previous cyber-related disclosures; the issue first flares up, and then quickly fades until the next disclosure. Why does such a divisive issue neither strain U.S.-China relations or trigger significant actions to address the problem?

Obama Administration Criticizes EU Plan to Avoid NSA Data Surveillance as a Violation of Trade Agreement (AllGov) The United States has accused some of its leading European allies of endangering free trade agreements if they pursue the development of protected data networks to avoid American electronic spying operations

A new organization for cybersecurity across the electric grid (Bulletin of the Atomic Scientists) Cyber attacks are an increasing risk for the US electric sector and have eclipsed terrorism as the primary threat, according to the Federal Bureau of Investigation. The Industrial Control Systems Cyber Emergency Response Team responded to 256 incidents that targeted critical infrastructure sectors in fiscal year 2013, and 59 percent of those incidents involved the energy sector. A large-scale cyber attack or combined cyber and physical attack could lead to enormous costs, potentially triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery. Moreover, cyber threats are more difficult to anticipate and address than traditional threats to electric grid reliability, such as extreme weather

Nigeria launches emergency response to cyber security (Africatime) The Nigerian government Tuesday launched a Computer Emergency Readiness and Response Team (CERRT.ng) Ecosystem, aimed at providing support in responding to computer, network and related cyber security incidents

Litigation, Investigation, and Law Enforcement

Edward Snowden the 'traitor' looms over Pulitzers (NDTV) Hero or traitor? America is still polarised over Edward Snowden and whether the newspapers that exposed the extent of National Security Agency's vast global spying network should be lauded or condemned

Facebook's dodgy privacy record prompts FTC warning over WhatsApp buy (FierceMobileIT) Facebook's dodgy privacy record is prompting the Federal Trade Commission (FTC) to take the extraordinary step of warning the social media giant about its proposed $19 billion acquisition of mobile messaging startup WhatsApp

Facebook: US feds probed over 18,700 accounts in six months (The Register) The US government asked Facebook for information about 18,715 user accounts between July and December of last year

"Zeus" scammers accused of stealing millions, infecting thousands of computers (Ars Technica) Botnet helped defendants get bank account numbers, passwords, RSA SecureID tokens. Nine people connected to the "Zeus" malware have been indicted, federal officials announced Friday as they declared the code "one of the most damaging pieces of financial malware that has ever been used"

Hacker Weev Free After Appeal (InformationWeek) Andrew "Weev" Auernheimer, who embarrassed AT&T by exposing a security flaw, had his conviction overturned by federal appeals court

IRS plays-up identity theft, fraud fight (CSO) While tax return fraud seems to have hit epidemic proportions, the Internal Revenue Service today said it has started more than 200 new investigations this filing season into identity theft and refund fraud schemes

Police force is one of few prepared for cyber attacks (Stamford Mercury) Lincolnshire police is one of only three forces prepared for a large-scale cyber attack

ORR school officials grilled on cyberattack (South Coast Today) Tri-town selectmen had some hard questions for ORR school officials about a 2011 cyber attack on an Old Rochester Regional School District bank account that still has $34,000 unaccounted for

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

NSA Procurement in today's business arena (Elkridge, Maryland, USA, April 16, 2014) An opportunity to gain inside perspective on market trends in NSA Procurement. The guest speaker will be William Reybold, National Security Agency's Deputy Senior Acquisition Executive (SAE), who manages...

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss...

US News STEM Solutions: National Leadership Conference (, January 1, 1970) The STEM crisis in the United States demands solutions—and nowhere is the search more concentrated than at U.S. News STEM Solutions. Now in its third year, this premier national leadership conference is...

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations,...

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

United States Cyber Crime Conference 2014 (, January 1, 1970) This is the only event of its kind that provides both hands-on digital forensics training and an interactive forum for cyber professionals to network. The conference covers the full spectrum of topics...

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.