skip navigation

More signal. Less noise.

Daily briefing.

Israel's ground incursion into Gaza is accompanied by cyber operations on both sides. Israel is jamming Hamas (causing Hamas sites to show error messages); Hamas sympathizers are defacing Israeli sites with pro-Palestinian images and messages.

Ukrainian security services release transcripts of what purport to be intercepted telephone conversations of Russian intelligence officers regarding yesterday's horrific shootdown of Malaysian flight MH17 near Donetsk. Russian organs conduct an extensive information campaign in support of the slow-motion re-engorgement of Ukraine.

Observers close-read the US criminal complaint against Chinese businessman Su Bin and conclude it contains evidence of an ongoing privatization of cyber espionage.

A Pushdo Trojan variant emerges in the UK. It's using a new domain-generating algorithm and has infected more than 11k machines.

A new piece of ransomware, "Critroni," is being dropped by the Angler exploit kit. Citroni is unusual in being the first instance of crypto ransomware observed to use Tor for command-and-control.

Sentinel Labs updates its discovery of the bolt-on evasion kit Gyges, which Dark Reading calls "government-grade stealth malware." Gyges brings crimeware "anti-detection, anti-tampering, anti-debugging, and anti-reverse-engineering capabilities."

"Mayhem" malware is found in Australia and New Zealand, where it is roping Linux and Unix servers into botnets.

HP researchers buy an Aloha point-of-sale system on eBay and are appalled by what they find therein.

Chancellor Merkel calls for "sensible" US-German talks over espionage.

In what appears to be a policy shift, US Treasury Department is devoting more attention to cyber risk.

Australia moves closer to mandatory breach disclosure laws.

Notes.

Today's issue includes events affecting Australia, European Union, France, Germany, India, Ireland, Israel, New Zealand, Palestinian Territories, Romania, Russia, Turkey, Ukraine, United Kingdom, United States, and Vietnam..

Cyber Attacks, Threats, and Vulnerabilities

Israel hacks series of Hamas websites as soldiers enter Gaza (Jerusalem Post) Official Hamas website, along with other prominent Gazan sites show error messages due to army hacking

Israeli TV hijacked by Hamas hackers (Hot for Security) Some satellite TV viewers in Israel got a surprise on Monday, when their regular programming was interrupted by an unscheduled transmission calling for an end to Israeli airstrikes in Gaza

MH17 Crash: Full Transcript Of Alleged Phone Intercepts Between Russian Intelligence Officers (International Business Times) After flight MH17 was shot down over eastern Ukraine on Thursday, Ukrainian and Pro-Russian separatist authorities looked for someone to blame. Now, the Ukrainian security chief has accused two Russian intelligence officers of shooting down the Malaysia Airlines Boeing 777 based on phone intercepts

Russian State TV Edits Wikipedia to Blame Ukraine for MH17 Crash (Global Voices) A day after a horrific plane crash in eastern Ukraine claimed the lives of nearly 300 people, speculation about who is to blame for shooting down the aircraft is in full swing. Leaders of Ukraine, Russia, and even the separatists in Donetsk have all placed responsibility on each other. In Kyiv, President Poroshenko blamed rebels in the east and criticized Russia for destabilizing the border. In Moscow, Vladimir Putin claimed that Kyiv is accountable for anything that happens in Ukraine. Donetsk's putative leader denies any role in the attack on Malaysian Flight MH17, saying it must have been the Ukrainian Air Force

Why Putin Let MH17 Get Shot Down (Daily Beast) Russia has been escalating its war in Ukraine for weeks. The urgency to win turned to recklessness

Su Bin, Lode-Tech, And Privatizing Cyber Espionage In The PRC (Digital Dao) The criminal complaint against Chinese businessman Su Bin (aka Stephen Su, Stephen Subin) is a must-read. Be sure to read the Wall Street Journal article as well. It marks the first time that the FBI has issued an arrest warrant for a foreigner charged with an act of cyber espionage via a network attack that has until now been attributed solely to state actors like the PLA

Pushdo Trojan infects 11,000 systems in 24 hours (Help Net Security) Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period

Pushdo botnet gets DGA update, over 6,000 machines host new variant (SC Magazine) The Pushdo botnet, known for delivering a bevy of malware through its spamming module Cutwail, is being updated to leverage a new domain-generation algorithm (DGA)

Critroni Crypto Ransomware Seen Using Tor for Command and Control (Threatpost) There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say it's the first crypto ransomware seen using the Tor network for command and control

Government-Grade Stealth Malware In Hands Of Criminals (Dark Reading) "Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools

New Mayhem malware targets Linux, UNIX servers (IT News) Infections found in Australia and New Zealand

WordPress plugin vulnerabilities affect 20 million downloads (ZDNet) Since May, security firm Sucuri has discovered critical WordPress plugin vulnerabilities affecting four plugins that have nearly 20 million downloads

Flaws found in Bitdefender enterprise endpoint manager (The Register) Hardcoded GravityZone creds to be wiped at month's end

Malcovery Security Issues Special Brief on the Asprox/Kuluoz Malware Used in EZPass Email Security Attack (Digital Journal) Malcovery®, the leader in delivering actionable intelligence that can be applied to neutralize the threats and actions by cyber criminals in the areas of phishing, spam and malware, released today a "Special Brief: Today's Top Threats Report: Asprox/Kuluoz Malware," a free threat intelligence briefing that details the malware that was used in the recent headline making attacks on E-ZPass. Unfortunately, E-ZPass is the latest in a long list of brands infected by this dangerous malware

How I gained access to Amazon EC2 servers from Github Search (Appgrounds) GitHub is a great place to host public code repositories so you can share and show off your work. However, some unwary programmers will include sensitive information such as passwords or private keys in their git repos and push their code to the public, where it can be viewed by anyone who knows where to look. Github Search allows advanced filters that allow us to search for these private keys

Aloha point-of-sale terminal, sold on eBay, yields security surprises (IDG via Networkworld) Matt Oh, a senior malware researcher with HP, recently bought a single Aloha point-of-sale terminal—a brand of computerized cash register widely used in the hospitality industry—on eBay for US$200

Multiple Cisco home products vulnerable to exploit (ZDNet) A flaw in many of the company's cable modems and residential gateways could allow a remote attacker to take control of the device

Don't put that duffel bag full of cash in the hotel room safe (The Register) Two words: default passcodes… and there's MORE

Security Patches, Mitigations, and Software Updates

Chrome for Android Update Fixes Critical URL Spoofing Bug (Threatpost) The latest update to Chrome on Android — pushed yesterday — fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site

Apple Implements Email Encryption in Transit for iCloud (Threatpost) Apple quietly began encrypting virtually all of the email flowing in and out of its servers for its iCloud.com, mac.com and me.com domains, a move that throws up an important roadblock for attackers and others attempting to snoop on those transmissions

Siemens Working on Patches for OpenSSL Bugs Under Exploit (Threatpost) Siemens says it is working on patches for four critical vulnerabilities in the OpenSSL libraries it uses in a number of its industrial control products, flaws that are being exploited in the wild

Cyber Trends

IT security pros prioritise new tech over training (SC Magazine) New research from IT security vendor Websense and Ponemon Institute indicates that security professionals want their companies to invest in new technology, but are doing little to 'upskill' existing staff

Windows XP use rises among Irish businesses (The Independent) New figures show that use of the condemned computer operating system Windows XP has increased in Ireland since Microsoft ceased security support for the system in April. The figures, from global statistics firm Statcounter, suggest that Irish businesses still using the system may be dragging their feet in upgrading to a more secure platform

Are endpoints the most vulnerable part of the network? (Help Net Security) Only 39% of companies have advanced endpoint security protections in place even though 74% consider endpoints to be "most vulnerable" to a cyber-attack, and 76% say the number of endpoints is rising

Community Defense: World Cup Insights (Imperva) While most sports fans followed World Cup matches and results anxiously, some of us number geeks decided to add another dimension of analytics to this beautiful game. We wanted to have some fun with the data that we gather during the World Cup from our crowd-sourced threat intelligence service, called Community Defense, and map that data to matches

Unlocking the hidden value of information (Help Net Security) Unstructured content accounts for 90% of all digital information. This content is locked in a variety of formats, locations, and applications made up of separate repositories, according to IDC

Marketplace

Firms ready to invest in special cyber-security softwares: Study (Economic Times) Ensuring safety of financial transactions is becoming a priority for the firms, as many of them are willing to invest in a software specifically designed to protect financial details, says a survey by Russian cyber security solutions provider Kaspersky and B2B International

Fortinet cyber security business opens HQ in Sunrise (Sun Sentinel) Cyber threats know no borders, so the business of cyber security is booming worldwide

Payment security firm BioCatch raises $10 million (Internet Retailer) The firm analyzes how consumers use computers and mobile devices to help detect online fraud

Agiliance Shortlisted for Three 2014 Golden Bridge Awards (MarketWatch) Management team recognized for industry achievements; RiskVision platform selected for innovations in governance, risk, and compliance

CSG Invotas Wins 2014 TMC Internet Telephony Labs Innovation Award (Wall Street Journal) CSG Invotas, the enterprise security business from CSG International (NASDAQ: CSGS), today announced that it has been selected as a 2014 Internet Telephony Labs Innovation Award winner

Tassie startup StratoKey headed to security stratosphere (CSO) After nearly three years in development, the May debut of Tasmanian startup company's StratoKey security tool has been rewarded with a finalist berth in upcoming awards from security giant RSA and the opportunity for the founders to present to a massive audience of regional security-industry figures

Tenable's TRM Dashboard Eases Compliance with Singapore's Complex Financial Services Regulations (IT Business Net) Tenable Network Security®, Inc., the leader in continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance, today announced the new SecurityCenter Continuous View (CV)™ pre-defined IBTRM dashboard, which makes it easy for the Financial and Insurance Institution sector to comply with the complex regulatory environment created by the Monetary Authority of Singapore's Technology Risk Management Guidelines

Google's Business Chief Leaves The Company After A Decade (TechCrunch) Buried deep in Google's earnings release this afternoon was word of a pretty big management shift: Nikesh Arora, the company's Chief Business Officer, is leaving after a decade with the company

HP Appoints CEO Meg Whitman To Chairman Of The Board (TechCrunch) Meg Whitman just gained a bit more power within HP. The company's Board of Directors has appointed her to the chairman's spot following the departure of Ralph Whitworth earlier this week. Whitman was already serving as president and CEO of HP. She came on board following a tumultuous period of always-shifting leadership within HP and immediately set out to stabilize the

Products, Services, and Solutions

TrustPort Antivirus Software — The most interesting Software (Streetwise Tech) TrustPort antivirus software is the most interesting software nowadays. It has two scanning engines: AVG and BitDefender, however it lacks some features that most antivirus software have. It is great in detecting and removing viruses, threats, malware and spyware. Unfortunately, it does have the features of detecting new generation viruses and threats

Review: Microsoft Security Essentials Trusted Freeware (Streetwise Tech) According to the latest estimates, with over 90% of the people across the world owning a personal computer and laptop making use of the Windows Microsoft operating system, Microsoft Security essentials are in great demand. However, you need not fear. Microsoft Security essentials always provides a real-time antivirus and all the other protection for the home PC, which helps you to guard against spyware or any other malicious software that can create a problem in your personal computer

Alert Logic Log Manager Delivers Security Insight and Compliance Visibility - Now Available on AWS Marketplace (IT Business Net) Alert Logic Log, IDS and WAF security solutions all now available for annual subscription

Bitglass Unveils Security Solution that Combines Flexibility of Public Cloud Apps with Security of Private Cloud Data (Digital Journal) Bitglass today launched a new cloud solution that enables enterprises to adopt the cloud apps that their business needs, while storing corporate data encrypted in their own private cloud. This new solution extends Bitglass' ability to secure corporate data anywhere it goes — in the cloud, on devices and at the point of access

U.S. Army Grants Certificate of Networthiness (CoN) for 21 SolarWinds® IT Management Products (MarketWatch) SolarWinds SWI +2.13%, a leading provider of powerful and affordable IT management software, today announced that the U.S. Army Network Enterprise Technology Command (NETCOM) has accredited 21 unique SolarWinds solutions with a new Certificate of Networthiness (CoN), empowering Army IT Professionals to implement the network, systems and security management solutions in their IT infrastructures. The software is also listed on the U.S. Army CHESS IT e-mart, providing an easy and approved way for Army IT Pros to purchase SolarWinds software

eScan Anti Virus Edition with Cloud Security Antivirus (Steetwise Tech) Before moving towards eSacn Anti-Virus it is necessary to discuss what actually the word Anti-Virus Stand for?? Antivirus, anti-virus, or AV software is computer software used to avert, recognize and remove malicious computer viruses

Snowden Says Drop Dropbox, Use SpiderOak (Wall Street Journal) Edward Snowden singled out cloud-storage provider Dropbox for lacking security measures he says would protect users from government snooping. He then plugged smaller competitor SpiderOak, which he says does

A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying (Wired) The internet is littered with burgeoning email encryption schemes aimed at thwarting NSA spying. Many of them are focused on solving the usability issues that have plagued complicated encryption schemes like PGP for years. But a new project called Dark Mail plans to go further: to hide your metadata

Technologies, Techniques, and Standards

How to Deal With Internal Data Security Threats (WorkIntelligent.ly) Today, David Strom talks data security and how to protect yourself from attacks from the inside of your organization

How to Investigate a Bitcoin Mining Malware Infection (Bit9+CarbonBlack) In my previous blog, I explained Bitcoin mining and provided an overview of a new type of malware used by malicious Bitcoin miners. In today's post, I take a closer look at a specific sample of this new breed of malware

Even Script Kids Have a Right to Be Forgotten (Krebs on Security) Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That's because the breached databases crawled by this search engine are mostly sites frequented by young ne'er-do-wells who are just getting their feet wet in the cybercrime business

Is use-after-free exploitation dead? The new IE memory protector will tell you (Fortinet) The Isolated Heap for DOM objects included in the Microsoft Patch Tuesday for June 2014 was just a fire drill aimed at making the exploitation of use-after-free (UAF) vulnerabilities more difficult. The patch for July 2014, however, has been quite a shock to exploit developers! In this release, Microsoft showed some determination in fighting back against UAF bugs with this improvement - the introduction of a new memory protector in Microsoft Internet Explorer, which would make exploitation of UAF vulnerabilities extremely difficult

Mitigating UAF Exploits with Delay Free for Internet Explorer (TrendLabs Security Intelligence Blog) After introducing the "isolated heap" in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call "delay free." This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet Explorer does not free object's heap space immediately when its reference count is zero

Successful Heartbleed response still raises important questions (TechTarget) Heartbleed, the vulnerability in the open source OpenSSL encryption library, left organizations across the globe scrambling to apply patches in April. Security experts warned the flaw may expose enterprises' most sensitive of data, including keys used for X.509 certificates, user credentials and online communications

After Heartbleed: New realities of open source software security (TechTarget) According to a recent survey, security and quality are two of the top reasons enterprises leverage open source software in the workplace. Yet, after the events of Heartbleed, many organizations are looking at open source software with a wary eye

Keeping the RATs out: **it happens — Part 2 (Internet Storm Center) As we learned in Part One of our exploration of Hazrat Supply's series of unfortunate events, our malicious miscreants favored multiple tools. We first discussed developing IOCs for HackTool:Win32/Zeloxat.A which opens a convenient backdoor on a pwned host. One note on that front, during analysis I saw network calls to zeroplace.cn (no need to visit, just trust me) and therefore added matching URI and DNS items to the IOC file. Again, I'll share them all completed for you in a day or two

Research and Development

MIT research shows the future of datacenter networking (ZDNet) High-performance Fastpass technology reduces lag by more than an order of magnitude

Spin Memory Shows Its Might (IEEE Spectrum) Spin-transfer-torque MRAM could edge out some mainstream memories

Academia

University to host US Cyber Challenge summer camp, competition (UDaily) The University of Delaware will be the host site for the 2014 U.S. Cyber Challenge (USCC) summer camp program to be held from July 21-25

France to offer programming in elementary school (ITWorld) Beginning this fall, French primary school students will have the option of learning computer science

Legislation, Policy, and Regulation

Merkel calls for 'sensible talks' over alleged US spying on Germany (The Guardian) German chancellor says talks on security and privacy needed to restore trust as US commentators defend surveillance of ally

Treasury's New Focus on Cyber-Risks (BankInfoSecurity) Treasury Secretary Jacob Lew this week took the precedent-setting step of publicly addressing what he referred to as the financial system's cybersecurity shortcomings. Lew's comments were noteworthy because they apparently mark the first time a member of the Treasury Department has directly addressed cyber-risks

Senate Weighs Botnet Busting Changes (infoRisk Today) The Obama administration wants Congress to update U.S. anti-hacking laws to allow law enforcement agencies to more easily crack down on fraudsters operating abroad, disrupt botnets used to distribute spam and distributed-denial-of-service attacks and bust "for hire" malware and botnet service providers

Guest Post: Would the USA Freedom Act End All Authorities for Bulk Collection? (Just Security) When the House passed the USA Freedom Act (H.R. 3361) in May, both Members and the administration announced that it would end bulk collection of metadata about Americans' communications. The administration is now urging Congress to pass the bill as soon as it can and Senators are now considering revisions to specific language in the House-passed bill

UN report strongly implies that NSA surveillance is violating international law (Vox) A new report from the UN High Commissioner for Human Rights suggests that several policies of the Obama administration — and specifically the National Security Agency — may violate international human rights norms

Net neutrality supporters: Deep packet inspection is a dangerous weapon (FierceEnterpriseCommunications) Network access providers should be disallowed from using DPI, and should provide regular reports to demonstrate they're not, suggests yet another group of Internet technology leaders

Australian Treasury backs mandatory data breach notification law (FierceITSecurity) Australia should enact a mandatory data breach notification law, recommends an interim report on the country's financial system by the Treasury

Litigation, Investigation, and Law Enforcement

Notorious Shylock banking malware taken out by law enforcement (Naked Security) Law enforcement action led by the National Crime Agency (NCA) in the UK has knocked out the infrastructure of a banking malware that infected at least 30,000 computers

Romanian gang used malware to defraud international money transfer firms (IDG via CSO) The cybercriminals targeted money transfer franchises in several European countries

ACLU joins appeal of Idaho woman suing NSA (FierceHomelandSecurity) More than a month after a federal judge struck down a lawsuit that an Idaho woman filed against the National Security Agency's collection of cellphone data, the American Civil Liberties Union and the Electronic Frontier Foundation have taken on the case in the appeals process

Microsoft's Bing follows Google in offering Europeans the 'right to be forgotten' (InfoWorld) Europe's top court gave people the right to have links to personal information removed from search listings in Europe

ATM Cash-Out Strikes Red Cross Accounts (GovInfoSecurity) Federal authorities have announced the successful prosecution of yet another member of an international cybercrime ring that's been tied to a global ATM cash-out scheme. This time, the scheme was linked to the exploitation of prepaid cards provided by the American Red Cross to disaster relief victims after the network hack of a payments processor used by the charity, investigators say

Snowden: NSA employees routinely pass around intercepted nude photos (Ars Technica) "These are seen as the fringe benefits of surveillance positions," Snowden says

State police spying on smartphones (Illinois Times) NSA-like eavesdropping has been used in Illinois since 2008

NCA and BAE Systems team up for online child porn cyber operation (V3) The NCA has used mysterious new technology to mount a co-ordinated sting operation that has already seen it arrest 660 suspected paedophiles

Retailer threatens critical reviewers on Amazon with "legal trouble" (Ars Technica) "It's bullying," a public interest lawyer says of the firm's tactics

Engineer Arrested Over Massive Benesse Holdings Data Leak (Softpedia) The Tokyo Metropolitan Police Department announced on Thursday, July 17, the arrest of a systems engineer for allegedly stealing private information of about 7.6 million customers of the education service provider Benesse Holdings

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Security Startup Speed Lunch DC (Washington, DC, USA, July 22, 2014) Our goal is to connect the most promising security startups in the world with decision-makers at aerospace, asset-management, banking, communications, defense, energy, healthcare, government, technology...

Seminar: Cybersecurity Framework for Protecting our Nation's Critical Infrastructure (Marietta, Georgia, USA, July 22, 2014) The Automation Federation and Southern Polytechnic State University will co-sponsor the "Cybersecurity Framework for Protecting our Nation's Critical Infrastructure." a free seminar from 8 a.m. to noon...

SHARE in Pittsburgh (Pittsburgh, Pennsylvania, USA, August 3 - 8, 2014) LEARN: Subject-matter experts and practitioners are on-hand at SHARE events to discuss major issues facing enterprise IT professionals today. FOCUS: SHARE provides leading-edge technical education on a variety of topics. Whether you are an IT manager, IT architect, systems analyst, systems programmer or in IT support, SHARE offers focused sessions to benefit all job roles. ENGAGE: At SHARE events, you will experience a wide variety of formal and informal networking opportunities that encourage valuable peer-to-peer interaction...

STOP. THINK. CONNECT. Two Steps Ahead: Protect Your Digital Life Tour (Clarksville, Tennessee, USA, August 5, 2014) The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on helping all digital citizens stay safer and more secure online, is coming to TK with its STOP. THINK. CONNECT.

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges...

BSidesLV 2014 (Las Vegas, Nevada, USA, August 5 - 6, 2014) We have an amazing array of speakers each year, covering topics such as Penetration Testing, Forensics, Incident Response, Risk, and everything in between. We have a Lockpick Village, the Squirrels in...

4th Annual Cyber Security Training Forum (Colorado Springs, Colorado, USA, August 5 - 6, 2014) The Information Systems Security Association (ISSA) — Colorado Springs Chapter and FBC, Inc. will co-host the 4th Annual Cyber Security Training Forum (CSTF). CSTF is set to convene from Tuesday August...

DEF CON 22 (Las Vegas, Nevada, USA, August 7 - 10, 2014) The annual hacker conference, with speakers, panels, and contests. Visit the site and penetrate to the schedules and announcements.

South Africa Banking and ICT Summit (Lusaka, Zambia, August 8, 2014) The South Africa Banking and ICT Summit is the exclusive platform to meet industry thought leaders and decision makers, discover leading edge products and services and discuss innovative strategies to...

SANS Cyber Defense Summit and Training (Nashville, Tennessee, USA, August 13 - 20, 2014) The SANS Institute's Cyber Defense Summit will be paired with intensive pre-summit hands-on information security training (August 13-18). This event marks the first time that SANS will conduct a training...

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only...

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security...

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.