skip navigation

More signal. Less noise.

Daily briefing.

Security firms and journalists continue their discussions of Regin, amid much disagreement. Some doubt its connection to Belgian network intrusions, others see NSA's hand, but more eyes are directed toward GCHQ. Techworld in particular notes Regin's absence of a kernel-level bypass for PatchGuard (which it thinks points to GCHQ) and an apparent schedule that coincides with typical UK office hours. US-CERT has published a fairly extensive overview of the spyware (which "has not," US-CERT notes blandly, "been identified targeting any organizations within the United States").

Many journalists wonder why security companies like Symantec and F-Secure took so long to announce their discoveries of the campaign, especially since signs of it have been appearing for several years. Disclosure of Regin also coincides with German irritation over what the Süddeutsche Zeitung reports as GCHQ's suborning of Vodaphone subsidiary Cable and Wireless to enable cable tapping. It also coincides with UN deliberation of a resolution on Internet surveillance: Germany and Brazil push restrictions; the Five Eyes push back by reminding the General Assembly that fighting ISIS significantly depends on such surveillance.

Sony's breach investigation continues. Some of the apparent hackers make the (unconfirmed) claim they had physical access to Sony facilities, and that this facilitated their attack.

Retailers and shoppers skittish over holiday trade receive many warnings and much advice.

Abode issues an out-of-band patch for Flash Player.

Home Depot says it's spent $43M on its recent data breach and expects to incur ongoing costs. It's also facing "at least 44 civil lawsuits."

Notes.

Today's issue includes events affecting Afghanistan, Australia, Austria, Belgium, Brazil, Canada, European Union, Fiji, Germany, India, Indonesia, Iran, Iraq, Ireland, Kiribati, Malaysia, Mexico, New Zealand, Pakistan, Romania, Russia, Saudi Arabia, Syria, United Nations, United Kingdom, United States.

It's Thanksgiving tomorrow, and we'll take a break from publication on both the holiday and this Friday. But the CyberWire will reappear as usual on Monday, December 1.

Cyber Attacks, Threats, and Vulnerabilities

Alert (TA14-329A) Regin Malware (US-CERT) On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States

Tricky Regin malware poses biggest threat outside US (CNET) The hard-to-detect malware is a Swiss Army knife of clandestine tools to extract information from targets in non-English speaking countries, experts say

IT firms: Likely link between Regin virus, intelligence agency (Deutsche Welle) Software analysts seem to agree that the Regin malware program is so advanced and discreet that it was most likely produced by an intelligence agency. The now-infamous initials NSA and GCHQ are being bandied about

So what if the Regin malware is British — this is just old-fashioned spying, right? (Techworld) Kaspersky Lab and Symantec blew the cover of a cybertool called Regin. Some clues point to the UK

Regin: Another Military-Grade Malware (Schneier on Security) Regin is another military-grade surveillance malware (tech details from Symantec and Kaspersky). It seems to have been in operation between 2008 and 2011. The Intercept has linked it to NSA/GCHQ operations, although I am still skeptical of the NSA/GCHQ hacking Belgian cryptographer Jean-Jacques Quisquater

Regin malware and why it doesn't change anything (FierceCIO) A closer look at the Regin super-malware, and why hackers are unlikely to copy it

Experts Question Legality of Use of Regin Malware by Intel Agencies (Threatpost) The disclosure of the Regin APT malware campaign this week has spurred much speculation about the source of the attack, with many experts pointing the finger at either the NSA or GCHQ, the British spy agency. Though security researchers involved in uncovering the attack have remained mum on the attribution of Regin, privacy experts say that if one of the intelligence agencies is involved, there's no legal basis for the operation

Regin: The super-spyware the security industry has been silent about (Register) NSA fingered as likely source of complex malware family

Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds… (Register) FYI this isn't just going to target Windows, Linux and OS X fans

Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ's Spying Efforts (Süddeutsche Zeitung) Previously unpublished documents show how the UK telecom firm Cable & Wireless, acquired by Vodafone in 2012, played a key role in establishing one of the Government Communications Headquarters' (GCHQ) most controversial surveillance programs

'Less' means more to malware authors targeting Linux users (IDG via CSO) Using the "less" Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution, according to a security researcher

Sony is the victim of a breach yet again (CSO) Sony was on the receiving end of a cyberattack once again. Hackers managed to take the Sony Pictures website offline on Monday. This isn't Sony's first experience with such attacks, though — Sony has been repeatedly targeted by attackers, up to and including having its Playstation Network knocked offline in August

Hackers suggest they had physical access during attack on Sony Pictures (CSO) If true, the claim takes the situation from bad to worse

Popular security suites open to attack (ZDNet) Your anti-malware system does you no good if it's successfully compromised. Few security suites use ASLR and DEP in all their executables

Vectra Networks' Post Breach Report Reveals Attacker Habits (The VAR Guy) Ten percent of hosts experience at least one or more cyberattacks that bypass enterprise security perimeter defenses, according to a new study by security solution provider Vectra Networks

Emmental hack exposes holes in two-factor authentication (SecureID News) When is a man-in-the-middle attack not a man-in-the-middle attack? When it gains access to bank accounts by skirting text-based two-factor authentication. That's what's happening in an international cyber attack known as Operation Emmental

The rise of account takeovers (Help Net Security) Account takeover fraud is the primary means of attack from fraudsters and attack origins occurring predominantly outside of the U.S., according to NuData Security

Cybercriminals getting ready to shop (Enterprise Innovation) With the share of online sales from personal computers, smartphones or tablets growing every year, cybercrime activities are also on the rise

5 online scams to watch out for this Black Friday and Cyber Monday (Naked Security) Millions of shoppers will be searching for online bargains over the next week

Infographic: The Mall of American Data Breaches (ThreatTrack Security Labs) 2014 was a record year for data breaches, with big name companies like Home Depot, Staples, Michaels and Neiman Marcus all disclosing breaches that affected millions of consumers. Heading into the 2014 holiday shopping season, some security insiders are warning that another big data breach disclosure is only a matter of time

How a virus demanding a bitcoin ransom almost destroyed a public radio station's archives (NiemanLab) But for a fluke in its system, Missouri's KBIA could've lost all its files dating back to 2006

Canada Revenue Agency leaks its own data, hands journalist private tax details (Ars Technica) 18 pages included home addresses and tax credit information of prominent Canadians

Security Patches, Mitigations, and Software Updates

Security updates available for Adobe Flash Player (Adobe Security Bulletin) Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release

Adobe Pushes Critical Flash Patch (KrebsOnSecurity) For the second time this month, Adobe has issued a security update for its Flash Player software. New versions are available for Windows, Mac and Linux versions of Flash. The patch provides additional protection on a vulnerability that Adobe fixed earlier this year for which attackers appear to have devised unique and active exploits

Cyber Trends

6 Million+ Email Accounts Worldwide Exposed In Past 3 Months (Dark Reading) Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say

You Can't Always Stop a Breach: But You Should Always be Able to Spot One (Continuity Central) December 15th is the anniversary that Target's infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?

Netskope: Most Cloud Apps Are Not 'Enterprise-Ready' (Talkin' Cloud) New study says 89 percent of cloud-based apps are not considered 'enterprise-ready'

Cyber Security Needs Its Ralph Nader (Dark Reading) It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?

Poll: Many concerned over online privacy, but few acting for security (The Hill) A majority of the global public is concerned about online privacy, but fewer have actually done anything about it, according to a new survey of Internet users around the world

Small Businesses Need to Beef Up Their Cybersecurity Continuous Monitoring, According to CyberRx Survey (BusinessWire) Survey findings highlight themes of cybersecurity awareness, continuous monitoring, and training

Enterprise Wearable Device Use to Soar Despite Security Risks (Infosecurity Magazine) The use of wearable technology devices at work is set to soar over the coming 12 months, but UK IT leaders appear to be taking a worryingly laid back approach to securing them against data theft, according to Trend Micro

Marketplace

Home Depot spent $43M on data breach in one quarter alone (Computerworld) The retailer expects 'significant' ongoing expenses from the breach

5 Game-Changing Cybersecurity Stocks to Buy Now (24/7 Wall Street) As technology initiatives like cloud-based apps, social networking and virtualization have improved and dramatically increased in usage, a problem has also become more and more evident. The cybersecurity risk associated with adoption of these initiatives has grown to the point of being mission critical. A new research note from Oppenheimer points out that the huge Target stores breach represented the first time a CEO was ousted by the board for a major network breach. Don't think for a moment that other highly placed C suite executives didn't take note of the dismissal and want to avoid a similar fate at their respective companies

IPO Stock Watch: Hot IPO CyberArk Software Hits High (Investor's Business Daily) CyberArk Software (NASDAQ:CYBR) was trading at a new high Monday as one of the top-performing initial public offerings this year

Why Raytheon Is A Good Play On The Internet Of Things (Seeking Alpha) Raytheon (NYSE:RTN) is a global defense and aerospace company that focuses on defense systems, intelligence, missiles and many other areas. Shares of the company have performed relatively flat this year, which we feel is unjustified. We think that shares are valued attractively at today's prices. More significantly, however, we feel that Raytheon can return to significant revenue growth as the Internet of Things takes center stage

HP results disappoint ahead of split (ComputerWeekly) HP has announced disappointing fourth-quarter earnings ahead of the company's planned split aimed at reversing its recent decline

Twitter exec Anthony Noto reveals secret company plans in direct message goof (Naked Security) It's fair to say that Twitter's ahead of many of the social networks when it comes to privacy

ControlCase expands into Latin America with "Compliance as a Service" solution (Sys-Con Media) The new venture was announced at a business breakfast attended by compliance professionals from leading banks, merchants and service providers across Latin America

Are ex-hackers the answer to addressing the cyber security skills gap? (ComputerWeekly) There has been a lot written around the KPMG research which indicated that 53% of UK companies would consider hiring ex-hackers to assist in dealing with their cyber security issues. Now considered one of the biggest and most costly threats to UK businesses, cyber crime has been on the rise for a number of years now and the UK's skills resource has been struggling to keep up. Yet the suggestion that companies should look to hire ex-hackers to deal with the epidemic has been met with scepticism by many

Army Cyber branch offers Soldiers new challenges, opportunities (US Army) Soldiers who want to defend the nation in cyberspace, as part of the Army's newest and most technologically advanced career field, now have an Army branch to join that will take its place alongside infantry, artillery and the other Army combat arms branches

Cisco leases 100,000 square feet for Sourcefire headquarters, plans to add jobs (Baltimore Business Journal) Ken Ulman may have lost his bid for lieutenant governor earlier this month, but he's ending his time as Howard County executive with an economic development win

Founder Rejoins EdgeWave to Lead Cyber Security Innovation (Sys-Con Media) Cyber security industry veteran Farley Stewart brings over 20 years of success to EdgeWave

Products, Services, and Solutions

Bitdefender Unveils IoT Security Appliance (PC Magazine) The BOX is a physical network device which the antivirus firm calls "the security solution for the Internet of Things"

Agiliance Wins Homeland Security Award for Third Consecutive Year (BusinessWire) Company's security risk intelligence solution honored as Best Compliance / Vulnerability Solution

OPSWAT Introduces GEARS Security Tool for Mac (PRWeb) This security management application helps Mac users identify if their computer is at risk or compromised, by alerting them to potential malware infections and providing greater visibility and control of installed security tools

SecureData GI launches to deliver contextual threat intelligence delivered as-a-service in the cloud (Virtual Strategy Magazine) Complete cybersecurity service provider, SecureData has today launched SecureData GI (Greater Intelligence); the first completely integrated security intelligence platform, managed in the cloud and delivered as-a-service

Mike Lynch-backed Darktrace takes new approach to security (Techworld) Monitors behaviour of people inside the network instead of trying to keep them out

SecureData takes wraps off threat analysis service (Microscope) Having got used to the idea of using cloud-based security services customers are now looking to take it to the next stage and take advantage of data analysis to get the most out of monitoring their IT environment

ESET to Launch Completely Re-designed, Best-of-Breed Business Security Suite (PRNewswire) ESET®, a global pioneer in proactive internet security protection, today announced a significant transformation in its endpoint security products performance and usability. Building on the experience gained from more than 26 years of developing leading security solutions, ESET will introduce a completely re-designed suite of business security products for enterprise applications and small and medium-size businesses (SMBs) in North America later this year

A10 Networks Thunder TPS (Threat Protection System) Introduces Advanced DDoS Mitigation Capabilities as Customer Adoption and Industry Recognition Accelerates (CNN Money) Thunder TPS 3.1 provides security professionals with programmatic policy control, advanced DDoS mitigation, comprehensive detection, and significant visibility enhancements

Which Antivirus Products Are Best at Protecting Themselves? (PC Magazine) You depend on your antivirus or security suite to protect your data and your devices, but how well does it protect itself? Security software is just software, and subject to flaws, like any other type of program. Coders can take some simple steps to make sure a software flaw doesn't open the program to exploit attack. However, the latest report from German lab AV-Test Institute shows a wide range in how well security vendors armor their products against direct attack

Technologies, Techniques, and Standards

The context-aware security lifecycle and the cloud (Help Net Security) Ofer Wolf is the CEO at Sentrix, a provider of cloud-based web security solutions. In this interview he talks about the challenges of delivering enterprise-grade security, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture

Data Management Vs. Data Loss Prevention: Vive La Différence! (Dark Reading) A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk

10 point smartcard checklist for merchants (CSO) Just about a year from now, retail merchants who currently accept only magnetic stripe payment cards will have to start accepting chip-based smart cards as well

5 PCI Compliance gaps (CSO) Here are five areas where merchants need to pay attention

Cybersecurity for the holidays: A non-stop job (USA Today) The holiday sales season and the online crush that accompanies it might seem a natural field day for hackers looking to attack the small and midsize retailers who depend on these sales to bump them into the black

On Cyber Monday, E-Shopping Should Be the Least of Your Online Worries (Business Management Daily) On Monday, desk-bound employees will be filling their virtual shopping carts, scooping up $4 birdfeeders and two-for-one video games. In fact, a new CareerBuilder survey says

Tips for Safe Shopping on Black Friday and Cyber Monday (Fortinet) In the United States, families will soon be traveling by plane, train and automobile to be with their loved ones to celebrate the Thanksgiving holiday. Large feasts will be prepared, football games will be viewed, and parades watched

Why you should protect your wireless connection (Help Net Security) It's holiday shopping season again, and consumers will join the rush to buy devices and accessories for loved ones. They'll scoop up phones and tablets, plus cases, covers and bags to shield from scratches and bumps. But while they are protecting their devices from physical harm, most will leave their phone's Wi-Fi connection — and their private data — open to exposure

Everything your users ever need to know about BYOD (Register) The essential checklist

How hospitals handle mHealth security (FierceMobileHealth) Mobile devices and apps increasingly are being used in healthcare settings, and with that comes greater risk to the security of patient information

Design and Innovation

NSA partners with Apache to release open-source data traffic program (ZDNet) The National Security Agency has released a new open-source program for data network interoperability

Hacking cars: Automakers put high priority on cybersecurity (San Jose Mercury News) Against the team of hackers, the poor car stood no chance

The branded bug: Meet the people who name vulnerabilities (ZDNet) Opinion: As 2014 comes to a close, bugs are increasingly disclosed with catchy names and logos. Heartbleed's branding changed the way we talk about security, but is making a bug 'cool' frivolous or essential?

Research and Development

Brain Science and Browser Warnings (Threatpost) Browser and other types of security warnings generally don't stop computer users in their tracks, especially when they're in the middle of some task. Clicking through them seems to be the accepted response, rather than to halt and evaluate the situation

Academia

A new free online course in Cryptography by University of Maryland (Decentralize) Historically, cryptography was used to ensure private communication between two people with some prior relationship. More recently, its scope has expanded to include things as diverse as data integrity, secure internet-wide communication, electronic cash, secure distributed computation, and more

A Cybersecurity Ph.D. May Be Just What's Needed for the Future of Higher Ed (EdTech) The next generation of IT experts will have their pick of several job opportunities

Programs Aim to Fill Cybersecurity Skills Gap (eSecurity Planet) Symantec's Cyber Career Connection and the Air Force Association's CyberPatriot program both aim to address the cybersecurity skills gap

Legislation, Policy, and Regulation

U.N. Urges Protection of Privacy in Digital Era (New York Times) The United Nations adopted a resolution on Tuesday urging all countries to protect the right to privacy in digital communications and to offer their citizens a way to seek "remedy" if their privacy is violated

U.S. Said to Cite Islamic State in UN Anti-Spying Text Talks (Bloomberg BusinessWeek) The U.S. cited the threat posed by Islamic State to avert a United Nations condemnation of collecting metadata in an anti-surveillance resolution backed by Germany and Brazil, diplomats said

EU companies unaware of proposed data protection law (ComputerWeekly) More than half of European companies do not know about legislation planned to unify data protection laws, according to Ipswitch

Patriot Act Deadline Threatens to Splinter NSA Reformers (National Journal) Stinging from defeat, some privacy advocates want to let parts of the Patriot Act sunset next year. But not everyone is ready to take the plunge

NSA Telephone Data Collection Program Not Based on ‘Secret Law,’ Says Former Intel Staffer (Roll Call) All that talk about "secret law" as the foundation for the allegedly illegal National Security Agency telephony metadata program? Hogwash, writes a former House Intelligence Committee staffer in the National Security Law Journal

Is "Secret Law" Really Either? (National Security Law Journal) After the U.S. Government disclosed the bulk collection of telephony metadata pursuant to Section 215 of the USA PATRIOT Act, debate arose as to whether Congress intended the provision to be interpreted to allow such collection. In addition, debaters wondered whether such interpretation constituted "secret law" inasmuch as it was not widely known among legislators or the public. These issues are best understood within the evolving legal structure surrounding intelligence activities, as well as in light of congressional rules governing legislation and oversight related to such activities. Congressional controversy over the intended scope and meaning of previously enacted legislation is nothing new, but as a matter of law and parliamentary procedure, Section 215 should be considered as properly reenacted and authorized as a basis for the activities at issue

Michèle Flournoy Takes Herself Out of Running for Top Pentagon Job (Foreign Policy) Michèle Flournoy, widely seen as the front-runner to replace Chuck Hagel as the next secretary of defense, abruptly took herself out of the running for the job Tuesday, complicating what will be one of the most important personnel decisions of President Barack Obama's second term

San Francisco DA pushes for chip payment cards in tech's backyard (IDG via CSO) Chip-and-PIN payment cards have a strong supporter in the hotbed of payment technologies, with San Francisco's district attorney promoting the new technology as a way to cut down on fraud

Litigation, Investigation, and Law Enforcement

Home Depot hit with "at least 44 civil lawsuits" due to data breach (Ars Technica) "Home Depot…not encrypting the data at all, or using lax encryption standards"

Tech firms anti-terrorism efforts criticised in Rigby report (BBC) The Intelligence and Security Committee (ISC)'s report into the murder of Fusilier Lee Rigby suggests there was a "significant possibility" MI5 could have prevented the attack had its officers been aware of an online exchange in December 2012 between Michael Adebowale and a person codenamed Foxtrot

Oops: After Threatening Hacker With 440 Years, Prosecutors Settle for a Misdemeanor (Wired) Thanks in part to America's ill-defined hacking laws, prosecutors have enormous discretion to determine a hacker defendant's fate. But in one young Texan's case in particular, the Department of Justice stretched prosecutorial overreach to a new extreme: about 440 years too far

Microsoft Leverages IoT Tech to Combat Online Fraud (eWeek) The software giant is banking on the Internet of things and the cloud to help law enforcement combat cyber-criminals

Breach Reported After Vendor Dispute (GovInfoSecurity) An ongoing legal dispute between the Texas Health and Human Services Commission and its former contractor, Xerox, has led the state agency to report to federal authorities that the business associate was responsible for a data breach affecting 2 million individuals

Murder-for-hire suspect gets new ACLU ally in battle against phone spying (Ars Technica) Baltimore man was located, searched earlier this year after use of a stingray

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

4th Annual Human Cyber Forensics Conference: Exploring the Human Element for Cloud Forensics (Washington, DC, USA, January 21 - 22, 2015) The Human Cyber Forensics Conference addresses the human element of cyber. Presentations will look at the tradecraft and efforts required to identify, understand, navigate, and possibly influence human...

AusCERT2015: Smarten up (RACV Royal Pines Resort, Gold Coast, Queensland, June 1 - 5, 2015) This year's conference theme explores how we need to smarten up to manage information security risks better. We need to "smarten up" by focusing on information security essentials; by taking advantage...

Upcoming Events

DefCamp5 (Bucharest, Romania, November 25 - 29, 2014) DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering...

Cybergamut Tech Tuesday: Receiver Operating Characteristic (ROC) statistics and their successful use in medical studies, Nigerian scams, and APT detection (Columbia, Maryland, USA, December 2, 2014) Receiver Operating Characteristic (ROC) statistics have been a practical tool in the field of clinical medicine for more than 50 years, an area where stakes can be very high and test results are understood...

After the Breach: 1st Annual DePaul University Cyber-Risk Conference (Chicago, Illinois, USA, December 2, 2014) DePaul University's Arditti Center for Risk Management, Center for Financial Services, and the College of Computing and Digital Media are proud to collaborate with Sapient Global Markets as moderators...

5th Annual Raytheon Cyber Security Summit: "The Unassailable Enterprise" (Reston, Virginia, USA, December 2 - 3, 2014) We invite commercial and government entities to attend the 5th Annual Cyber Security Summit where we will explore the "unassailable enterprise" in 2014 and beyond. We bring together some of the most acclaimed...

SINET 16 (Washington, DC, USA, December 3 - 4, 2014) Innovative solutions frequently come from new and emerging companies. Each year, SINET invites sixteen innovative Cybersecurity companies to present their technology solutions to a select audience of prominent...

Healthcare Cyber Security Summit 2014 (San Francisco, California, USA, December 3 - 10, 2014) SANS is teaming up with the National Health Information Sharing & Analysis Center (NH-ISAC) to offer the 2nd Annual Healthcare Cyber Security Summit

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)2 Security Congress, now in its fourth year, (ISC)2 Security Congress EMEA will offer a complementary and unique opportunity within the Europe Middle East...

International Conference for Internet Technology and Secured Transactions 2014 (London, England, UK, December 8 - 10, 2014) The ICITST is an international refereed conference dedicated to the advancement of the theory and practical implementation of secured Internet transactions and to fostering discussions on information technology...

(ISC)² Security Congress EMEA (London, England, UK, December 8 - 10, 2014) Building on the experience of the US-based (ISC)² Security Congress, now in its fourth year, (ISC)² Security Congress EMEA will offer a complementary and unique opportunity within the Europe...

ACSAC 30: Annual Computer Security Applications Conference (New Orleans, Louisiana, USA, December 8 - 12, 2014) ACSAC is more than just high quality, peer-reviewed research (though our 2013 acceptance rate was barely 19%). Our comprehensive program also includes training, case studies, panels, workshops, posters,...

Tax Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, December 9, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (including cyber, research, security clearance, and secured space tax credits) and get the...

Cybersecurity 2015: Beyond the Breach (Washington, DC, USA, December 9, 2014) With each new cybersecurity attack businesses lose millions, governments lose information and citizens lose trust. At the end of a year where these attacks regularly dominated headlines, what's ahead for...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.