skip navigation

More signal. Less noise.

Daily briefing.

Rumors of attribution begin to circulate around the Anthem breach: sources claiming familiarity with the investigation say they see the Chinese government's hand in the attack. It's very early, and attribution of course is notoriously difficult, but if the rumors prove out this wouldn't be the first time an intelligence service has sniffed around the healthcare sector. Mandiant, hired by Anthem to investigate, has said on the record that the attack used "custom backdoors," which would be consistent with a sophisticated attacker.

To be clear, personally identifiable information (PII) appears the object of the attack, not medical records proper or paycard data. PII could be used in either crime (via identity theft) or espionage (for cultivation or compromise of individual targets). If the attackers were indeed ordinary criminals, they'll find PII more lucrative than paycard data.

Some observers (notably CyberPoint's CTO) are struck by the extent to which the breach was foreshadowed by FBI warnings last year. We link to two of them below, and they're particularly instructive in retrospect.

Internet Explorer and Flash zero-days return to the news. Ransomware's tactical evolution proceeds apace: it's now targeting back-ups. Fake WhatsApp spam makes a nuisance of itself, and a WordPress plug-in vulnerability is exploited (and patched).

Hacking campaigns, whatever their sophistication, are showing greater complexity, with denial-of-service and social media exploitation increasingly functioning as preparation and misdirection.

Sony Pictures CEO Pascal resigns, her departure widely believed to be fallout from the Guardians of Peace hack.

Adobe patches Flash. Google updates Chrome.

Notes.

Today's issue includes events affecting China, Germany, Iran, Israel, Philippines, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Chinese State-Sponsored Hackers Suspected in Anthem Attack (Bloomberg) Investigators of Anthem Inc.'s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe

China suspected in major hacking of health insurer (Washington Post) The massive computer breach against Anthem, the nation's second-largest health insurer, exposes a growing cyberthreat facing health-care companies that experts say are often unprepared for large attacks

Anthem's sour note (Economist) This could be one of the biggest corporate data breaches in history

Tens of thousands of people may be impacted by Anthem breach (WMAR ABC 2 News) Health insurance company Anthem is the latest causality of a massive security breach. The company says hackers gained access to the personal information of tens of millions employees, as well as current and past customers. That includes birthdays, social security numbers, addresses and employment information

Experts on the Anthem Hack: SurfWatch Lab's Adam Meyer (Wall Street Journal) Adam Meyer, chief security strategist of threat intelligence consultancy SurfWatch Labs, says the hackers behind the Anthem Inc. breach may have gained access by exploiting weaknesses in the company's Web services

The Anthem Data Breach: What you Need to Know (Trend Micro: Simply Security) Today Anthem, the second largest health insurance company in the United States, announced they have suffered a major data breach

Exclusive: Mandiant speaks on Anthem attack, custom backdoors used (SC Magazine) Mandiant, the incident response firm tapped by Anthem Inc. in the wake of its massive breach, says that the "sophisticated" cyber attack against the health care company involved the use of custom backdoors, one indication that an "advanced attack" did indeed take place against the company

HITRUST Helps Anthem, Others in Initial Hack Investigation (Health Data Management) Early in its investigation of a major cyber attack, health insurer Anthem shared much of what it knew with other health industry stakeholders, all of whom participate in the HITRUST Cyber Threat Intelligence and Incident Coordination Center, or HITRUST C3

Millions of Anthem Customers Targeted in Cyberattack (New York Times) Anthem said it detected a data breach on Jan. 29, and that it was working with the Federal Bureau of Investigation

UPDATE 3-U.S. health insurer Anthem hit by massive cybersecurity breach (Reuters) Hackers have stolen personal information relating to current and former customers and staff of no. 2 U.S. health insurer Anthem Inc., after breaching an IT system containing data on up to 80 million people, the company said late on Wednesday

Anthem Data Breach Could Affect Millions of Consumers (Threatpost) Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers

Opinion on the Anthem Insurance Breach (Codify Security Blog) It's one of the first major breaches of 2015 and unfortunately it's probably going to be a large one. Anthem being one of the largest heathcare insurance companies in the US will have a massive amount of personal information for hackers to dive through for monetisation in their shady shyster ways. Luckily for the millions affected, apparently no financial details were grabbed in the hack but the loss of other PII information is still concerning and could lead to all kinds of fraud due to the US having a reliance on social security numbers to prove who they are for a plethora of interactions with organisations

Reactions to the extensive Anthem data breach (Help Net Security) Anthem, the second-largest health insurer in the United States, has suffered a data breach that may turn out to be the largest health care breach to date, as the compromised database holds records of some 80 million individuals

Hackers see rewarding targets in health care companies (AP via KLTV) Health care is a treasure trove for criminals looking to steal reams of personal information, as the hacking of a database maintained by the second-largest U.S. health insurer proves

How the Anthem Insurance Hackers May Be Planning to Cash In (DC Inno) On Thursday, millions of Anthem Inc. health insurance customers woke up to a company e-mail notifying them that hackers may have gained access to their names, birth dates, Social Security numbers, addresses and employment data — including income figures — during a data breach

80M Anthem Records Hacked: Where's My Data Going? Who's Buying? (Easy Solutions Blog) Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people

Why even strong crypto wouldn't protect SSNs exposed in Anthem breach (Ars Technica) In a case like the Anthem breach, the really sensitive data is always in use

3 Vectors of a Healthcare Cyberattack (Fortinet Blog) Our healthcare systems, from EHR to medical devices, are more vulnerable than many of us realize. And the stakes are too high to ignore

Healthcare Data in the Cross-Hairs (Trend Micro: Simply Security) Today we've learned that up to 80 million customers and employees of Anthem health insurance have had their personal information stolen. Initial reports indicate that the data loss includes names, birth dates, Social Security numbers, addresses and employment data including income

[From 4.23.14] Exclusive: FBI warns healthcare sector vulnerable to cyber attacks (Reuters) The FBI has warned healthcare providers their cybersecurity systems are lax compared to other sectors, making them vulnerable to attacks by hackers searching for Americans' personal medical records and health insurance data

[From 8.20.14] FBI warns healthcare firms they are targeted by hackers (Reuters) The FBI has warned that healthcare industry companies are being targeted by hackers, publicizing the issue following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records

Critical Internet Explorer zero-day vulnerability uncovered (V3) A fresh Internet Explorer zero-day vulnerability affecting Windows 7 and Windows 8.1 users has been uncovered by security researchers

As Flash 0day exploits reach new level of meanness, what are users to do? (Ars Technica) Only a few weeks in, 2015 is shaping up as one of the most perilous years for users

New ransomware tactic cripples websites by targeting backups (FierceCIO) A new ransomware tactic has been spotted, which attempts to cripples websites by encrypting the data stored on both the database and data backups

Fake WhatsApp for Web Spams the Internet, heaven for cyber criminals (HackRead) The CEO of WhatsApp, Jan Koum informed on January 21 that the very popular and well-known mobile application has a web client that can be used from Google Chrome which will enable users to retrieve all the conversations and messages from the mobile device

Thousands of WordPress sites affected by zero-day exploit (ZDNet) More than half-a-million WordPress users of a Fancybox plugin may be affected, security researchers say, though the exact figure is unknown

Tomcat security: Why run an exploit if you can just log in? (Internet Storm Center) In our honeypots, we recently saw a spike of requests for […]. These requests appear to target the Apache Tomcat server. In case you haven't heard of Tomcat before (unlikely): It is a "Java Servlet and JavaServer Pages" technology

Siemens sighs: SCADA bugs abound (Register) Wimax network kit vulnerable

DDoS increasingly used in advanced cyber-attacks (SC Magazine) Two new reports chart the increasing complexity and strength of DDoS attacks, which researchers say are now used in wider, more advanced cyber-attacks

How social media hacks can be the gateway to further breaches (Insurance Business America) 'Another day, another breach' seems to be the mantra at the moment as increasing numbers of organisations fall victim to cyber attack. The recent high-profile hack of the US Central Command's Twitter feed by a group purporting to be ISIS demonstrates the vulnerability of anyone operating on these channels, even those you would assume to be heavily protected

Today's Hackers Are Way More Sophisticated Than You Think (ReadWrite) Defense against intrusion is no longer enough

Ineffective Oversight Of High-Risk Cargo Shipments Create Supply Chain Vulnerabilities (HS Today) With the reliance of the US economy on a secure global supply chain, securing the millions of cargo shipments arriving in the US every year is critical. However, a recent Government Accountability Office audit found Customs and Border Protection (CBP) has not been accurately recording the disposition of high-risk maritime shipments, which may be creating vulnerabilities in the supply chain

Amy Pascal is proof that Sony's scandal wouldn't be over until someone took a fall (Quartz) Ever since Sony went ahead with plans to distribute The Interview, both in theaters and online, in the face of increasing ominous threats by the hackers who breached its systems in November, everyone had been waiting for retaliation from the group that called itself Guardians of Peace — but none ever came. The hackers, who had been releasing new stolen Sony data on an almost daily basis in early December, had suddenly fallen silent, and still haven't been heard from since

The conversation security leaders need to have about Amy Pascal's departure (CSO) Three questions security leaders need to ask the executives and board in the wake of Amy Pascal's departure

January 2015 Cyber Attacks Statistics (Hackmageddon) It is time to summarize the data collected into the January 2015 Cyber Attacks timelines (Part I and Part II) into valuable statistics

Security Patches, Mitigations, and Software Updates

Yet Another Flash Patch Fixes Zero-Day Flaw (KrebsOnSecurity) For the third time in two weeks, Adobe has issued an emergency security update for its Flash Player software to fix a dangerous zero-day vulnerability that hackers already are exploiting to launch drive-by download attacks

Stable Channel Update (Chrome Releases) The stable channel has been updated to 40.0.2214.111 for Windows, Mac and Linux. A full list of changes is available in the log

Following Exploits, Zero Day in WordPress Plug-in FancyBox Patched (Threatpost) Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites

IE Memory Attacks Net ZDI $125,000 Microsoft Bounty (Threatpost) When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser

Cyber Trends

The Industrialization of Hacking: Part 2 — The Cybersecurity Arms Race (CIO) With significant money to be made, hacking is increasingly driven by profits

Companies Need to Take Responsibility for Protecting Sensitive User Data (Entrepreneur) Cyber-criminals have grabbed headlines for highly-publicized data breaches in recent years. However, the greatest blame for many of these incidents is squarely on the shoulders of organizations that don't properly manage sensitive data

60% of American Consumers Believe Retailers Lack Payment Security (Tripwire: the State of Security) According to a recent study, American shoppers are still hesitant when it comes to trusting retailers with their payment and personal information

M-commerce Fraud Leading to Millions in Lost Revenue (Infosecurity Magazine) Mobile e-commerce is still a nascent space, but growing fast: More than 200 million devices worldwide are now making regular purchases through mobile browsers and mobile applications. That offers a vast new playground for fraudsters, who will look to take advantage of immature security approaches in the space

The Year of The Hack (Tripwire: the State of Security) It seems only fitting that 2014 should have ended with the much publicized hacking of Sony as the American public was inundated all year with one sensational account after another of damaging data security breaches

Harvesting Your Data From The Internet of Things (Tripwire: the State of Security) Last week, I presented a talk at OWASP's AppSec California titled "We All Know What You Did Last Summer," where I spoke on the topic of privacy, security and the "Internet of Things." My primary focus was not necessarily on the privacy and security of devices themselves, but more regarding the security implications of the data they generate

Marketplace

Cybersecurity stocks rally after Anthem breach (updated) (Seeking Alpha) A major data breach at #2 U.S. health insurer Anthem — it involves a database containing personal info about 80M customers/employees — has put cybersecurity back in the spotlight … along with the companies providing hardware, software, and services to protect against external attacks

A cyber insurance provider shares all on what's really covered (FierceCIO) Cyber insurance policies are not new. In fact, they've been around for quite a few years. But there is a very new trend going on, with interest in these policies often being driven by corporate boards of directors

Cyber Liability Insurance 101: Make Sure Your Business Is Protected (SmallBizTrends) In recent weeks, we have learned that the electronics and entertainment giant, Sony, is not impervious to e-mail hacks

Tenable Network Security Named One of Baltimore's 'Best Places to Work' by Baltimore Magazine (Herald Online) Maryland-based continuous network monitoring cybersecurity company fuels rapid growth by keeping culture top of mind

IBM Taps Bergevin for Cyber-PR Work (O'Dwyers) Tech PR veteran Paul Bergevin has joined IBM in the new post of VP-cybersecurity communications

Products, Services, and Solutions

In Candid Mea Culpa, Twitter CEO Promises a War on Trolls (Wired) Twitter has been losing precious users to the abuse of trolls for years, and now CEO Dick Costolo says he's not going to take it anymore

Tier-3 Huntsman Joins Big Data Race in Cybersecurity (Computer Business Review) Threat management tool allows security teams to sift through alerts

AtHoc Selected as Key Component of Protecting the U.S. Army Cyber Command (Marketwired) Interactive warning system increases emergency preparedness abilities for Cyber Command of the Army

Technologies, Techniques, and Standards

Significant Gaps Between Compromise and Discovery (Webroot Threat Blog) Over the past five years, the number of records compromised in US business breaches has exploded, growing from less than 20 million in 2010 to over 92 million in 2013. With major breaches at Target and the Home Depot, and many smaller breaches in the last year, the increase in records lost does not appear to be on the decline

Data Breach Directions: What to Do After an Attack (Security Magazine) In 2009, Heartland Payment Systems announced that it had suffered a devastating breach: 134 million credit cards were exposed through SQL Injection attacks used to install spyware on Heartland's data systems. The company processes payments for debit, prepaid and credit cards, in addition to online payments and checks and payroll services

A Cybersafety Culture Can Help Reduce Energy Usage Data Privacy Risks (Energy Collective) Thanks to M2M and Smart Grid technologies, new energy usage data can be invaluable to help intelligently manage energy and reduce utility operations costs and consumer costs. However, new data means new privacy risks for consumers (residential, commercial, industrial, and agricultural), utilities, their vendor communities, and other entities that collect, transmit, use, and/or store that data

How to make security a weapon in your managed services arsenal (CRN) Secrets of security success from solution providers

IPv6 Security Myth #4: IPv6 Networks are Too Big to Scan (CircleID) Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths

IT professional, hack thyself (Help Net Security) To anyone not living under a rock, the increasing threat of a cyber attack is very plain. IT professionals spend sleepless nights worrying that they'll be the next Walmart or Sony or Visa. They hope that they're doing everything they can to either prevent an intrusion — or if that's not possible — prevent a serious breach and data loss

Conduct Risk Investigated: 3 Things Bank Risk Managers Need to Know (WillisWire) The risk of staff acting unprofessionally, unethically or illegally — commonly known today as conduct risk — has recently emerged at the top of the agenda of bank supervisors and bank boards alike

Better open source hygiene would have spooked GHOST (Network World) Software security should be pre-emptive instead of reactive

Monitoring SSL Vulnerabilities in Your Network (Bitsight: the Security Ratings Blog) Microsoft has announced that it is removing SSLv3 support in both Internet Explorer (according to VentureBeat) and Azure Storage (according to Redmond Mag) on Tuesday, February 10. The company is not the first to stop supporting the technology, but this announcement should be one of the final straws for companies still supporting it

The World's Email Encryption Software Relies on One Guy, Who is Going Broke (Forensic Magazine) The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project

Research and Development

Air Force wants armor for IP networks (C4ISR & Networks) The Air Force is seeking ways to protect tactical IP networks

Academia

USF opens new center to fight cybercrime (MyNews13) Cybercrime is among the fastest growing threats to the public

Legislation, Policy, and Regulation

Why Israel Hacks (Dark Reading) Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran

How Iran's Government Gags and Frees Media's Cyber Coverage (Recorded Future) As the Iranian cyber story unfolds on the world stage, a tightly controlled media has revealed what its leadership is thinking

Report: Britain's GCHQ threatens to end work with Germany's BND spy agency (Deutsche Welle) The German magazine Focus says Britain has threatened to cease cooperation with Germany's BND intelligence service. The BND in turn has been accused by a Berlin inquiry panel of withholding documents

Groups Urge U.S. Fight Against China Foreign Tech Purge (Bloomberg) U.S. business groups are seeking immediate action from the Obama administration to reverse "troubling" Chinese security requirements they say will block foreign software, servers and computing equipment from the country

U.S. Officials Say Chinese Cyberespionage 'Needs to Stop' (Threatpost) The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country's continued cyberespionage operations are damaging the two countries' relationship

Anthem cyberattack renews calls for info sharing (FCW) House Homeland Security Chairman Michael McCaul said Congress needs to move cybersecurity information-sharing legislation "as soon as possible"

Crowdsourcing America's cybersecurity is an idea so crazy it might just work (Washington Post) When it comes to protecting the nation's cyber networks from the vast array of threats, the government has its hands full. President Obama, in his State of the Union speech, alluded to this, highlighting the importance of integrating intelligence in order to combat cyber threats. As a result, the next big innovation in the world of cybersecurity may not be a new piece of code or a new software tool to detect a threat, but rather, a fundamentally new approach in how we think about leveraging partnerships between the private and public sector to protect our nation's cyber networks

DNI Releases Requested Budget Figure for FY 2016 Appropriations for the National Intelligence Program (IC on the Record) Consistent with 50 U.S.C. 3306(a), the Director of National Intelligence is disclosing to the public the aggregate amount of appropriations requested for Fiscal Year 2016. The aggregate amount of appropriations requested for the FY 2016 National Intelligence Program (NIP) is $53.9 billion, which includes funding requested to support Overseas Contingency Operations (OCO). In FY 2015, OCO funding was not included in the initial disclosure, but was included in disclosures that were updated after the submission of budget amendments

Bicameral, bipartisan seeks to modernize electronic privacy law (SC Magazine) The bipartisan Electronic Communications Privacy Act Amendments Act of 2015 would offer protection from warrantless digital searches

Obama's 'Big Data' privacy plans get lift from lawmakers (Reuters) The White House is working with a Republican congressman on the U.S. House of Representatives' leadership team and Democrats in both the House and Senate on a bill to protect data collected from students through educational apps

Net neutrality set to be defended by US regulator (BBC) The chairman of the US's communications watchdog is proposing "strong" protections to ensure the principles of net neutrality are upheld

Net Neutrality: 4 Legal Challenges To Consider (InformationWeek) FCC Chairman Tom Wheeler unveiled a new open Internet proposal on Wednesday, and carriers are gearing up for battles in court. Here, we look at four legal arguments we can expect to see, and give you our best guesses as to how they'll fare in court

NSA surveillance 'hops' take a step back (WTOP) Since the embarrassing and damaging theft of documents from the National Security Agency by former contractor Edward Snowden, the U.S. intelligence community has sought to harden its information security systems

What would Snowden think of NSA chief's speech? (San Diego Union-Tribune) Admiral Rogers comes to UC San Diego to talk about controversial agency

Obama Taps VMware IT Executive as Federal CIO (GovInfoSecurity) Tony Scott's past jobs included CIO at Microsoft, Walt Disney

Litigation, Investigation, and Law Enforcement

ID theft ring allegedly stole $700,000 in Apple gift cards (IDG via CSO) Apple products are some of the most expensive and desirable in tech so it makes sense that the company's gift cards are proving an attractive currency for criminals

Poverty breeds cyber crimes, says DSWD (Bohol News Today) Poverty is still the culprit. The Department of Social Welfare and Development (DSWD) is partly right as it cited "Poverty and lack of stringent laws," one of the root causes, have generated what it called cyber pornography and cyber prostitution at the advent of technological advances

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...

CyberTexas / CyberIOT (San Antonio, Texas, USA, April 23 - 24, 2015) CyberIOT — Securing the Internet of Things. As more everyday devices become connected to the internet, the need for securing those items becomes critical. CyberTexas will explore the intersection...

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Upcoming Events

Cyber Threat Intelligence Summit (Washington, DC, USA, February 2 - 9, 2015) Join SANS for this innovative event as we focus on enabling organizations to build effective cyber threat intelligence analysis capabilities

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

ICISSP 2015 (Angers, Loire Valley, France, February 9 - 11, 2015) The International Conference on Information Systems Security and Privacy aims at creating a meeting point of researchers and practitioners that address security and privacy challenges that concern information...

Tax benefit, Catalyst Fund and other financial Incentives for Small Businesses (Columbia, Maryland, USA, February 10, 2015) Rescheduled. Meet the experts! Tax incentives, credits and loans available for small businesses. Learn the details: How to apply for Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits,...

2015 Cyber Risk Insights Conference — London (London, England, UK, February 10, 2015) The cyber threat landscape is undergoing rapid change. Lloyd's and the London market are at the forefront of developing insurance products to address the evolving exposures of organizations throughout...

AFCEA West 2015 (San Diego, California, USA, February 10 - 12, 2015) Showcasing emerging systems, platforms, technologies and networks that will impact all areas of current and future Sea Service operations.

Cybergamut Technical Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, February 17, 2015) Workshop Description: This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port...

DEFCON | OWASP International Information Security Meet (Lucknow, India, February 22, 2015) Defcon | OWASP Lucknow International Information Security Meet is a combined meet of Defcon and OWASP Lucknow. Defcon Lucknow is a DEF CON registered convention for promoting, demonstrating & spreading...

10th Annual ICS Security Summit (Orlando, Florida, USA, February 22 - March 2, 2015) Attendees come to the Summit to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The Summit is designed so you leave with new tools...

Workforce Development Forum — CyberWorks Information Session (Baltimore, Maryland, USA, February 24, 2015) Are you a technology company that would like to actively participate in growing the right candidates for your open IT and cybersecurity positions? Are you a job seeker interested in pursuing a career in...

Cybersecurity: You Don't Know What You Don't Know (Birmingham, Alabama, USA, February 24 - 25, 2015) What: Connected World Conference in partnership with University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research (The Center) have teamed up to bring professionals...

NEDForum: Cyber Network Exploitation and Defence: "Darknet & the Primordial Soup of Cyber Crime" (Edinburgh, Scotland, UK, February 27, 2015) Speakers will cover such topics as: "Fear and loathing on Darknet," (Greg Jones, Managing Consultant, Digital Assurance), "Securing the internet of everything" (Rik Ferguson, Global Vice President Security...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.