skip navigation

More signal. Less noise.

Daily briefing.

Putinist separatists of CyberBerkut claim a successful hack of Ukraine's Information Ministry.

Brookings believes there are at least 46,000 ISIS-sympathizing Twitter accounts, which suggests that a lot of people sufficiently comfortable to afford time on Twitter are buying what the Caliphate's selling.

AnonGhost continues to further the Palestinian cause by banging away at small-town America, hitting the Larimer County, Colorado (population less than 300,000, area 6822 km²) Sheriff for the second time this week.

"Casper" espionage malware appears related to "Babar" and "Bunny."

The FREAK vulnerability isn't confined to Apple or Android devices. Microsoft warns that all versions of Windows are affected. Mitigations are suggested, patches en route.

As Google Play is cleaned of malicious apps, bad actors move to its "bookstore."

Luxury hotel company Mandarin Oriental sustains a credit card breach. Avecto and others think this shows the risks inherent in legacy point-of-sale systems.

Besides patching for FREAK (possibly next week) Microsoft offers fixes for problematic updates distributed in February's Patch Tuesday.

Industry observers decry a lack of incentives for companies to upgrade their network security. In fairness, failure to increase security seems driven at least as much by the difficulty of quantifying risk as by mere unwillingness to invest in defenses. (Compare Anthem's refusal of Federal IT security audits — some think this irresponsible, but others point out the costs, in money but also in security, of Government inspectors rooting around in your networks.)

An Oxford scholar suggests privateering holds better lessons for cyberspace than does Cold War deterrence.

Notes.

Today's issue includes events affecting Canada, China, Estonia, European Union, France, Germany, Iran, Iraq, Israel, Palestinian Territories, Russia, Syria, Ukraine, United Arab Emirates, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Зачистка Мариуполя и аресты его жителей инициированы министерством (КиберБеркут) Мы, КиберБеркут, продолжаем находиться в компьютерных сетях министерства информационной политики Украины. Мы начинаем знакомить общественность с внутренними документами министерства и перепиской его сотрудников

'Nearly 50,000' pro-Islamic State Twitter accounts (BBC) There are at least 46,000 Twitter accounts operating on behalf of Islamic State (IS), a new US study claims

Larimer County Sheriff's Office Website Hacked AGAIN! 2nd time this week (HackRead) On Tuesday 3rd March, the official website of Colorado's Larimer County Sheriff Office website (LCSO) was hacked by pro-Palestinian AnonGhost hacking group

Casper Malware: After Babar and Bunny, Another Espionage Cartoon (We Live Security) In March 2014, French newspaper Le Monde revealed that France is suspected by the Communications Security Establishment Canada (CSEC) of having developed and deployed malicious software for espionage purposes. This story was based on presentation slides leaked by Edward Snowden, which were then published by Germany's Der Spiegel in January 2015

All Versions of Windows Vulnerable to FREAK Attack, Confirms Microsoft (Tripwire: the State of Security) There's bad news for any Windows users who were thinking that the recently-announced FREAK vulnerability wasn't something they had to particularly worry about

Time to make you secure from FREAK Vulnerability (Security Affairs) FREAK, a new major security flaw that left users of Apple and Google devices exposed to MITM attack while visiting supposedly secure Websites

Fake guides and cracked apps on Google Play Books lead to malware (Help Net Security) Google has become pretty swift at finding and removing fake and malicious apps from its Google Play store, but there is one part of it where malware peddlers still seem to thrive: the "bookstore"

Gazon — the Android virus that SMSes everyone (Naked Security) Another Android SMS virus has been doing the rounds, masquerading as an Amazon Rewards app

Decoding ZeuS Disguised as an .RTF File (Phishme) While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. After extracting and decoding the shellcode, I discovered a familiar piece of malware that has been used for some time

Mandarin Oriental suffers credit card breach (Help Net Security) Mandarin Oriental, the hotel group managing luxury hotels and resorts in Asia, Europe, the US and Latin America, has confirmed that "the credit card systems in an isolated number of our hotels in the US and Europe have been accessed without authorization and in violation of both civil and criminal law"

Mandarin Oriental hack highlights security risk of legacy point of sale systems (Computerweekly) The theft of credit card data from the Mandarin Oriental hotel group highlights the security risk of legacy point of sale (POS) systems, say security experts

Intuit Failed at 'Know Your Customer' Basics (KrebsOnSecurity) Intuit, the makers of TurboTax, recently introduced several changes to beef up the security of customer accounts following a spike in tax refund fraud at the state and federal level. Unfortunately, those changes don't go far enough. Here's a look at some of the missteps that precipitated this mess, and what the company can do differently going forward

Security: NETCONF in the Wild (Team Cymru) NETCONF, an XML-based RPC mechanism aims to help network operators programmatically manage their network devices. You will find NETCONF capabilities in network gear from a handful of common backbone network equipment providers

Oracle has just given you another reason not to install Java on your Mac (Graham Cluley) JavaWe all know that, when it comes to security holes, Java is the big "swiss cheese"

Bank hackers find loophole (Resource Investor) The vulnerability of banks and the global banking system — reliant as it has become on computer systems, information technology and the internet — was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere

The Next Cybersecurity Concern: Your Car (Traverse City Record-Eagle) In "War Games," a Seattle teenager uses his personal computer to remotely access a Department of Defense supercomputer, nearly triggering a nuclear war. Fortunately, that 1983 film, which helped make Matthew Broderick a star, was but a big-screen fantasy

Security Patches, Mitigations, and Software Updates

Microsoft revises security warning for massive February IE rollup KB 3034682 (InfoWorld) Users who apply February's patches manually must hit Windows Update twice to be fully protected and prevent degraded page rendering

Microsoft Announces Work for Fixing FREAK for Windows (Windows IT Pro) This week has introduced yet another software security flaw that was left undiscovered for a long years. You can learn all about it here: Old Government Policies Influenced the FREAK Security Flaw

Adobe launches vulnerability disclosure scheme on HackerOne (ZDNet) Adobe, maker of software including Flash and Adobe reader, is catching up to the times and has launched a vulnerability disclosure program — but something may be missing

Cyber Trends

Sorry consumers, companies have little incentive to invest in better cybersecurity (Quartz) Another month, another data breach, and another set of proposals for what is seemingly an intensifying cyberattack problem

CISOs Face Tough Challenges When Procuring Security Technologies (Tenable) CISOs face several internal challenges when procuring security solutions

Massive cyber-attack: what businesses can learn from major data breaches (TechRadar) No one is too big to be targeted by hackers

How DDoS attacks impact service providers (Help Net Security) There's a striking disparity between how threatened service providers feel by potential DDoS attacks and how prepared they are to mitigate one, according to a Black Lotus survey

Banking Trojans target nearly 1,500 financial institutions (Help Net Security) Nine of the most common and sophisticated financial Trojans in use are targeting 1,467 financial institutions in 86 countries, says a Symantec report compiled after the analysis of 999 configuration files from recent Trojan samples

Study: Bitcoin Becoming Less Attractive Target for Trojan Malware (CoinDesk) A new report from security firm Symantec claims the number of Trojan malware programs targeting bitcoin users has fallen in the past year

Top priorities for internal audit professionals (Help Net Security) Internal audit professionals are making strides in meeting cybersecurity and data privacy standards, according to Protiviti

Emerging cyberthreats exploit battle between compliance and security (TechTarget) While regulatory compliance is valuable and necessary for enterprise, cyberthreat experts say that a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats

Internet security firm reports malware instances have doubled (TechRadar) UK in good health with a 22% malware infection rate

The cyber security threat from within (The National) Today in the UAE, cybersecurity is still seen from the perspective of an external threat. Emphasis on the internal attacker is neglected, yet research shows that the risk from such internal attacks has been an increasing worry across the world

Marketplace

PayPal acquires Israeli cyber security startup CyActive (Geektime) CyActive is one of the very few cyber security outfits on the market that can prevent cyber threats, not just identify and alleviate them. The deal is between $60-$80 million

Tempered Networks raises $15 million in Series A funding (Pulse 2.0) Tempered Networks is a provider of secure connectivity for critical infrastructure and information that has raised $15 million in Series A funding led by Ignition Partners with participation from IDG Ventures. Tempered Networks has raised a total of $22 million thus far

Veterans' insights foster cybersecurity innovation (The Hill) A group of veterans has set out to improve cybersecurity for .gov and all of .com — and the merry band may just do it, armed with "knowledge" and led by a former food services executive

Endpoint Security Meets the Cybersecurity Skills Shortage (Network World via CSO) Many organizations don't have the resources in place to effectively prevent, detect, and respond to endpoint security events

Talent Shortage Creates Niche Market for Security Pro Elite (Dark Matters) There has been a lot of chatter in the media about the shortage of qualified security professionals with the prerequisite skills to counter threats to essential networks that have increased at a nearly exponential rate, with some studies estimating that as many as one million security positions remain unfilled worldwide

AVG Surpasses 200 Million Users Worldwide (IT Business Net) Major milestone driven by rapid growth in mobile

Camber Names Former CACI CEO Paul Cofoni to Board (GovConExecutive) Paul Cofoni, a former CACI International president and CEO, has joined Camber Corp. as a member of the board of directors

Former NGA Director Letitia Long Joins Noblis Board of Trustees; Amr ElSawy Comments (GovConExecutive) Letitia Long, formerly director of the National Geospatial-Intelligence Agency, has been appointed to Noblis' board of trustees as the company works to further its collaboration with the U.S. intelligence community

RedSeal Broadens Software Development Capabilities With Key Management Appointments (MarketWired) Industry veteran Sundar Raj named new VP, Product Development; Hom Bahmanyar becomes VP, Engineering

Prelert Names John O'Donnell as CFO (Framingham Patch) "John's expertise will help Prelert become an even more agile competitor," said CEO Mark Jaffe

Products, Services, and Solutions

Exelis receives NSA certification for self-encrypting USB drive (MarketWatch) Exelis (NYSE: XLS) has received the National Security Agency's "secret and below" certification for a self-encrypting, secure memory stick. The drive is the newest device in a portfolio of NSA-certified Exelis information assurance products offering secure data-at-rest, data-in-transit, communications, networking and storage solutions

AvePoint Unveils New Solution to Address the Complete Risk Lifecycle at IAPP Global Privacy Summit 2015 (IT Business Net) From the halls of the International Association of Privacy Professionals (IAPP) Global Privacy Summit 2015, AvePoint, the established leader in enabling enterprise collaboration across platforms and devices, today introduced the AvePoint Risk Intelligence System (ARIS) to allow organizations to address the complete lifecycle of risk across the enterprise

Proofpoint Launches the Nexgate Social Media Threat Center (MarketWatch) Real-time console details social media threats, risk trends and security effectiveness for enterprise brands

Banking cyber thieves may be too slick for their own good (Reuters) Fraudsters are slick and smooth when they request new bank accounts or credit cards — a characteristic an Israeli company wants to use against them

UK Firm Develops Search Engine For Dark Web (Sky News via Yahoo!News) The dark net and the deep web are sometimes called the parts of the internet that you cannot Google. But a British cyber security firm has developed its own search engine for both, as well as for IRC (basically, chatrooms)

Red Hat Introduces New Linux OS for Containers (Top Tech News) The world's largest open source software Relevant Products/Services provider just brought a new operating system on the market. On Thursday, Red Hat, known for its enterprise Relevant Products/Services distributions of the Linux operating system, launched its Enterprise Linux 7 Atomic Host OS. The new OS is specifically designed to run the latest generation of applications as Linux containers

NLPRank: An innovative tool for blocking APT malicious domains (Help Net Security) Security researchers working at OpenDNS Security Labs have developed NLPRank, a new system that helps detect — quickly and relatively accurately — phishing and malware-download sites set up by APT threat actors

Microsoft Security Essentials last in banking trojan detection test (Myce) Microsoft Security Essentials is amongst the most popular Windows virus scanners but scores low on detection of malware that tries to steal money from bank accounts, according to security researchers from MRG Effitas. They tested Security Essentials with 300 banking trojans that were found "in the wild"

Technologies, Techniques, and Standards

How Secure Are You? (Dark Reading) The NIST Cybersecurity Framework can help you understand your risks

5 steps to incorporate threat intelligence into your security awareness program (CSO) In our recent article, we highlighted that every significant and public attack exploited people to either get an initial foothold in a target organization or as the entire attack vector. These attacks highlight the need for awareness as a top concern of security programs

Efforts To Team Up And Fight Off Hackers Intensify (Dark Reading) New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency — but not all of the necessary intel-sharing 'plumbing' is in place just yet

Expert tips to address third party security risks (Help Net Security) Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations

What security tools do healthcare organizations lack? (Help Net Security) The Health Information Trust Alliance (HITRUST) has completed a three-month review of its approach to cyber risk management for the healthcare industry. The effort was focused on understanding the challenges of healthcare organizations across varying levels of information protection maturity

Academia

Digital know-how most important thing for students, says Richard Branson (Computerweekly) Digital know-how is one of the most valuable things a student will take with them when leaving school, but pupils are not being consulted enough by the government on how such skills are taught, according to Richard Branson, who recently met with the Virgin Media Business Digital Youth Council

Legislation, Policy, and Regulation

Cybersecurity and the Age of Privateering: A Historical Analogy (Oxford Cyber Studies Programme) Policy literature on the insecurity of cyberspace frequently invokes comparisons to Cold War security strategy, thereby neglecting the fundamental differences between contemporary and Cold War security environments. This article develops an alternative viewpoint, exploring the analogy between cyberspace and another largely ungoverned space: the sea in the age of privateering

Big Brother (and Everyone Else) is Watching (American Interest) DARPA has developed a new data mining tool called Memex that scrapes the web in ways Google does not even try. Currently it is being used by law enforcement agencies to go after sex traffickers, but its uses could eventually be broadened

How to back up a country (Economist) To protect itself from attack, Estonia is finding ways to back up its data

China to Boost Security Spending as Xi Fights Dissent, Terrorism (Bloomberg) China plans to raise central government spending on domestic security by nearly 11 percent, more than the increase in defense spending, as President Xi Jinping clamps down on corruption, dissent and separatist violence

Obama: "China, don't you dare make us put backdoors in our software!" (That's our job…) (Graham Cluley) China and the United States are at loggerheads over Beijing's plan to force technology companies to share their encryption keys, and put backdoors into their software, if they wish to sell into China

Industry rep: Businesses get stronger liability protection for sharing cyber threat info under CISA (FierceHomelandSecurity) A representative from the U.S. Chamber of Commerce said at March 4 congressional hearing that his group favors a controversial Senate proposal that encourages companies to voluntarily share cyber threat information with other companies and the federal government while providing them with strong liability protections

Statement of Admiral Michael S. Rogers Commander United States Cyber Command Before the House Committee on Armed Services Subcommittee on Emerging Threats and Capabilities (US House of Representatives) Chairman Wilson, Representative Langevin, and distinguished members of the Committee, thank you for the opportunity to speak to you today on behalf of the men and women of United States Cyber Command (USCYBERCOM). This is the first time I have had the honor of testifying before this Committee in a posture hearing about our Command's dedicated uniformed and civilian personnel. It gives me not only pride but great pleasure to commend their accomplishments, and I am both grateful for and humbled by the opportunity I have been given to lead them in the important work they are doing in defense of our nation

The former spy who infiltrated Congress's cyber policy debate (Christian Science Monitor: Passcode) Rep. Will Hurd of Texas brings to Washington rare hands-on expertise from the front lines of American spycraft and information security. Now, as cybersecurity issues heat up, Hurd wants to be a liaison between the intelligence community, tech sector, and lawmakers

Pentagon to focus more on hack-proofing weapons (Reuters) Cyber attacks on U.S. weapons programs and manufacturers are a "pervasive" problem that requires greater attention, the top U.S. arms buyer said Thursday, saying that he would add cybersecurity to the Pentagon's guidelines for buying weapons

How state governments are addressing cyber security (Brookings) News about successful hacks of large companies seem to have become common place. In the recent Anthem cyber attack, hackers accessed the names, birth dates, social security numbers, income, health status and many other details for companies' customers. At present, Anthem does not even know the total number of records breached but estimates it to be "tens of millions"

Litigation, Investigation, and Law Enforcement

Anthem Refuses To Let Inspector General Conduct Full Security Audit (Dark Reading) Security industry has mixed reactions

Judge hints at slashing Intellectual Ventures win against Symantec (Reuters) Though a Delaware federal jury last month awarded patent licensor Intellectual Ventures far less than the $298 million it had been seeking in infringement damages against security software maker Symantec Corp, a judge Wednesday said he is inclined to cut the amount even further

FTC's authority over data regulation remains unclear (FierceGovernmentIT) It's still unclear whether the Federal Trade Commission overstepped its authority when it brought legal action against Wyndham Hotels and Resorts for negligent data security standards. An appellate court heard arguments in the case this week

Enforcement cut global banking Trojans 53 percent (CSO) Coordinated global enforcement efforts reduced the number of financial Trojans last year

Legality of Electronic Signatures in the EU and the US (Infosec Institute) Electronic signatures were used for the first time in 1861 when agreements were signed by telegraphy using Morse code. In 1869, the New Hampshire Court confirmed the legality of such agreements by stating that

Official police warnings after probe reveals Leeds teenagers buying computer hacking software (Yorkshire Evening Post) Teenagers in Leeds have been given official warnings by police — after investigations revealed they owned sophisticated computer hacking software

Police: Man who shot at drivers, National Security Agency building was hearing voices (AP via Newser) The man accused of shooting at drivers in Maryland and at a National Security Agency building told police he was hearing voices

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

Fraud Summit Boston (Boston, Massachusetts, USA, June 10, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Boston event include...

Upcoming Events

Financial Services Cyber Security Summit: Middle East and North Africa (Dubai, UAE, March 9 - 10, 2015) Building on the success and feedback of our Cyber Security Summit in Europe — 180 attendees, 3 streams, CPE certified — we are pleased to invite you to the Financial Services Cyber Security...

Cyber Security Opportunities in Japan, S. Korea and Taiwan Webinar (Online, March 10, 2015) Export.gov, of the US Department of Commerce, invites you to listen to experts from the Japan, South Korea and Taiwan and learn how to position your company for success in these countries. Learn about...

The Vulnerability Economy: Zero-Days, Commerce and National Security (Rockville, Maryland, USA, March 10, 2015) Dr. Ryan Ellis (Belfer Center, Harvard University) will explore a series of topics around cybersecurity including the challenges and opportunities associated with the growing trade in previously unknown...

OISC: Ohio Information Security Conference (Dayton, Ohio, USA, March 11, 2015) Technology First invites you to participate in the 12th Annual Ohio Information Security Conference Wednesday, March 11, at the Sinclair Community College Ponitz Center in Dayton, Ohio. The conference...

RiSK Conference 2015 (Lasko, Slovenia, March 11 - 12, 2015) In recent years RISK conference has become one of the leading events on computer security in the Adriatic region and is attended by engineering as well as executive staff of companies from the region.

B-Sides Vancouver (Vaqncouver, British Columbia, Canada, March 16 - 17, 2015) The third annual Security B-Sides Vancouver is an information security conference that will be held March 16th and 17th. We love to see brand new speakers, seasoned speakers, and everyone in between

Insider Threat 2015 Summit (Monterey, California, USA, March 16 - 17, 2015) The Insider Threat 2015 Summit is about bringing Government and Industry organizations and their cybersecurity leaders together in order to better understand the type of threats that may impact their infrastructure...

2015 North Dakota Cyber Security Conference (Fargo, North Dakota, USA, March 17, 2015) The North Dakota Cyber Security Conference brings together community members from academia, government and industry to share strategies, best practices and innovative solutions to address today's challenges...

IT Security Entrepreneurs Forum: Bridging the Gap Between Silicon Valley & the Beltway (Mountain View, California, USA, March 17 - 18, 2015) IT Security Entrepreneurs Forum (ITSEF) — SINET's flagship event — is designed to bridge the gap between the Federal Government and private industry. ITSEF provides a venue where entrepreneurs...

Philadelphia SecureWorld (Philadelphia, Pennsylvania, USA, March 18 - 19, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

2015 Cyber Security Summit (McLean, Virginia, USA, March 19, 2015) During Congressman Mike Rogers' "The Code War in America" talk at the June 2013 POC breakfast, he challenged all of us to "recognize that every day U.S. businesses are targeted by governments like China...

BSides Salt Lake City (Salt Lake City, Utah, USA, March 20 - 21, 2015) BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation

CarolinaCon-11 (Raleigh, North Carolina, USA, March 20 - 22, 2015) CarolinaCon-11 (also hereby referred to as "The Last CarolinaCon As We Know It") will occur on March 20th-22nd 2015 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo submissions...

Cyber Security Conference 2015 (Bolton, UK, March 23 - 24, 2015) Cyber Security Conference 2015 is a coming together of the North of England's two most successful Cyber Security Conferences; BEC Information & Data Security Conference and Lancaster University's North...

Fraud Summit Altanta (Atlanta, Georgia, USA, March 24, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Atlanta event include...

CyberTech Israel 2015 (Tel Aviv, Israel, March 24 - 25, 2015) In the face of these enemies and threats, individuals, organizations and states are required to produce innovative, unique solutions that would improve the resistance and resilience of the sensitive systems...

Global APT Defense Summit (Atlanta, Georgia, USA, March 25, 2015) This event will lay out a defense framework, which describes the appropriate phases, from establishing a resilient security baseline, through gathering threat intelligence, zero-day malware detection,...

2nd Annual ISSA COS Cyber Focus Day (Colorado Springs, Colorado, USA, March 25, 2015) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Wednesday, March 25, 2015 at the University of Colorado Colorado...

28th Annual FISSEA Expo (Gaithersburg, Maryland, USA, March 25, 2015) This year's theme is "Changes, Challenges, and Collaborations: Effective Cybersecurity Training." Through numerous high quality sessions, over 100 attendees will learn new ways to improve their IT security...

CYBERWEST: the Southwest Cybersecurity Summit (Phoenix, Arizona, USA, March 25 - 26, 2015) The purpose of CYBERWEST is to bring together Government and businesses to: Exchange information and learn in areas of policy and strategy; technology and R&D; workforce training and education; and economic,...

Fraud Summit Dubai (Dubai, United Arab Emirates, March 26, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Dubai event include...

Women in Cyber Security (Atlanta, Georgia, USA, March 27 - 28, 2015) Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally and internationally.

Automotive Cyber Security Summit (Detroit, Michigan, USA, March 30 - April 1, 2015) The debut Automotive Cyber Security Summit will bring together CTOs, CSOs, Engineers and IT professionals from GM, KIA, Nissan, Bosch, Qualcomm and more for three days of case studies, workshops, panel...

Insider Threat Symposium & Expo (Laurel, Maryland, USA, March 31, 2015) The National Insider Threat Special Interest Group (NITSIG) announced that it will hold FREE 1 day Insider Threat Symposium & Expo (ITS&E) on March 31, 2015 in Laurel, Maryland. The symposium is exclusively...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.