skip navigation

More signal. Less noise.

Economic Alliance of Greater Baltimore

Maryland leads the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers.

Daily briefing.

Some news on major threat actors breaks today. Cylance reports that "Operation Dust Storm," a multi-year, complex campaign, is systematically pursuing data from "electric utility, oil and gas, finance, transportation and construction companies." The point of entry is Japan, but the companies targeted have operations or connections that extend throughout Europe, Asia, and North America. The actor looks like a nation-state, but Cylance explicitly declines to make any attribution.

The other big threat actor news comes from an industry consortium studying the so-called "Lazarus Group." Led by Novetta with participation from Symantec, Kaspersky, AlienVault, Invincea, ThreatConnect, Volexity, and PunchCyber, "Operation Blockbuster" finds the Lazarus Group, active in cyber espionage since 2009, participated in the Sony hack of November 2014. They trace the Lazarus Group to North Korea.

BAE sees a trend toward the industrialization of cyber crime.

The US FTC offers consumer advice on the secure installation of home routers.

Microsoft updates EMET security software.

The Drupal 6 content management framework reaches the end of its life today.

In industry news, some analysts see a slowdown in venture capital flow toward cyber security startups, with an effect on operating budgets and M&A activity.

BlackBerry buys British cyber security consultancy Encription, and Thycotic acquires Arellia. IBM is rumored to be ready to buy Resilient (security guru Bruce Schneier's corporate home) for $100 million.

The standoff between Apple and the US FBI continues. Apple's lawyers release documents suggesting the All Writs Act is likely to be used in more than one case.

Notes.

Today's issue includes events affecting China, European Union, India, Japan, Democratic Peoples Republic of Korea, Republic of Korea, United Kingdom, United States.

In today's CyberWire Daily Podcast, we hear from Loucif Kharouni, senior threat analyst with Deloitte Cyber Risk Services, who describes how crimeware and botnets are now being offered on an as-a-service basis. We also hear the CyberWire's editor reflect on recent developments in information operations.

2016 National Conference of Minority Cybersecurity Professionals (Washington, DC, March 23 - 24, 2016) The landmark ICMCP conference will elevate the national dialogue on the necessary measures needed to attract and develop minority cybersecurity practitioners to address the cross-industry cybersecurity skills shortage.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Japan's critical infrastructure under 'escalating' cyber attack, says report (ZDNet) Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm

New Security Research from Cylance SPEAR™ Team Uncovers Multi-Year, Multi-Attack Campaign Targeting Japanese Critical Infrastructure (Cylance) “Operation Dust Storm” reveals increasingly sophisticated, targeted and successful cyber-attacks against Japanese electric utility, oil and gas, finance, transportation and construction companies

Operation Dust Storm (Cylance ) Cylance SPEAR has uncovered a long-standing persistent threat targeting numerous major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries

Collaborative Operation Blockbuster aims to send Lazarus back to the dead (Symantec Security Response) A cross-industry initiative aims to tackle a disruptive attack group called Lazarus. Attacks linked with the threat actor targeted the US and South Korea, and some involved destructive malware

Operation Blockbuster (Novetta) In Operation Blockbuster, a Novetta-led coalition of private industry partners joined together to identify, understand, expose, and aid industry in degrading the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including the November 2014 Sony Pictures attack. Our story demonstrates private industry’s new role in ensuring the balance of global cyber defense

Sony Hackers Behind Previous Cyberattacks Tied To North Korea (Dark Reading) 'Lazarus Group' cyber espionage group has been operating in major attack campaigns since at least 2009, according to new investigation, bolstering the FBI conclusion that North Korea was behind the epic Sony breach

The Sony Hackers Were Causing Mayhem Years Before They Hit the Company (Wired) The hackers who crippled Sony in 2014 weren’t striking for the first time

Mobile banking Trojan bypasses Google Play security (Help Net Security) The Acecard malware is capable of attacking users of nearly 50 different online financial applications and services and is able to bypass Google Play store security measures, according to Kaspersky Lab

Got an ASUS router at home? Read this. (FTC Consumer Information) Many of us don’t think twice about our home wireless router after setting it up

A positive step for insecure home routers (CSO) It is gratifying to see one's passion result in a positive change that could benefit many people

uKnowKids Goes on Attack After Database of 1,700 Kids Found Insecure (Threatpost) Child safety firm uKnowKids is blasting a security researcher who discovered the company exposed 1,700 identities of the children they were supposed to be protecting

Sensitive child profiles, private messages exposed online (Help Net Security) Security researcher Chris Vickery has discovered another database containing sensitive user data exposed online (i.e. accessible via Internet). Leveraging Shodan, he unearthed a database compiled and used by US-based uKnowKids, a company that helps parents monitor what their kids do online and on the mobile phone

Researcher tells child tracking firm it has left its database wide open, and is accused of 'hacking' (Graham Cluley) The CEO of a child tracking company has accused a security researcher of hacking the firm after the researcher reported on a database error that exposed thousands of customers' children's personal information

ESET surveys reveal ages of unsupervised children surfing the web (SC Magazine) British parents allow their children to surf the web unsupervised years prior to the children gaining their trust to be given their own set of house keys

CTB-Locker for Websites: Reinventing an old Ransomware (Bleeping Computer) CTB-Locker, otherwise known as Critroni, is a Windows ransomware that saw wide distribution in the summer of 2014 and slowly decreased in distribution

Ransomware attacks emerge from the shadows (Business Insurance) More “ransomware” attacks can be expected along the lines of the incident reported last week, when a Los Angeles hospital agreed to pay the equivalent of $17,000 in bitcoins to regain control of its computer systems

Los Angeles Hospital Hack Raises Concerns About Ransom Attacks (NPR) NPR's Audie Cornish talks to Adam Kujawa, head of malware intelligence at the security firm Malware-bytes, about ransomware and what users and companies should do if they get hacked

PowerPoint and Custom Actions (PhishMe) We’ve recently observed a Phishing attack which uses PowerPoint Custom Actions instead of macros to execute a malicious payload. Although using PowerPoint attachments is not new, these types of attacks are interesting as they generally bypass controls that assert on macro enabled Office attachments

New Android Malware Discovered, But There’s a Possible Workaround (Neurogadget) A new Android malware has been discovered by a security team known as Heimdal Security. The malware, which is known as Mazar, is believed to be targeting Android users in Europe

Analyzis of a Malicious .lnk File with an Embedded Payload (Internet Storm Center) We received some feedback today from Nick, a SANS ISC reader who detected an interesting phishing campaign based on an ACE file

Phishing remains top attack vector for criminals, both novice and professional (CSO) Humans are still the softest of targets

Baidu web browsers leaked sensitive information, researchers say (IDG via CSO) Baidu has fixed some of the issues, but others remain

Hackers use Microsoft security tool to pwn Microsoft security tool (Register) EMET knocks out EMET. And the winner is ... nobody. Except Linux advocates

Using EMET to Disable EMET (FireEye) Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is a project that adds security mitigations to user mode programs beyond those built in to the operating system. It runs inside “protected” programs as a Dynamic Link Library (DLL), and makes various changes in order to make exploitation more difficult

Akamai and the Glibc Vulnerability (CVE-2015-7547) (Akamai Blog) Akamai continues to investigate the Glibc vulnerability outlined in CVE-2015-7547 to see how its technology may be affected

Bugs in Outdated Mobile Software Leave Network Door Open to Hackers (Legaltech News) How unsecured devices’ outdated Java and Flash software may leave a firm at risk — and invite in some unwelcome guests

Webroot 2016 Threat Brief Explores Next-Generation Cyber Threat Landscape and Targeted Intrusion Trends (PRNewswire) Rise of polymorphic malware, significant increase in malicious IPs, and upsurge of PUAs demonstrate that traditional cybersecurity defenses are nearly useless

The problem with open source malware (Trend Micro: Simply Security) Open source code is often a great thing: The sharing of information online can enhance the collaborative nature of technology and improve the ways in which we communicate and work

The industrialization of cybercrime may be upon us (We LIve Security) We are slowly seeing the “industrialization” of cybercrime according to an expert

Killing the malware-as-a-service supply chain (ITWeb) Almost everything in IT seems to be becoming available as a cloud-based or "as-a-service," delivery model. We've seen software-as-a-service (SAAS), platform-as-a-service (PAAS) and event infrastructure-as-a-service (IAAS). And now cyber criminals are looking to imitate the marked scalability of the ‘as-a-service' model, with malware-as-a-service (MAAS)

Security Patches, Mitigations, and Software Updates

Enhanced Mitigation Experience Toolkit (Microsoft Security TechCenter) The Enhanced Mitigation Experience Toolkit (EMET) is designed to help customers with their defense in depth strategies against cyberattacks, by helping detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities

Drupal 6 hits the end of the line (Naked Security) Today, Wednesday 24 February 2016, is the end of the line for Drupal 6

Cyber Trends

Did the Dark Web just get a whole lot bigger? (Naked Security) The term dark web refers to a largely secret and anonymous part of the internet where, in two words, anything goes

Some websites turning law-abiding Tor users into second-class citizens (Ars Technica) Tor users blocked or faced with CAPTCHA if IP address matches known exit node

Is threat intelligence being devalued by an information overload? (Computer Business Review) Analysis: The comfort blanket of data in threat intelligence is suffocating cyber security analysts

Perceptions and buying practices of infosec decision makers (Help Net Security) CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good

Physical security has many holes to be plugged (CSO) Delivering improved reliability through physical security represents the next frontier for continuous improvement

Firms Face £18 Million Bill for Mobile Data Breaches (Infosecurity Magazine) Over 60% of the world’s biggest organizations have had a data breach resulting from employees trying to access sensitive information via their mobile devices, potentially costing them over £18 million each, according to Lookout

Study: Rush to connect to Internet of Things could open security gaps (Chicago Tribune) The rush by companies eager to incorporate the Internet of Things in their operations could introduce potential cybersecurity threats, according to a study released Monday

Marketplace

Details matter when filing cyber business interruption claim (Business Insurance) Insurance buyers need to be able to clearly demonstrate the effect that a cyber incident has had on their business when making a business interruption claim, experts at a seminar in London Tuesday said

Cyber security startups face funding drought (Reuters) The U.S. cyber security industry, once one of the hottest targets for venture capitalists, is now grappling with a funding slump that has forced some startups to sell themselves or cut spending

Wynyard to raise $30M in deeply discounted rights offer (Scoop) Wynyard to raise $30M in deeply discounted rights offer; shares tumble 37%

Rumor: IBM gobbles Bruce Schneier, Resilient for $100m (Register) Security guru is CTO of biz believed to have been bought by Big Blue

BlackBerry doubles down on cyber security services with UK consultancy buy-out (Computer Business Review) BlackBerry has acquired UK-based cybersecurity consultancy Encription, which will form part of a new consulting practice it is launching to continue its pivot towards services

Thycotic acquires security company Arellia (PE Hub) Thycotic, a provider of privileged account management (PAM) solutions for more than 3,500 organizations worldwide, today announced it has completed the acquisition of Arellia, a provider of Windows endpoint security and application control software

Tenable Network Security expanding its reach into federal market (FedScoop) The Columbia, Maryland-based company's products are in use at DISA and part of Homeland Security's CDM program

Rising Cyber Firm Tenable Hires Former Maryland SWAT Leader (DCInno) Suffice to say, Makrokanis' resume is astonishingly impressive

A Video Conversation with Bob Olsen, CEO and Founder of North Star Group and COMPASS Cyber Security - Part I (Baltimore City Biz List) Managing programs and developing solutions to safeguard sensitive data everywhere

Products, Services, and Solutions

Phantom Announces the First Purpose-Built, Community-Powered Security Automation & Orchestration Platform (BusinessWire) Innovation connects existing security products to help security operations accelerate investigation, response & recovery through automation & orchestration

Cyphort and DB Networks Partner to Provide Full Spectrum Visibility (BusinessWire) Cyphort, the next generation APT defense company, announced today that it has partnered with DB Networks, a leader in database cybersecurity

Centrify's identity security offering now available for Good platform (FierceMobileIT) Centrify Tuesday announced the use of its identity security smartcard tech to access processes for enterprises that use the Good Dynamics Secure Mobility Platform

AdaptiveMobile Launches NPP 6 - The World's First Converged Carrier Security Platform (Netherlands Corporate News) Mobile World Congress- AdaptiveMobile, the world leader in mobile network security, today announced the launch of its Network Protection Platform (NPP) 6, providing the most advanced, consistent protection against all current and emerging threats to Communication Service Provider (CSP) networks

New Duo Platform Now Identifies and Mitigates the Riskiest Corporate Vulnerabilities, Without Installing Agents (Sys-Con Media) New research reveals most organizations have no visibility into employee devices accessing their networks

MasterCard fine-tunes analytics to reduce false fraud alerts (FierceFinanceIT) MasterCard is launching a new suite of analytics aimed at reducing the number of unnecessary credit card declines while maintaining the same level of fraud prevention

Attacker View exposes hidden cyber attack paths (Help Net Security) Illusive networks launched illusive 3.0 with Attacker View, a technology that enables IT security professionals to view their corporate network from an attacker’s perspective

Huawei and Nexusguard team up with DDoS offering (IT Pro Portal) DDoS attacks are one of the most worrying threats that enterprises face

Technologies, Techniques, and Standards

Working towards a common set of IoT standards (Help Net Security) Major industry leaders who are invested in the future of the Internet of Things, announced they will unify as the Open Connectivity Foundation (OCF), an entity whose goal will be to help unify IoT standards so that companies and developers can create IoT solutions and devices that work seamlessly together

Are you prepared to respond to ransomware the right way? (CSO) You get the call you’ve been dreading. No, not a breach. The other call

Chasing Foxes by the Numbers: Patterns of Life and Activity in Hacker Forums (Recorded Future) “Pattern of life analysis” is an effective counter terrorism technique that can be applied to cyber threat intelligence. Using patterns to classify adversary behaviors rather than relying on distinct Internet handles, like “UglyGorilla” or “Hassan20,” cyber threat analysts are able to look across multiple handles, posts, forums, and social media sites to identify signals of malicious activity

6 Things to Consider Before Investing in Email Encryption Software (Legaltech News) Threats to digital data and strong vendor competition have led to a plethora of encryption options

The Sophisticated Hack: Business Email Compromise (JDSupra) Gone are the days of the overtly suspicious request from a Nigerian prince asking for your social security number or a friend needing a loan to get out of jail in a foreign country

Research and Development

DHS S&T Awards OTS Contract to Pulzze Systems for Internet of Things Security (Executive Biz) The Department of Homeland Security‘s science and technology directorate has awarded the first Innovation Other Transaction Solicitation contract worth $200,000 to California-based small business Pulzze Systems to help secure the Internet of Things

Researchers create super-efficient Wi-Fi (Ars Technica) Passive Wi-Fi consumes 1/10,000th the power of conventional wireless networks

Academia

Public Vs. Private: Is A Prestigious Infosec College Degree Worth It? (Dark Reading) Today's graduates coming into the information security industry from private universities aren't ready for the workforce

New Jersey Institute of Technology receives $4 million grant for cybersecurity education (EurekAlert) NJIT, home to the largest computer science program among all research universities in the New York metropolitan area, continues to build a critical mass and increase its visibility as a top university for future leaders in the field of cybersecurity

Legislation, Policy, and Regulation

What You Need to Know About the New General Data Protection Regulation (GDPR) (JDSupra) The EU Parliament Committee on Civil Liberties, Justice, and Home Affairs (“LIBE”) finally released the text of the long anticipated new data protection law

Xi Jinping’s News Alert: Chinese Media Must Serve the Party (New York Times) The Chinese news media covered President Xi Jinping’s most recent public appearances with adulation befitting a demigod

Ensure Twitter isn't used to spread terrorism: Prasad (Business Standard) The minister cautions that the country is 'sitting in the midst of a mini-terrorist hub

U.S. to Further Scour Social Media Use of Visa and Asylum Seekers (New York Times) The Department of Homeland Security, at the urging of Congress, is building tools to more aggressively examine the social media accounts of all visa applicants and those seeking asylum or refugee status in the United States for possible ties to terrorist organizations

DHS, DOJ issue guidelines, procedures for sharing cyber threats (SC Magazine) The Department of Homeland Security (DHS), along with the Department of Justice, issued two sets of guidelines and procedures, required by the Cybersecurity Act of 2015, for federal agencies and the private sector to use regarding the sharing of cyber threat indicators

How CISA Affects Business and Limits Liability (Legaltech News) Expert break down CISA and discuss what it means to your business

The Encryption Wars And Privacy Shield (New America) Former NSA and CIA director Michael Hayden joins The Cybersecurity Podcast to talk about his new book, "Playing to the Edge: American Intelligence in the Age of Terror." Hayden – now a principal at The Chertoff Group – discusses the need to balance national security secrets and the public's right to government transparency, his reaction after Edward Snowden revealed details from mass surveillance programs he started, and why he's siding in favor of strong encryption for consumers

Coalition aims to solve privacy v. national security debate (Christian Science Monitor Passcode) As the standoff between Apple and the US government over unlocking an iPhone intensifies, the Digital Equilibrium Project is setting out to find the right balance between consumer privacy safeguards and national security interests

GDS aims to tighten email security (UKAuthority) New guidance highlights importance of encryption, verification and assurance based on Whitehall feedback

California Says Companies Should Embrace NSA-Developed Data Protections (Nextgov) The state of California has put companies on notice that they should be following a basic set of 20 information security controls developed by the U.S. government's top code breakers

Enabling Distributed Lethality: the Role of Naval Cryptology (Center for International Maritime Security) The U.S. Navy’s Surface Force is undergoing a cultural shift

Litigation, Investigation, and Law Enforcement

Congressman tells FBI to back down on Apple (CNN Money) Congressman Ted Lieu of California has asked the FBI to drop its legal attack on Apple

Apple's lawyers release list of other iOS devices waiting for backdoors (CSO) Apple's legal team publishes list of All Writs Act orders received

With 12 Other Active Cases, The FBI Can’t Claim That It’s Just About One iPhone (TechCrunch) The FBI and the Department of Justice have used a strong narrative to defend their case in the dispute between the FBI and Apple

Many unanswered questions in Apple-FBI controversy (CSO) A federal magistrate has issued an order granting the FBI permission to access the data on an Apple iPhone belonging Syed Rizwan Farook

Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone (CSO) Everyone has an opinion

Apple’s iPhone Blunder (Hoover Institution) Can the United States government compel Apple to help break into the phone of Syed Rizwan Farook, who, along with his wife Tashfeen Malik, gunned down fourteen innocent people last December at the Inland Regional Center in San Bernardino?

Has Encryption Gone Too Far? (New York Times) When Apple refused to help the F.B.I. unlock the iPhone 5c of one of the attackers who killed 14 people in San Bernardino, Calif., in December, the company was criticized for preventing law enforcement from doing its job

Snowden lawyer: Bill of Rights was meant to make government’s job “more difficult” (Ars Technica) Ars Q&A: We sit down with Ben Wizner of the American Civil Liberties Union

If Amazon were in Apple’s position, would it unlock its cloud for the feds? (Network World) As Apple continues to resist FBI demands to unlock a terrorist suspect’s phone, it raises a question: What if Amazon Web Services was ordered to provide access to a customer’s cloud? Would AWS hand the data over to the feds?

Judge rules Clinton staff can be questioned about emails (Politico) A federal judge on Tuesday ruled that top Hillary Clinton staff should be questioned under oath about her use of a private email — another potential setback to the Democratic frontrunner's effort to leave the email controversy behind

Judicial scrutiny of intel agencies may dent national security: Supreme Court (Economic Times) Putting intelligence agencies IB, RAW and NTRO under judicial scanner may "dent" national security, the Supreme Court today said while rejecting a PIL seeking to make these bodies accountable to Parliament for their actions and expenditure

Responsibility Shifting for Cyber Attacks? (JDSupra) When a company's protected data is compromised, potential litigants generally look to the company itself as the target for damages claims

Prosecutors say corrupt Silk Road agent has co-conspirators at large (Ars Technica) Government alleges Shaun Bridges stole their bitcoins, too

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CONAUTH/EKMS/COMSEC Information Sharing and Key Management Infrastructure (ISKMI) 2016 (Waikiki, Hawaii, USA, March 14 - 18, 2016) The ISKMI will draw global-wide participation and Allied (Five Eyes and NATO) attendees. Information sharing will be centralized to Key Management Infrastructure (KMI), Cryptographic Modernization (CM),...

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity.

Upcoming Events

Interconnect2016 (Las Vegas, Nevada, USA, February 21 - 25, 2016) IBM InterConnect 2016 is for those who are building new business models, transforming industries, and creating better outcomes. Whether you're a C-suite executive, IT leader, developer, designer, architect,...

Insider Threat Program Development Training Course — Maryland (Annapolis, Maryland, USA, February 23 - 25, 2016) The National Insider Threat Special Interest Group website has some very "eye opening" examples of how "damaging and costly" an "insider threat incident" can be. The FBI Insider Threat Alert states companies...

CISO New York Summit (New York, New York, USA, February 25, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

BSides San Francisco (San Francisco, California, USA, February 28 - 29, 2016) BSides San Francisco is an Information / Security conference that's different. We're a 100% volunteer organized event, put on by and for the community, and we truly strive to keep information free. There...

CISO Summit Europe (London, England, UK, February 28 - March 1, 2016) With the media covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to...

RSA Conference 2016 (San Francisco, California, USA, February 29 - March 4, 2016) Celebrating its 25th anniversary, RSA Conference continues to drive the information security agenda forward. Connect with industry leaders at RSA Conference 2016

Cybersecurity: Defense Sector Summit (Troy, Michigan, USA, March 1 - 2, 2016) The National Defense Industrial Association (NDIA) Michigan Chapter Cybersecurity: Defense Sector Summit is to provide a forum to foster educational dialog between government, industry and academia in...

International Academic Business Conference (New Orleans, Louisiana, USA, March 6 - 10, 2016) The Clute Institute of Littleton Colorado sponsors six academic conferences annually that include sessions on all aspects of cybersecurity. Cybersecurity professionals from industry and academics are...

CISO Chicago Summit (Chicago, Illinois, USA, March 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

Navigating Summit 2016 (Canberra, Australia, March 8, 2016) The Australian government has pledged to create a future-proofed nation, one that is fit to drive higher economic growth and improved standards of living using information technology innovatively. Privacy...

CISO Atlanta Summit (Atlanta, Georgia, USA, March 10, 2016) Tactics and Best Practices for Taking on Enterprise IT Security Threats. With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing...

The Atlantic Council's Cyber 9/12 Student Challenge (Washington, D.C. USA, March 11 - 12, 2016) Now entering its fourth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.