skip navigation

More signal. Less noise.

Cylance

Cylance is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Learn more at cylance.com.

Daily briefing.

 The Baltimore Sun, which says it's got a copy of the ransom demand, reports that MedStar Health was indeed hit by ransomware, specifically Samsam, a.k.a. Samas, a.k.a. MSIL. The attackers are said to have offered a bulk discount rate—$18,500 to unlock all affected systems. (Thus the Hollywood Presbyterian incident, in which the hospital paid $17,000, seems to have set the market.) MedStar is gradually recovering: physicians' read-access to electronic health records was restored yesterday.

Ransomware is also appearing in attacks against some US Federal Government agencies. The Department of Homeland Security said yesterday that more than two-dozen US agencies have sustained ransomware attempts since July 2015. And Trend Micro reports that PowerWare ransomware is being used to target US taxpayers' information.

Problems other than ransomware arise for healthcare in the Internet-of-things. ICS-CERT warns that independent researchers have found some 1400 vulnerabilities in an older but still widely used automated cabinet for dispensing medical supplies, CareFusion’s Pyxis SupplyStation.

Cisco has patched its Firepower System Software.

US indictment of Iranian nationals in what we've come to think of as the Bowman Dam incident is seen as an example of American "name-and-shame" approach to agents of foreign governments who hack US targets. President Obama, warning that the country still faces a state of national emergency with respect to cyber, extends the Treasury Department's sanction authority.

The FBI's still not saying how it got into the San Bernardino jihadi's iPhone, but it's already been asked to unlock a phone in another murder investigation.

Notes.

Today's issue includes events affecting Angola, Austria, European Union, Iran, Iraq, Italy, Portugal, Syria, United Arab Emirates, United Kingdom, United States.

We're en route to Dallas today, where tomorrow and Saturday we'll be covering the annual Women in Cyber Security conference. Watch for live tweeting and special issues.

Catch the CyberWire's Daily podcast this afternoon, including a talk with the Johns Hopkins University's Joe Carrigan on what you should do when you set that new computer up in your home.

Women in Cybersecurity (WiCYS) 2016 (Dallas, TX, March 31 - April 2, 2016) The 3rd annual conference brings together women (students, faculty, researchers, professionals) in cybersecurity from academia, research organizations and industry for the sharing of knowledge and experience, networking and mentoring.

Cyber Attacks, Threats, and Vulnerabilities

Hackers offering bulk discount to unlock encrypted MedStar data (Baltimore Sun) The hackers who locked up data on MedStar's computers this week are demanding ransom to begin unlocking it — and they're offering a bulk discount to release all of it, according to a copy of the demands obtained by The Baltimore Sun

Following malware attack, MedStar docs regain EHR functionality (FierceHealthIT) Clinicians at MedStar Health can now review medical records and submit orders via the electronic health record after a malware attack March 28 forced computers offline, the Maryland-based hospital chain said in a statement Wednesday morning

Maryland hospital group hit by ransomware launched from within (Ars Technica) Samsam malware exploited MedStar web app server, then spread to rest of network

Why Hospitals Are the Perfect Targets for Ransomware (Wired) Ransomware has been an Internet scourge for more than a decade, but only recently has it made mainstream media headlines.

Hacking Hospitals And Holding Hostages: Cybersecurity In 2016 (Forbes) Yesterday morning MedStar Health became just the latest organization to suffer the damage of a cyberattack in what early reports suggest may be yet another ransomware attack

VIDEO: How a hospital is hacked, Kaspersky finds Health IT is sick (ITWire) A Kaspersky Lab tech expert has found ways to hack into medical devices in an attempt to explore security weaknesses and how to address them - the findings will make you ill

1,400+ vulnerabilities found in automated medical supply system (Help Net Security) Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies – that are still being used in the healthcare and public health sectors in the US and around the world

Commonly used IoT devices vulnerable to privacy theft (Help Net Security) A technical investigation by Bitdefender has discovered that four commonly used Internet of Things (IoT) consumer devices are vulnerable to attack. The analysis reveals that current authentication mechanisms of many Internet-connected devices can easily be bypassed to expose smart households and their inhabitants to privacy theft

Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers (Trend Micro: Simply Security) If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area

Your Linux-based home router could succumb to a new Telnet worm, Remaiten (IDG via CSO) The worm takes advantage of exposed Telnet services with weak passwords to infect routers and other embedded devices

Sidestepper Allows for MiTM Between iOS Devices, MDM Tools (Threatpost) Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks

Tax Day Extortion: PowerWare Crypto-ransomware Targets Tax Files (TrendLabs Security Intelligence Blog) As we are certain about some aspects of life, the same can be said about cybercrime. Tax Day draws closer in the U.S., and as millions of Americans are in the process of filing their taxes, cybercriminals are also stepping in to make this task profitable for them and difficult for their victims

DHS: Ransomware attacks widely targeting feds (The Hill) More than two dozen federal agencies have been hit by attempted “ransomware” attacks since last July, the Department of Homeland Security (DHS) said on Wednesday

Cravath Admits Breach as Law Firm Hacks Go Public (American Lawyer) While it's no secret that law firms are often targeted by cyber criminals seeking sensitive client information, it’s rare for breaches to become public

Root Servers Were Not Targets of 2015 DDoS Attack (Threatpost) When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses

Online ‘activists’ a threat to Middle East security (National) The most prevalent cyber criminals in the Middle East are not online thieves out to pilfer your bank account, but “activists", according to a new report by a UK-based defence, security and aerospace company

Companies could be the next ISIS target (MarketWatch) Companies could become larger targets of pro-Islamic State hackers, according to a security company that analyzes the group’s online activity

Carders use custom built POS malware to hit US retailers (Help Net Security) Crypto-ransomware might be the most prominent type of malware these days, but that doesn’t mean that criminals have stopped using other kinds

FBI Warns of Rise in Schemes Targeting Businesses and Online Fraud of Financial Officers and Individuals (FBI) FBI officials and various federal and local partners warn potential victims of the business e-mail compromise scam or “B.E.C.,” a scheme targeting American businesses that has resulted in massive financial losses. Officials also warn of scams targeting victims of online fraud, to include “Operation Romeo and Juliet,” a series of cases involving American victims who are targeted when they subscribe to online dating services

US Federal Court: “you didn’t show up for jury duty” scammers slicker than ever (Naked Security) You get a call from the federal court or US Marshals

'Anonymous' cyber-attack hits Angola govt after activists jailed (AFP via Yahoo! News) A Portuguese branch of the Anonymous hacking collective says it has shut down about 20 Angolan government websites in retaliation for the jailing of 17 youth activists for plotting "rebellion"

Bad bots love the cloud (Enterprise Times) Distil Networks has released its 2016 Bad Bot Landscape Report and it makes for somewhat depressing reading. Subtitled The Rise of Advanced Persistent Bots the report makes the point that bots are cheap to deploy, are leveraging cloud providers and are becoming increasingly sophisticated. All of this increases the pressure on IT infrastructure teams as they struggle to keep the bad guys out

Cybercrime: A Black Market Price List From The Dark Web (Dark Reading) What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think

Weak IRS controls leave taxpayer data vulnerable, report says (Washington Post) Just in time for tax season, the Government Accountability Office is warning that weak financial controls at the Internal Revenue Service leave taxpayer information at risk

NASA Has a Cyber-Security Problem, Investigator Claims (Softpedia) Jason Miller, executive editor for Federal News Radio, is saying that the National Aeronautics and Space Administration (NASA) has a severe patching problem that's putting many of its systems at risk

Student bypasses Valve’s review process, publishes game on Steam (Help Net Security) Sometimes the only way to get an organization to listen to you when it comes to existing vulnerabilities in their products is to exploit them yourself and make the proof of the exploitation visible

Microsoft's artificial intelligence 'chatbot' messes up again on Twitter (Reuters) Almost a week after being shut down for spewing racist and sexist comments on Twitter, Microsoft Corp's artificial intelligence 'chatbot' called Tay briefly rejoined Twitter on Wednesday only to launch a spam attack on its followers

Security Patches, Mitigations, and Software Updates

Cisco Firepower Malware Block Bypass Vulnerability (Cisco) A vulnerability in the malicious file detection and blocking features of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system

Apple promises iOS fix “soon” for crashes in Safari and other apps (Naked Security) Apple made iOS 9.3 available last week, fixing a number of serious security holes

Verizon Galaxy Note Edge Marshmallow Update Still Missing As Security Update Blooms (Android Origin) Samsung Galaxy Note Edge owners will have to wait a little longer until they can experience Marshmallow on their devices as Verizon hasn’t updated the device following March’s security update. This is bad news but you shouldn’t feel uneasy as the device is still scheduled to receive the Marshmallow update in the future

Cyber Trends

Encryption Is a Luxury (Atlantic) The people that most need privacy often can’t afford the smartphones that provide it

Mass surveillance silences minority opinions, according to study (Washintgon Post) A new study shows that knowledge of government surveillance causes people to self-censor their dissenting opinions online

It takes 69 days to discover breaches (Business Insurance) It takes an average of 69 days for firms to discover they have been the victims of a data security incident and another seven days to achieve the problem's containment, says a law firm, in a survey issued Wednesday

Merging firms appealing targets for attackers (CSO) Companies going through a merger or acquisition, as well as their lawyers, financial advisers, and other associated firms are all tempting targets for cyberattackers, according to a new report from Digital Shadows

IT Security Survey Shows Company Size, Maturity Level are Crucial for Readiness (BusinessWire) Versasec study shows SMEs are bound by small security budgets, lack of information

Marketplace

In Apple Versus The FBI, Cyberstocks Win (Forbes) Earlier this week we learned that Apple’s security is, well, not that secure after all

CW@50: Fertile British breeding grounds for information security innovation (ComputerWeekly) Computer Weekly is marking its 50th anniversary this year with a series of articles celebrating 50 years of British technology innovation. In this article, we look at the evolution of information security threats and some of the British innovation to counter those threats

Aviation CEOs: Cybersecurity is Under Control (Aviation Today) The panel addressed how the aviation industry and regulatory awareness of aircraft cybersecurity issues have proliferated over the last year after the FBI set out to investigate claims that a professional hacker was able to control aircraft navigation systems after tapping into a seatback In-Flight Entertainment (IFE) interface

Building Stronger Readiness and Response with Cyberinsurance (Legaltech News) New regulations and the increase of cybercriminals using stolen information for payment fraud is spurring the adoption of cyberinsurance

Businesses Turn Their Backs on Banks That Lack the Right IT Security (IT Security Guru) Over two-thirds of companies prefer to bank with a provider who has a solid security reputation, according to a Kaspersky Lab survey. Those banks that make security a priority and take every effort to ensure measures are in place to safeguard against online financial fraud will have an advantage, when it comes to retaining existing customers and reaching new ones

Survey: With all eyes on security, talent shortage sends salaries sky high (CSO) Annual IT Salary Survey shines a light on security hiring and compensation trends

Army's cyber challenge to focus on micro cloud management (Defense Systems) The Army’s latest Cyber Innovation Challenge is looking to industry to help develop a holistic way to manage the tactical “micro clouds” used by deployed forces

BLACKOPS CEO Named Cybersecurity Professional of the Year (iReach) Expert confirms cybersecurity is part of larger economic and industrial war affecting every organization

DarkMatter names PKI specialist to SVP (Financial News) DarkMatter has appointed Scott Rea as Senior Vice President – Public Key Infrastructure (PKI), where he will lead the company´s efforts to elevate Identity Management in the UAE and GCC region by establishing domestic Root Certification Authority services, the company said

Products, Services, and Solutions

LookingGlass Unveils Next-Generation Threat Intelligence Management Platform (NewsChannel10) LookingGlass Cyber Solutions™, the leader in threat intelligence and dynamic threat defense, today announced the availability of its next-generation threat intelligence management platform ScoutPrime™, as well as enhancements to its market leading Cyber Threat Center Open Source Intelligence (OSINT) collection platform and LookingGlass Cyveillance Malicious C2 (Command and Control) Machine Readable Threat Intelligence (MRTI) data feed

Add IRM, data security and encryption to any app (Help Net Security) Vera launched its new IRM-as-a-Service (IRMaaS) product, allowing developers to use Vera’s data security platform to build encryption, tracking, policy enforcement, and access control into custom business applications

SecureRF Announces Multi-Mode Sensor LIME Tag(TM) for the IoT, and an Update to its Credentialing Solution (Street Insider) New MY01 LIME Tag provides integrated Cellular, Bluetooth Low Energy (BLE), classic Bluetooth, and Near Field Communication (NFC) connectivity on single platform with security and sensors

Container security for enterprise computing (Help Net Security) The largest pain-point today for organizations moving to a container strategy is that containers are being adopted and managed by developers. Operations and security do not have the level of visibility and control that they are accustomed to. At the same time, for DevOps to succeed, security and operations controls must be as agile and move as quickly as the assets to be protected

Technologies, Techniques, and Standards

NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info (Dark Reading) NIST published a new cybersecurity standard that specifies 'format- preserving encryption' techniques to secure credit card number and sensitive medical information

Surfing porn can lead to infections (CSO) Could not resist that as a clickbait title

How sandboxing can help in the fight against cybercrime (CSO) Barely a day goes by without new reports of organisations falling victim to cyber-attacks. Data breaches, network outages and system disruptions have become an unfortunate reality of the modern digital world

Machine Learning In Security: Good & Bad News About Signatures (Dark Reading) Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts

Protecting identity could be key to enterprise security (TechCrunch) When you hear from people who know about security, the discussion often turns to end users, who are considered the weakest link in the security chain. While IT and the powers that be struggle to secure their networks and IP, the employees are forever screwing up succumbing to phishing scams, using weak credentials and generally causing problems for the security experts who know best — or so says conventional wisdom

How long is a piece of string? The challenges and benefits of benchmarking security culture (CSO) A strong security culture is one of the best ways for organizations to protect themselves in today's digital world. But what defines a strong security culture? And how do you measure that?

A healthy dose of skepticism never hurt a security professional (CSO) Don't click without validation is one lesson that will do a security team a world of good

The Future of Data Protection? 3 New Approaches to Cybersecurity (Legaltech News) From preventing data exfiltration, to examining network behavior, malware and monitoring the dark web, LTN looks at three new approaches to cyberdefense

4 Cybersecurity Pitfalls to Avoid (AICPA Insights) You might break out in a cold sweat at just the thought of criminals on the other side of the world stealing your clients’ or customers’ account information

Over 60 Organizations Take Part in DHS Cyber Storm Exercise (FEDWeek) Over 1,100 people across more than 60 organizations took part in Cyber Storm V, the latest DHS-led national cyber security exercise designed to test a coordinated response to cyber attacks across the nation’s 16 critical infrastructure sectors such as energy, communications and financial services

UK and US to simulate cyber-attack on nuclear plants to test resilience (Guardian) Countries plan to cooperate by exploring the resilience of nuclear infrastructure to a terrorist attack

Design and Innovation

Comprehensive software security for cars will take years (CSO) Professor who pioneered car software security and broke Viagra spam botnets wins computer science prize

U.S. to Fight Cyber Attacks With 'Brain-Inspired' IBM Chip (PC Magazine) Lawrence Livermore National Lab will use the brain-inspired IBM Neuromorphic System for cyber-security issues

Blockchains: The Future of Recordkeeping? (Legaltech News) The need to ensure our digital heritage grows more important. Are blockchains the answer?

Research and Development

Entangled Photons Could Advance Quantum Cryptography (Photonics) Three photons have been experimentally entangled in a high-dimensional quantum property related to the “twist” of their wavefront structure, a milestone achievement for quantum physics

Legislation, Policy, and Regulation

Prepare for the EU Data Protection Law – Start Here (Heimdal Security) Do you know that (slight) sinking feeling when there’s a big change that influences the way you do things?

Former House Intel Chair Mike Rogers: Widened European Privacy Laws Hurt Intelligence Collection (USNI) As is the case in privacy laws created after World War II, and widened in the wake of the Edward Snowden leaks in Europe, “we’re going to pay a price” for limiting intelligence-collection when it comes to knowing what adversaries, terrorists and even allies are thinking, the former chairman of the U.S. House Intelligence Committee said Wednesday

Obama extends cyber sanctions power (The HIll) President Barack Obama on Tuesday expanded upon his statement that the rising number of cyberattacks on the U.S. constitutes a national emergency

Senator Wyden pledges to fight limits on encryption (Reuters) U.S. Senator Ron Wyden pledged on Wednesday to fight legislation expected shortly in Congress that would limit encryption protection in American technology products

Opinion: The San Bernardino iPhone and the 'going dark' myth (Christian Science Monitor Passcode) By breaking into the iPhone at the crux of the FBI v. Apple legal battle, law enforcement officials undercut their argument that encrypted devices are their imperiling efforts to surveil criminal and terror suspects

Encryption: Why Backdoors Are a Bad Idea (Design & Reuse) I have always had a passing interest in encryption and security. My PhD is on network file systems, where managing who has access to what data is an important aspect. I also spent the best part of a year working for a biometric security company (fingerprints and one-time-passcodes)

The New Intelligence Sharing Procedures “Are Not About Law Enforcement” (IC on the Record) There has been a lot of speculation about the content of proposed procedures that are being drafted to authorize the sharing of unevaluated signals intelligence

New Florida Law Lets Agencies Keep Some Breach Details Under Wraps (Dark Reading) Florida governor Rick Scott signs a bill to keep some critical information about data breaches confidential and out of the public eye

Litigation, Investigation, and Law Enforcement

Iran hacking indictment highlights US naming and shaming strategy (Christian Science Monitor Passcode) The Justice Department's indictment of alleged Iranian hackers last week is just the most recent example of the US government and security firms pointing fingers at specific nation-states hackers for cyberattacks

Cyber War Comes to the Suburbs (New Yorker) The Bowman Avenue Dam, in Rye, New York, would seem an unlikely candidate for a new front in the cyber wars

FBI Is Pushing Back Against Judge's Order to Reveal Tor Browser Exploit (Motherboard) Last month, the FBI was ordered to reveal the full malware code used to hack visitors of a dark web child pornography site. The judge behind that decision, Robert J. Bryan, said it was a “fair question” to ask how exactly the FBI caught the defendant

Apple to FBI: Please Hack Us Again (Daily Beast) Now that the FBI has figured out a way to hack into a locked iPhone, Apple wants the feds to pull the same trick a second time, in a different case

John McAfee: 'FBI Knew All Along They Could Unlock An iPhone With Cellebrite's UFED Touch' (Foorbes) Cybersecurity legend and Libertarian candidate John McAfee says the FBI unlocked the San Bernardino iPhone using a device that the FBI had in their possession since 2013

FBI Cracks Apple iPhone: What People Are Saying (Fortune) We waded through the flood of commentary so you don’t have to

The FBI may have dropped one case against Apple, but the battle is far from over (Guardian) The San Bernardino shooter’s iPhone was allegedly unlocked by an ‘outside party’, making that case moot. But many others are going forward

US has asked Apple, Google to help unlock devices in more than 70 cases (CSO) About 30 of the cases are as recent as 2015, according to the ACLU

Google Also Has Been Ordered to Help Unlock Phones, Records Show (Wall Street Journal) Advocacy group finds 63 cases where government sought orders to have phones opened under 1789 law

The Other Reason the FBI Doesn't Want to Reveal Its Hacking Techniques (Motherboard) It's no secret that the FBI uses computer exploits and vulnerabilities in its investigations, but the agency has not exactly been forthcoming with detailing its techniques

Apple’s New Challenge: Learning How the U.S. Cracked Its iPhone (New York Times) Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw

FBI already called in to unlock another murder case iPhone (Naked Security) Nothing breeds success like success

Former NSA deputy director says Edward Snowden lacks courage (CSO) Thoughts from Chris Inglis, former Deputy Director of NSA, about whistleblower Edward Snowden’s reasons for leaking classified NSA documents

Is Ransomware Considered A Health Data Breach Under HIPAA? (Forbes) While it’s tempting to think of ransomware as a new cyber threat, the history of digital extortion dates back to the 1980s, and one of the first examples of ransomware was the PC Cyborg Trojan

Oil and gas website operator charged for hacking (Reuters via Business Insurance) The founder of an oil and gas networking website was arrested on Wednesday on charges that he hacked and stole information from a rival site he had created and sold to DHI Group Inc., the Federal Bureau of Investigation said

Italian Police Arrest 16-Year-Old Anonymous Member (Softpedia) Today, Italian police arrested a sixteen-year-old boy from Udine, on the suspicion of being the leader of an Anonymous campaign named #OpSafePharma

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Women in Cyber Security 2016 (Dallas, Texas, USA, March 31 - April 2, 2016) With support from National Science Foundation, Award #1303441 (Capacity Building in Cybersecurity: Broadening Participation of Women In Cybersecurity through the Women in Cybersecurity Conference and Professional...

SANS Atlanta 2016 (Atlanta, Georgia, USA, April 4 - 9, 2016) Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Take advantage of tips and tricks from the experts...

Billington CyberSecurity INTERNATIONAL Summit (Washington, DC, USA, April 5, 2016) On April 5, in Washington, D.C., join leading cybersecurity officials from across the globe at the Billington CyberSecurity INTERNATIONAL Summit to engage in an intensive information exchange between leading...

Cyber Security Summit Atlanta (Atlanta, Georgia, USA, April 6, 2016) The Inaugural Atlanta Cyber Security Summit will be held April 6th at the Ritz-Carlton, Buckhead. This event is for Sr. Executives only. We are Honored to have the US Asst. Attorney General of National...

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world

ISC West 2016 (Las Vegas, Nevada, USA, April 6 - 8, 2016) ISC West is the leading physical security event to unite the entire security channel, from dealers, installers, integrators, specifiers, consultants and end-users of physical, network and IT products.

ASIS 15th European Security Conference & Exhibition (London, England, UK, April 6 - 8, 2016) ASIS Europe 2016 invites you to join security professionals and experts from over Europe and beyond in one of the most dynamic centres of business and culture in the world.

Cyber Risk Management 360 (Baltimore, Maryland, USA, April 7, 2016) The Cybersecurity Association of Maryland, Inc. (CAMI) is partnering with the MD Department of Commerce, Chesapeake Regional Tech Council and Greater Baltimore Committee to host our first Signature event...

Cybersecurity and Privacy Protection Conference (Cleveland, Ohio, USA, April 7 - 8, 2016) The Center for Cybersecurity and Privacy Protection 2016 Conference will bring together experienced government officials, in-house counsels, business executives, cyber insurance leaders, litigators, information...

Spring Conference 2016: Creating a Cybersecurity Communtiy (Los Angeles, California, USA, April 11, 2016) The ISACA Los Angeles Chapter provides affordable quality training on fundamental information systems auditing concepts and emerging technology risks, and an opportunity to network with other auditing...

Rock Stars of Risk-based Security (Washington, DC, USA, April 12, 2016) Virtually every company will be hacked, and today, experts accept that a 100% security solution is not feasible. Advanced risk assessment and mitigation is the order of the day. Rock Stars of Risk-Based...

Federal Security Summit 2016 (Washington, DC, USA, April 12, 2016) Advanced threats and more sophisticated hackers are making it increasingly difficult to protect mission-critical government systems and communications. The U.S. Government is probed 1.8 billion times per...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.