skip navigation

More signal. Less noise.

Daily briefing.

Fortinet warns of an Android banking Trojan. It's mostly affecting German users' devices.

Facebook Messenger is being used as a vector for ransomware. Criminals are distributing Locky in malicious images shared over the service. The Nemucod downloader is bypassing Facebook's whitelisting protections by arriving in the form of an SVG file, so treat images you receive with circumspection.

GeekedIn, a tech job recruiting site, scraped (not clearly legitimately) 8 million GitHub profiles, but then left them exposed in an unsecured database. GeekedIn regrets the misstep, and says it's correcting it. Those with GitHub profiles should take steps to secure themselves.

Investigators continue to look into the upgrade fraud at Three. Some observers think on-boarding and off-boarding practices may have contributed to compromising the credentials used in the scam.

In industry news, Symantec indeed is ready to acquire LifeLock for $2.3 billion, and Optiv is filing for an IPO.

The holiday shopping season begins more-or-less officially this Friday, and there's much advice out on how to buy safely online. RiskIQ this morning released a white paper on the topic. They draw particular attention to the risks apps pose during the season (and suggest specific points of skepticism), and they emphasize the importance of knowing you're on the site where you intend to shop, not on a spoofed page.

In US news, President Obama says he "can't" (meaning "won't") pardon Snowden. Rumors in Washington suggest DNI Clapper and Secretary of Defense Carter want NSA Director Rogers removed; Congress disagrees, and threatens hearings.

Notes.

Today's issue includes events affecting Australia, Canada, China, European Union, Finland, India, Iran, Morocco, Romania, Russia, Spain, Ukraine, United Kingdom, United States.

A note to our readers: We won't publish this Thursday; we'll be observing the Thanksgiving holiday.

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at the University of Maryland's Center for Health and Homeland Security: Markus Rauschecker talks about proposed Federal voluntary standards for automotive cyber security. As always, if you enjoy the podcast, please consider giving it an iTunes review.

AlienVault USM Webcast (Live Webcast, December 1, 2016) Find threats lurking on your systems with host-based intrusion detection and AlienVault USM.

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville MD, USA, December 6, 2016) Your employees could be your biggest cybersecurity risk. Join us to learn more.

Cyber Attacks, Threats, and Vulnerabilities

Canadian Army Recruitment Site Hacked; Redirected to Chinese Govt Webpage (HackRead) The users were shocked to see information about Chinese government officials and their activities on the recruitment site

Canadian Forces recruiting website hacked (CBC) Main landing page for would-be recruits redirects users to Chinese state-run website

German Android users bombarded with banking malware masquerading as legitimate apps (Help Net Security) Fortinet researcher Kai Lu warns of a fake email app that is capable of stealing login credentials from 15 different mobile banking apps for German banks

Android Malware Masquerades as Banking App, Part II (Fortinet) New variants of android banking malware target even more German banks, popular social media apps, and more

Malicious images on Facebook lead to Locky Ransomware (CSO) Images sent via Facebook Messenger lead to Ransomware or Nemucod downloader

8 million GitHub profiles scraped, data found leaking online (Help Net Security) Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. The backup of the database was downloaded by at least one third party, and it’s likely being traded online

Fraudsters accessed Three UK customer database with authorised credentials (Help Net Security) Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three’s status report on the investigation, the attackers were able to access the company’s customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones

ZTE & Huawei Swear That Their OZ Smartphones Don’t Contain Tracking Software (Channelnews) ZTE and Huewei, both powerhouse Smartphone brands in China now claim that their devices in Australia do not contain the controversial Adups software which US security Company Kryptowire said was found on several Android smartphones in the USA

Office Depot allegedly running in-store tech support scams (Naked Security) We’ve done plenty of reporting on tech support scams, be they online or by phone, but how about the sort where you walk into a huge, supposedly legit gizmo box store and they try to sell you the same load?

Office Depot insider speaks out about unnecessary computer fixes (KIRO 7) Jesse introduces us to the Office Depot insider who told us

Security Advisory: Mobile Phones (Kraken) Heed this or perish

Symantec: It's time to think about cyber criminals as professionals (IT Pro Portal) "Cyber crime is now a profession,” so needs to be thought of as such

Security Patches, Mitigations, and Software Updates

Firefox Focus: Private iOS browsing made easy (Help Net Security) Mozilla has released Firefox Focus, an iOS app that lets you browse the Internet without having to worry who’s tracking your online activity

Drupal Fixes ‘Moderately Critical’ Vulnerabilities in Core Engine (Threatpost) According to a security advisory, the update, pushed Wednesday, fixed four vulnerabilities marked “moderately critical.” The vulnerabilities affect Drupal core 7.x versions prior to 7.52 and Drupal core 8.x versions prior to 8.2.3

Facebook working with fact-checkers to weed out fake news (CSO) The social networking site will make it easier for users to report fake stories

It’s time to get rid of the Facebook “news feed,” because it’s not news (Ars Technica) Fake news didn’t throw the election. It was a symptom, not a cause

Cyber Trends

Black Friday eCommerce Blacklist (RiskIQ) According to Adobe Digital Index, in 2015, online shoppers filled eCommerce cash registers with more than $5.8 billion in sales over the Black Friday weekend—and with that number expected to grow this year, threat actors are looking to take advantage

GDPR heads security focus for large companies, disaster recovery for small - research (Computing) With 18 months to go before new regulations hit larger firms are rushing to make themselves compliant

Manufacturing companies highly exposed to cyberattacks, study (Insurance Business) Manufacturing companies highly exposed to cyberattacks, study Manufacturing businesses are particularly vulnerable to cyberattacks owing to their focus on innovation and increasing reliance on connected products, a multinational professional services firm said in a recent study

35% of websites still using insecure SHA-1 certificates (Help Net Security) 35 percent of the world’s websites are still using insecure SHA-1 certificates, according to Venafi. This is despite the fact that leading browser providers, such as Microsoft, Mozilla and Google, have publicly stated they will no longer trust sites that use SHA-1 from early 2017. By February 2017, Chrome, Firefox and Edge, will mark websites that still rely on certificates that use SHA-1 algorithms as insecure

Ransomware success creates apathy towards traditional antivirus software (Help Net Security) In the last 12 months, 48 percent of organizations across the globe have fallen victim to a ransomware campaign, with 80 percent indicating that they’ve suffered from three or more attacks, according to a global survey conducted by Vanson Bourne

Report: Half of Organizations Have Been Hit by Ransomware (eWeek) Not only are many organizations being impacted by ransomware, they are also being attacked repeatedly and some are paying up

Businesses aren’t telling anyone when they’ve been hit with ransomware (CyberScoop) There may be more businesses dealing with ransomware than the private sector community cares to talk about

Hybrid cloud storage use to double in next 12 months (Help Net Security) The use of hybrid cloud storage will accelerate rapidly over the next 12 months, according to Cloudian. Across 400 organisations surveyed in the UK and USA, 28% already use hybrid cloud storage, with a further 40% planning to implement within the next year. Only 19% have no plans to adopt

More than 55 percent millennials have been hit by cybercrime in India: Norton by Symantec (Open Sources) Over 55 percent of millennials (born between 1980-2000) in India have experienced cybercrime in the past year and globally, millennials are the most commonly affected victims, with 40 percent experiencing it last year, a report revealed on Saturday. According to the ‘Norton Cyber Security Insights’ report by security software firm Norton by Symantec, “39 percent Indian millennials have either experienced ransomware themselves or know someone who has”

A quarter of Australian firms ignorant about their own cyber defences, survey finds (IT Briefs) A quarter of Australian businesses don't know if they have the right security controls for cyber attacks and are risking an average cyber attack cost of more than $622,000, new research from BAE Systems has revealed

Marketplace

Symantec to acquire LifeLock for $2.3 billion (Reuters) Symantec Corp (SYMC.O) said it would acquire U.S. identity theft protection services company LifeLock Inc (LOCK.N) for $2.3 billion, in a deal that it hopes will prop up sales at its Norton cybersecurity unit

Cybersecurity company Optiv files for IPO (Reuters) Cybersecurity company Optiv Security Inc, majority owned by Blackstone Group LP (BX.N), filed with U.S. regulators for an initial public offering of its common stock on Friday

Mach37 accelerator hits critical milestones as investors get more selective (Washington Post via Standard Examiner) In its third year of mentoring and investing in cybersecurity start-ups in Northern Virginia, state-funded start-up accelerator Mach37 is starting to show it can churn out self-sustaining businesses

4 Things Cisco's Management Wants You to Know (Motley Fool) With weak guidance knocking down the stock, management tried to fill in the details

Analysts Unimpressed With Cisco Systems, Should You Be? (Seeking Alpha) Cisco Systems' revenue decelerated in the first quarter. Nevertheless, I expect dividend growth to continue due to a very strong balance sheet and cash flow. Guidance for next quarter was for revenue to decline. For this reason, I no longer recommend adding shares of Cisco Systems

Qualcomm and HackerOne Partner on Bounty Program (Threatpost) Qualcomm kicked off its first bug bounty program Thursday, opening the door for white hat hackers to find flaws in a dozen Snapdragon mobile chipsets and related software. Rewards for the invite-only bug bounty program top $15,000 each

ZTE can continue operating as normal, as Washington agency extends temporary license until Feb 27, filing says (South China Morning Post) ZTE Corp, China’s largest listed telecommunications equipment manufacturer, has been granted a reprieve for the fourth time from United States export restrictions over the violation of long-standing trade sanctions on Iran

Aixtron Says CFIUS Opposes Grand Chip Deal Due To Security Concerns (RTT News) Aixtron SE (AIXG) announced Friday that the investigation period for the Committee on Foreign Investment in the United States or CFIUS to review the tender offer by Grand Chip Investment GmbH or GCI lapsed on November 17, 2016

Where cybersecurity computes (MIlford Daily News) Cyberattacks may be bloodless, but they are far from painless, especially for the besieged company that sees its services temporarily or indefinitely disrupted

RiskSense Debuts on 2016 Deloitte Technology Fast 500™ (Businesswire) Cyber risk management pioneer achieves 235% growth rate

FireEye (FEYE) Taps Nuance's Robbins as Head of Worldwide Sales (Street Insider) FireEye, Inc. (Nasdaq: FEYE) announced that former Symantec and Nuance Communications executive Bill Robbins has joined the company as executive vice president of worldwide sales. Robbins reports to FireEye CEO Kevin Mandia

Sources: Crowdstrike Hires Former Tanium Exec As Head Of Worldwide Sales (CRN) As the battle for the endpoint security market heats up, Crowdstrike has landed former Tanium top sales executive Mike Carpenter as its new head of worldwide sales, sources told CRN

Products, Services, and Solutions

Kaspersky introduces its own “Hackproof” OS (Technews) The popular anti-virus software company called “Kaspersky” has quite recently claimed to have their very own Operating System software since last October. They are constructing a secure operating system for preserving the personal data of users

Russian Security Firm Kaspersky Announces Its Own Secure OS, 14 Years in the Making (Circle ID) "I've anticipated this day for ages — the day when the first commercially available mass market hardware device based on our own secure operating system landed on my desk," writes Eugene Kaspersky, Chairman and CEO of Kaspersky Lab, in a blog post introducing company's layer 3 switch powered by Kaspersky OS. Kaspersky believes the OS will be "ideal for applications where a small, optimized and secure platform is required" — particularly when it comes to Internet of Things

Matrix.org Launches Cross-platform Beta of End-to-End Encryption Following Security Assessment by NCC Group (Matrix) Security assessment allows Matrix to advance development of its end-to-end encryption implementation, as the project today adds iOS and Android to the list of E2E supported platforms

UK bank to extend trial of behavioural biometrics security (NFC World) UK bank Natwest has trialled a behavioural biometrics system designed to offer continuous authentication throughout an online banking session, using more than 500 behaviour patterns to identify users and prevent fraud from unauthorised logins and automated attacks

LogRhythm Enhances Security Software (Techrockies) Boulder-based security software developer LogRhythm, which develops security intelligence and analytics software, said this week that it has made a major upgrade to its flagship software

Comodo Certification Manager relieves the burden of managing security certificates manually (Network World) Some companies have 10,000 or more certificates, and managing them manually is time consuming and error-prone. A management platform can automate certificate discovery and renewal

Argus Breakthrough Technology for Automotive Cyber Security (American Security Today) Argus Cyber Security, the world’s largest independent automotive cyber security company, today announced further expansion of its In-Vehicle Network Protection suite with its new groundbreaking ECU Fingerprinting technology

Website Security Partner Program (Symantec) The Symantec Website Security Partner Program includes the most relevant, recognized, trusted and diverse SSL Certificate, Code Signing, and Website security & management solutions. Our partners have multiple brand options to sell including; Symantec, Thawte, GeoTrust, & RapidSSL. Each brand has a specific product offering which will allow you to succinctly map to your customers unique requirements

Embracing cyberspace and the cyber-challenge for public-private partnerships (Telegraph) Anu Khurmi and Andrew Fitzmaurice discuss how Templar Executives’ unique approach is enabling businesses to embrace and exploit cyberspace and Sally Howes discusses how the public and private sectors can improve the success of cybersecurity

Exclusive: Hemisphere adds six new security vendors; ups solution sell scope (ChannelLife) Hemisphere Technologies has added six new vendors to its security line up as the distributor looks to provide resellers with a full suite of offerings for solution selling

Technologies, Techniques, and Standards

Vulnerable connected devices a matter of 'homeland security' (Christian Science Monitor Passcode) Top government officials such as Homeland Security chief Jeh Johnson are urging device makers to secure everyday objects that connect to the internet

Which operating system do ‘professional’ hackers use? (TechWorm) Which operating system do the ‘real’ hackers use? The real here is the cyber criminal type hackers and hacktivists and not security researchers and white hat hackers

Tips for Secure Online Shopping (Above Security) Shopping online for Black Friday is convenient. You avoid the crowds and browse more effectively with the comfort of your home. However, we are not immune from cyber attacks. How to protect yourself from identity theft or credit card fraud?

As Christmas and Cyber Monday approach consumers should beware of online fraud (Herald Scotland) With the majority of people planning to do at least part of their Christmas shopping online, the recent attack on 9,000 Tesco Bank accounts is a timely reminder that you can’t be too careful when carrying out cyber transactions

Security basics for the holiday season, and the year to come (CSO) Let's go shopping!

Design and Innovation

Device Security Issues for the Infosec Community to Consider (Tripwire: the State of Security) The issue of device security has once again returned to the forefront in light of the recent botnet attacks that have leveraged CCTV cameras, DVRs and other Internet of Things (IoT) devices. As a community, especially those of us who are CISSPs, it is our responsibility to think several chess moves ahead and to take deeper dives into the investigative questions that aren’t being discussed in the aftermath of such attacks

Academia

Northrop Opens 2016-2017 UK National Youth Cyber Defense Competition (GovConExecutive) Northrop Grumman has launched the U.K. national youth cyber defense competition for 2016-2017 in efforts to promote science, technology, engineering and mathematics education

Legislation, Policy, and Regulation

Govt to soon appoint cyber professionals (Tribune) Due to increase in cyber crime, the Information and Technology Ministry is in major disarray. To control this, the Central Government is soon going to appoint a force of cyber professional, who will be able to stop hacking and keep a check on cyber crime in the government body

NSA Director Mike Rogers Could Be Removed in Restructuring (ABC News) President Obama is considering a recommendation by Defense Secretary Ash Carter and Director of National Intelligence James Clapper to separate the commands of the National Security Agency and U.S. Cyber Command that could lead to the removal of Admiral Mike Rogers who heads both commands

Pentagon and intelligence community chiefs have urged Obama to remove the head of the NSA (Washington Post) The heads of the Pentagon and the nation’s intelligence community have recommended to President Obama that the director of the National Security Agency, Adm. Michael S. Rogers, be removed

Lawmakers decry possible removal of NSA director, call for hearings (Federal News Radio) Several key GOP members of Congress began to weigh in this weekend with strong disapproval over suggestions that Adm. Michael Rogers, the director of the National Security Agency and commander of U.S. Cyber Command may be fired during the final weeks of the Obama administration

Trump's national security pick is a cybersecurity hawk (CSO) Like Trump, Michael Flynn supports using offensive cyberweapons

Former NSA, CIA Director Hayden: World Needs a Set of Cyber Norms (USNI News) The United States should help create an international set of norms for cyber behaviors – to distinguish between accepted behaviors like espionage and non-accepted behaviors like cyber theft and destruction – and then craft laws and policies that allow U.S. cyber warriors to succeed in that domain, a former director of the National Security Agency and Central Intelligence Agency said today

McCain dismisses Russian impact on election, stresses need for cyber committee (The Hill) Senate Armed Services Chairman John McCain (R-Ariz.) said Saturday that he does not believe Russian hackers affected the presidential election, adding that he plans to recommend a new select committee on cybersecurity

What a Trump presidency could mean for U.S. cyber weapons (CyberScoop) Defense contractors developing military grade cyber weapons find themselves in a prime position to capitalize on President-elect Donald Trump’s rise to the White House. With this significant-yet-exclusive business opportunity on the horizon, policy and security experts question what Trump’s apparent plan to develop offensive cyber tools will mean for both those at home and abroad

Litigation, Investigation, and Law Enforcement

Obama says he can’t pardon Snowden (Ars Technica) Snowden may be loved in Germany, but US lawmakers aren't keen on forgiveness

House Intel chair arranging hearing on NSA director (The Hill) House Intelligence Chairman Devin Nunes (R-Calif.) is questioning two top Obama administration officials over reports they recommended President Obama remove National Security Agency Director Adm. Michael Rogers

Ohio man charged with threatening to kill Trump on Twitter (Ars Technica) "My life goal is to assassinate Trump. Don't care if I serve infinite sentences"

Russia Criticized for Blocking Microsoft’s LinkedIn over Data Location Law (Voice of America) Russian users of the online professional-social network LinkedIn expressed concern after Russian authorities this week began blocking the popular service

Cross-continental operation brings down payment card fraudsters (Help Net Security) On 14 and 15 November 2016, the Finnish National Bureau of Investigation, the Spanish Guardia Civil, the British West Midlands Regional Cyber Crime Unit together with the Royal Canadian Mounted Police and with the support of Europol’s European Cybercrime Centre (EC3) teamed up in a cross-continental joint action day aimed at breaking down an international card-not-present fraud network

Investigation confirms no patient or employee info compromised in cyber-attack on healthcare system (Security Info Watch) After a thorough investigation into the late August cyberattack on the Appalachian Regional Healthcare (ARH) system, findings from independent computer forensic experts as well federal authorities have determined that no ARH patient or employee health or financial information was comprised in the attack

Critical Cyber-Attack on Hospitals Now A Reality- A View From ‘Across the Pond’ (JD Supra) Serious trouble for all health and care providers looms large

The Evolution of Cyber Crime in Morocco (Morocco World News) The rise of cyber-crime has become one of the emerging difficulties of a more technologically integrated world

Kaspersky takes Hemisphere Technologies to court in royalties wrangle (ARN) Millions at stake in legal proceedings spanning two countries

FS.to pirate website shut down after Ukraine’s National Police Raid (HackRead) A complaint made by the Motion Picture Association of America led to the arrest of people behind FS.to. The cyber-crime department of Ukraine’s National Police force carried out a series of operations against the website which is used by millions of users around the world. The perpetrators were arrested and a total of 60 servers were shut down as a result

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SANS Healthcare CyberSecurity Summit & Training 2016 (Houston, Texas, USA, November 14 - 21, 2016) SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the...

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the ...

SCSC Cyber Security Conclave 2.0 Conference and Exhibition (Hyderabad, India, November 22 - 23, 2016) India’s leading two-day cyber security event is returning in November 2016, once again bringing together over hundreds of cyber security experts, senior officials and policy-makers from across the public...

4th Ethiopia Banking & ICT Summit (Addis Ababa, Ethiopia, November 25, 2016) The 4th Ethiopia Banking & ICT Summit is the ONLY event in Horn of Africa that focuses on technology innovations and trends in the Banking and ICT sectors. This annual summit brings together Financial...

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered...

Internet of Things (IoT) (Elkridge, Maryland, USA, November 29, 2016) This cybergamut Technical Tuesday features Dr. Susan Cole, currently the Cybersecurity Lead for a Federal Information Systems Controls Audit Management (FISCAM) preparation team and also provides consulting...

CIFI Security Summit (Toronto, Ontario, Canada, November 30 - December 1, 2016) The Annual CIFI Security Summit takes place all over the world, Asia, Europe, Australia & North America. These summits are essential 2 day conferences and exhibitions bringing together leading security...

AlienVault USM Webcast (Online, December 1, 2016) Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating...

Cyber Threats Master Class (Turin, Italy, December 1 - 2, 2016) The UNICRI Masterclass on Cyber Threats aims to provide media and public relations professionals, as well as those planning a career in public information and communication, with a deeper understanding...

Disrupt London (London, England, UK, December 3 - 6, 2016) TechCrunch Disrupt is the world’s leading authority in debuting revolutionary startups, introducing game-changing technologies, and discussing what’s top of mind for the tech industry’s key innovators.

US Department of Commerce Cyber Security Trade Mission to Turkey ( Ankara and Istanbul, Turkey, December 5 - 8, 2016) Now is the time to expand in Turkey! The growth and frequency of cyber-attacks in recent years has increased the demand to protect critical data and infrastructure of governments and businesses. Turkey...

NCCoE Speaker Series: Understanding, Detecting & Mitigating Insider Threats (Rockville, Maryland, USA, December 6, 2016) Insider threats are growing at an alarming rate, with medium-to-large company losses averaging over $4 million every year. Smaller businesses are at risk too, and it is estimated that in 2014, over half...

Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter (Elkridge, Maryland, USA, December 6, 2016) This cybergamut Technical Tuesday features ZeroFox data scientist John Seymour, who will present a recurrent neural network that learns to tweet phishing posts targeting specific users. Historically, machine...

Practical Privacy Series 2016 (Washingto, DC, USA, December 7 - 8, 2016) This year, the Practical Privacy Series will return to Washington, DC, with its rapid, intensive education that arms you with the knowledge you need to excel on the job. We’re programming some stunningly...

CISO Southern Cal (Los Angeles, California, USA, December 8, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations...

SANS Cyber Defense Initiative 2016 (Washington, DC, USA , December 10 - 17, 2016) Make plans to attend SANS Cyber Defense Initiative 2016 (CDI). SANS is the one educational organization known for developing the cybersecurity skills most in need right now. SANS Cyber Defense Initiative...

Privacy, Security and Trust: 14th Annual Conference (Auckland, New Zealand, December 12 - 14, 2016) This year’s international conference focuses on the three themes of Privacy, Security and Trust. It will provide a forum for global researchers to unveil their latest work in these areas and to show how...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.