skip navigation

More signal. Less noise.

Do you know the best practices for applying threat intelligence?

Threat intelligence is one of the most talked about areas of information security today, but how do you actually use it? Learn best practices for applying threat intelligence with Recorded Future's latest white paper. Download your free copy now.

Daily briefing.

Researchers at KU Leuven in Belgium have announced discovery of a key reinstallation attack (KRACK) vulnerability affecting wi-fi connections hitherto believed to be secure. An attacker within range of the intended victim could get around the four-way handshake used in the WPA2 wi-fi protocol by inducing the victim to reinstall a key that's already in use. Success enables the attacker to access information assumed to be securely encrypted. The problem lies in the protocol itself, and not in any particular product.

A variety of probes and nuisance attacks surfaced in Europe late last week. Poland's Defense Minister says the country successfully parried a Russian cyberattack of unspecified nature and scope. In Sweden denial-of-service campaigns affected transportation, especially rail transportation, in western regions of the county. There's no attribution of the DDoS attacks against Swedish targets, but Russian operators are widely suspected.

British security researchers have concluded that Iran was behind the June 23 brute-force attacks on Parliament's email system. Moscow had been the original and usual suspect, but Whitehall has determined it was Tehran.

A number of researchers are warning of an increase in the tempo of cyberattacks against targets in East Asia. These no longer seem to be confined to espionage, but appear to pose a fresh threat to supply chains. A confused set of Chinese and North Korean actors are named in dispatches.

Apple's iOS 11 is said to have an exploitable backdoor in its associated QR scanner.

Pizza Hut was breached: less serious than Equifax, but tastier.

Notes.

Today's issue includes events affecting China, Estonia, Finland, India, Iran, Ireland, Isle of Man, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Philippines, Poland, Russia, Sweden, Thailand, Turkey, Ukraine, United Kingdom, United States.

Are your needs being addressed at every stage of the cyber attack cycle?

Security organizations face numerous challenges, from increasingly large volumes of data and lack of tools and trained staff to validate intelligence, to the inability to operationalize threat intelligence. Learn how the threat intelligence-as-a-service model can strengthen and complement security postures of varying maturity levels in a webinar with Intellyx’s Principal Analyst Charles Araujo and LookingGlass’ Doug Dangremond, Senior Vice President of Threat Intelligence Services. Thursday, November 9 @ 2PM ET. Sign up now.

In today's podcast, we hear from our partners at the SANS Institute, as Johannes Ullrich of the ISC Stormcast describes how scammers take advantage of disasters.

SecurityWeek’s 2017 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 23 - 26, 2017) As the largest and longest-running cyber security-focused conference for the ICS/SCADA sector, SecurityWeek’s ICS Cyber Security Conference caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military.

Earn a master’s degree in cybersecurity from SANS (Online, October 30, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Monday, October 30th, at 3:00 pm ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.

Cyber Security Summit: Boston and Los Angeles (Boston, Massachusetts, USA, November 8, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security on November 8 in Boston and November 29 in Los Angeles. Register with promo code cyberwire50 for half off your admission (Regular price $350).

Cyber Attacks, Threats, and Vulnerabilities

Poland says it repelled 3rd Russian hacking attack (Fifth Domain) Defense Minister Antoni Macierewicz said Friday the recent attack targeted companies in Ukraine that also have offices in other countries, including Poland.

DDoS Attacks Cause Train Delays Across Sweden (BleepingComputer) DDoS attacks on two separate days have brought down several IT systems employed by Sweden's transport agencies, causing train delays in some cases.

Iran blamed for Parliament cyber-attack (BBC News) Security sources believe Iran was behind an attempt to hack into MPs' email accounts in June.

Provoking Iran Could Have Unseen Cyber Consequences (WIRED) By decertifying the nuclear deal with Iran, President Trump could risk provoking hacks from a country that hasn't focused on US cyberattacks in years.

Cyberespionage Group Steps Up Campaigns Against Japanese Firms (Threatpost) Researchers unearth new tactics and strategies used by the criminals behind the hacking group known as Bronze Butler.

Cyber attacks hitting supply chains in Asia Pacific, PH (Manila Bulletin Business) Multinational cybersecurity and anti-virus provider Kaspersky Lab has warned that cyber spy groups across Asia Pacific, including in the Philippines, are no longer “just after data” and that they are now moving towards using supply chain attacks and legitimate tools to attack financial institutions and other sectors.

Microsoft head blames North Korea for 'WannaCry' hospital cyberattack (Washington Examiner) He added that governments need to do more to protect citizens from malicious attacks.

N. Korea stole cyber tools from NSA, carried out WannaCry ransomware attack – Microsoft chief (RT International) The head of Microsoft accused North Korea of carrying out the WannaCry cyberattack which crippled 200,000 computers in 150 countries earlier in 2017. Pyongyang used “cyber tools or weapons stolen from the NSA,” the company’s president believes.

WannaCry Ransomware Sold in the Middle Eastern and North African Underground (TrendLabs Security Intelligence Blog) For $50, one could purportedly get a lifetime license to upgradeable variants of WannaCry.

The World Once Laughed at North Korean Cyberpower. No More. (New York Times) While the world is fixated on its nuclear missiles, North Korea has also developed a cyberattack program that is stealing millions and unleashing havoc.

Millions of high-security crypto keys crippled by newly discovered flaw (Ars Technica) Factorization weakness lets attackers impersonate key holders and decrypt their data.

Key Reinstallation Attacks (KU Leuven) Breaking WPA2 by forcing nonce reuse discovered by Mathy Vanhoef of imec-DistriNet,

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping (Ars Technica) KRACK attack allows other nasties, including connection hijacking and malicious injection.

New Scam Impersonates VAT Form to Deliver Malware (Infosecurity Magazine) Phishing attack disguised as HMRC doc contains links to the infamous JRAT malware

Fear These Three Types Of Phish: 'Catphishing' Enterprise Targets (Forbes) Earlier this month, Forbes staff writer Thomas Fox-Brewster told the frightening tale of how Iranian hackers used a fake Facebook FB +0.64% profile to target an unsuspecting techie at consulting powerhouse Deloitte .

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location (PhishMe) It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware.

DoubleLocker is an innovative ransomware that is misusing Android (WeLiveSecurity) DoubleLocker is an innovative ransomware that is misusing Android accessibility services, encrypt date and lock the device of the user.

Ransomware Sales on the Dark Web Surged by 2,502 Percent in the Past Year (eSecurity Planet) Sales grew from $250,000 in 2016 to more than $6.2 million in 2017, according to a recent report.

Google embarrassed by fake adblocker that served ads (Naked Security) The malware, posing as popular adblocker Adblock Plus, made it past Google Web Store’s security checks

Chrome Extension Uses Your Gmail to Register Domains Names & Injects Coinhive (BleepingComputer) A malicious Chrome extension is being used to inject the CoinHive browser miner, while registering domains for the extension developer using the victim's Gmail address.

Iphone iOS 11 QR code scanner provides 'backdoor' exploitable by criminals (SC Media UK) Apple's new operating system for iPhones and iPads contains a Quick Response (QR)-scanning based 'backdoor' that could be used by criminals.

New Research: QR Codes Threat Landscape (CyberInt) You've heard all about all the "hidden features" Apple's new iOS 11 has to offer, you haven't heard how it provides a 'backdoor' exploitable by criminals.

Down the Rabbit Hole with a BLU Phone Infection (Threatpost) Much-maligned BLU phones have been a privacy and spyware nightmare. Threatpost shares the story of one victim who experienced firsthand a relentless wave of unwanted programs, spyware and frustration.

10 Major Cloud Storage Security Slip-Ups (So Far) this Year (Dark Reading) Accenture is the latest in a string of major companies to expose sensitive cloud data this year, following Verizon, Deloitte, and Dow Jones.

Fake news can inflict financial damage on businesses —Trend Micro (GMA News Online) Apart from damaging reputations, fake news—or maliciously false information—can inflict financial damage on businesses, according cyber security firm Trend Micro Inc.

Why it's hard to trust the U.S. on Russia's alleged Kaspersky espionage (Yahoo! Finance) The Russian government used antivirus software from the private Russian company Kaspersky to steal classified U.S. data. We asked experts about it.

What the Kaspersky Antivirus Hack Means for Consumers (Consumer Reports) Kaspersky antivirus software may have been used to hack into computers all over the world, including many home PCs owned by consumers. Here's what you need to know.

Hacking a Power Grid in Three (Not-So-Easy) Steps (WIRED) After months of reports of energy grid breaches, time to distinguish the elite intrusions from just another spearphishing attack.

Come fly the hackable skies (SecurityInfoWatch.com) Aviation industry faces tangible threats of onboard computer system vulnerabilities, experts say

To Nobody's Surprise, Ships Are Just as Easy to Hack as Anything Else (BleepingComputer) Modern-day ships aren't that hard to hack according to Ken Munro, a security researcher at Pen Test Partners, a UK cyber-security company. Speaking at a conference in Athens, Greece, Munro detailed some of the most appalling security lapses he found while investigating naval ships that had equipment exposed online.

Pizza Hut was hacked, company says (Miami Herald) Pizza Hut has experienced an online hack on customer information. It may affect website and mobile application users who placed orders in early October.

Musgrave cyber-attack highlights security risk to Irish businesses (Independent.ie) The recent cyber-attack at retail giant Musgrave Group is the latest example in a long line of hacker strikes on Irish business in the recent past.

Security Patches, Mitigations, and Software Updates

Mozilla patches three critical issues in Thunderbird and Firefox (SC Media UK) Mozilla issued a security update for Thunderbird 52.4 , Firefox 56 and Firefox ESR 52.4, patches 10 vulnerabilities, 2 rated critical, 5 high and 3 moderate.

Cyber Trends

AI cannot solve all cybersecurity issues: RSA Security (ETtech.com) Zulfikar Ramzan says that it’s difficult to curb out cybercrime completely but possible to bring it down to acceptable terms.

Can you tell a bug from a bot? Know your malware here (The Economic Times) Malware, literally, is a software that's bad. It sneaks into your system, steals your personal data, deletes files and can even disable your system.

Kaspersky news, Equinox security hack push CIOs to trust no one (SearchCIO) What does the Kaspersky news say to CIOs? Something's gotta change.

Cybercrime not an apocalyptic threat (Knoxville News Sentinel) Information security professionals, technologists, politicians and business people need to exchange ideas and insights to start finding real-world solutions to security problems.

Marketplace

After second bungle, IRS suspends Equifax’s “taxpayer identity” contract (Ars Technica) During suspension, IRS says it will review "Equifax systems and security."

Cyber-intelligence staff among nearly 2,000 BAE Systems redundancies (Consultancy) The world’s tenth largest cyber-security consultants have axed 1,900 jobs in the UK, including over 100 in its cyber defence department.

Cyber Command awards first contract under its limited acquisition authority (C4ISRNET) After almost a year of special acquisition authority granted from Congress, Cyber Command has finally flexed those powers, awarding a contract in late September.

Leidos lands nearly $1B contract for work with NGA (Washington Business Journal) The prime IDIQ contract was awarded by the Springfield-based NGA under the Information Technology Enterprise Managment User Facing Services program.

Products, Services, and Solutions

Cisco Stretches ACI Network Fabrics, Eases Management (The Next Platform) For disaster recovery, political, and organizational reasons, enterprises like to have multiple datacenters, and now they are going hybrid with public clou

Dome9 and Allgress Partner to Streamline Compliance Management for AWS Environments (Marketwired) Dome9 Security, the public cloud security company, today announced a partnership and integration with Allgress, the AWS-certified compliance platform, which provides compliance controls mapping for NIST 800-53, PCI DSS, HIPAA, CIS and other critical standards.

Hackin' Away at the Hacken ICO For White-Hat Hackers (BlockTribune) Ukraine’s Hacken is a blockchain community that aims to encourage so-called white-hat hackers to report system vulnerabilities and bugs.

Mullvad Joins One of World's Largest Internet Exchanges (PRNewswire) Mullvad VPN, in its continued efforts to improve its...

Technologies, Techniques, and Standards

'Crypto Anchors' Might Stop the Next Equifax-Style Megabreach (WIRED) There's no foolproof system to keep hackers out. Instead, this increasingly popular security design keeps them in.

Acting on the cyber executive order: 3 keys to compliance (FCW) With the proper technologies in place, agencies can do better assessments and begin to truly address their existing gaps.

Why Identity Protection in the Cloud Matters (Infosecurity Magazine) It is getting harder for companies to know what data is transmitted, who is accessing it, and where it goes.

Cyber operators to commanders: Bring us in early and often (Army Times) The Army’s cyber operators want unit commanders to know they’re ready to deliver tailorable solutions -- and they're bringing their servers with them.

How to Buy Cyber Insurance (CFO) Deciding how much cyber insurance to buy is no trivial matter, and the responsibility rests with the CFO.

US banks to introduce new anti-fraud measures after Equifax hack (Financial Times) Customers face more security controls to combat rising threat of identity theft

Design and Innovation

Replacing US Social Security Numbers With Estonia's Cryptographic Model? (Forbes) Earlier this month White House cybersecurity czar Rob Joyce raised eyebrows when he proposed the radical idea of abandoning the venerable Social Security number (SSN) as a national identifier and replacing it with modern cryptographic identifiers.

The Cryptography of Bitcoin (hack.guides()) Open-source guide from hack.guides() authored by Decent

Academia

Morgan State opens IoT security research lab (Technical.ly Baltimore) The Center for Reverse Engineering and Assured Microelectronics is designed to provide a link between the university and the intelligence community.

Terra State recognized for cybersecurity commitment (The News-Messenger) Terra State Community has been designated as a cybersecurity champion by

The science of spying: how the CIA secretly recruits academics (Guardian) The long read: In order to tempt nuclear scientists from countries such as Iran or North Korea to defect, US spy agencies routinely send agents to academic conferences – or even host their own fake ones

Legislation, Policy, and Regulation

Russia may soon issue its own official blockchain-based currency, the CryptoRuble (TechCrunch) Russia will issue its own official cryptocurrency, the CryptoRuble, capping months of speculation about the country's approach to the technology. While in a..

Russia promises ‘countermeasures’ if Finland joins NATO (Defense News) Russia’s warning to Helsinki is fueled by Moscow’s fear of having large-scale NATO forces along its approximately 840-mile border with Finland.

Ukraine Growing Cyber Capabilities From Within (SIGNAL Magazine) Aimed at protecting itself and other Eastern European countries, Ukraine is developing capabilities against its aggressors.

Coming soon: Ministry of Defence’s cyber, space, special operations divisions (The Indian Express) According to sources, the proposals for the three new formations — Defence Cyber Agency, Defence Space Agency and a Special Operations Division — are with other ministries for approval as the resources for them have to come from “accretion and not under save-and-raise”.

Wikileaks run by the Russians, says Hillary Clinton (Times) Hillary Clinton claimed yesterday that Wikileaks was an arm of Russian intelligence and that a new Cold War was descending on Europe through the weaponising of information. The former US secretary...

Senator wants Kaspersky out of U.S. voting systems (FCW) Amid concerns about election system security, Sen. Amy Klochubar is looking for DHS to help boot Kaspersky from state and local voting systems.

Wary of Hackers, States Move to Upgrade Voting Systems (New York Times) New equipment and security protocols are part of the response to Russian meddling in 2016. But lack of money is an obstacle.

Opinion | Congress members threaten Twitter with regulation if it doesn’t suppress ‘racially divisive communications’ and ‘anti-American sentiments’ (Washington Post) The letter raises the same First Amendment problems as does President Trump's tweet urging changing the NFL's tax treatment because of player protests.

Twitter CEO promises to crack down on hate, violence and harassment with “more aggressive” rules (TechCrunch) Twitter CEO Jack Dorsey took to...Twitter today to promise a "more aggressive" stance in its rules and how it enforces them. The tweet storm was based in a..

The USA Liberty Act: House Judiciary’s Proposed Reauthorization of Section 702 (Lawfare) A summary of the key provisions of the House Judiciary Committee’s proposal to reauthorize expiring FISA authorities including Section 702.

Intel leaders urge Congress to reauthorize NSA surveillance program (CNN) FBI Director Christopher Wray said Friday that members of Congress who are trying to restrict the bureau's access to information obtained through the monitoring of foreign nationals are jeopardizing national security.

FBI director warns against restricting controversial NSA surveillance program (Washington Post) “Any material change . . . would severely inhibit our ability to keep the American people safe.”

New bill would allow hacking victims to 'hack back' (TheHill) Reps. Tom Graves (R-Ga.) and Kyrsten Sinema (D-Ariz.) introduced a bill Friday that would allow hacking victims to "hack back" when attacked. 

Trump to stay in Iran nuclear deal, asks Congress to revise enforcement (Military Times) President Trump's proposed alternative would seek to include Iran's ballistic missiles, destabilizing activities in amended sanctions law.

New Government office for cyber security (Energy FM) The Manx Government is setting up a new office to focus on all parts of cyber security.

Litigation, Investigation, and Law Enforcement

French intelligence texts jihadist by mistake, inadvertently warning of surveillance operation (The Telegraph) A French intelligence agent sent a text message by mistake to the mobile phone of a jihadist, inadvertently warning him that he was under surveillance and undermining an investigation, it emerged on Friday.

DHS Now Won't Say How Many Federal Agencies Use Kaspersky Software (BuzzFeed) A month ago, DHS demanded federal agencies stop using the Russian firm's antivirus programs. Now, it says, the public can't know how many federal computers are affected.

Russian trolls were schooled on ‘House of Cards’ (Yahoo! Finance) A former Russian internet troll says the training for influencing the American election included screening "House of Cards," and reading – and writing – comments on the websites of the New York Times and the Washington Post.

Facebook takes down data and thousands of posts, obscuring reach of Russian disinformation (Washington Post) Facebook said it squashed “a bug.” Researchers say it is hiding crucial information.

The Worst Thing About Facebook Is That It Doesn’t Let Us Forget (Motherboard) It compels us to be invested in the lives of people we have no business caring about.

Our National Security’s Millennial Problem (Observer) There are Millennials who possess a radically different take on secrecy laws than previous Americans.

Preventing cyber crime is central to GCHQ’s mission, says chief (Global Government Forum) The head of the UK’s spy agency GCHQ has said that protecting Britain from cyber crime must be as central to its mission as defending the country from terrorism.

Microsoft faces Dutch crunch over Windows 10 private data slurp (Register) Stop us if you've heard this one before: Euros angry over privacy policy

Judge slaps down government’s dragnet trawl of 1.3m website users (Naked Security) DreamHost said the decision “will protect the constitutional rights of innocent internet users worldwide”

Former policewoman who stalked married man is jailed for 11 months (Graham Cluley) A former policewoman will spend the next 11 months in prison for her decision to harass and stalk a married man online.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security, Oil, Gas & Power 2017 (London, England, UK, November 29 - 30, 2017) ACI’s Cyber Security - Oil, Gas, Power Conference will bring together key stakeholders from energy majors and technology industries, to discuss the challenges and opportunities found in the current systems.

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) INsecurity is for the defenders of enterprise security—those defending corporate networks—and offers real-world case studies, peer sharing and practical, actionable content for IT professionals grappling...

INsecurity (National Harbor, Maryland, USA, November 29 - 30, 2017) Organized by Dark Reading, the web’s most trusted online community for the exchange of information about cybersecurity issues. INsecurity focuses on the everyday practices of the IT security department,...

AutoMobility LA (Los Angeles, California, USA, November 27 - 30, 2017) The Los Angeles Auto Show Press & Trade Days and Connected Car Expo have MERGED to form AutoMobility LA, the new auto industry’s first true trade show. Register to join us in Los Angeles this November.

Global Conference on Cyberspace (GCCS) (New Dehli, India, November 23 - 24, 2017) The Global Conference on Cyberspace (GCCS) aims to deliberate on the issues related to promotion of cooperation in cyberspace, norms for responsible behaviors in cyberspace and to enhance cyber capacity...

Aviation Cyber Security (London, England, UK, November 21 - 22, 2017) Join us on November 21/22 in London, England for the Cyber Senate Aviation Cyber Security Summit. We will address key issues such as the importance of information sharing and collaboration, supply chain...

Federal IT Security Conference (Columbia, Maryland, USA, November 14, 2017) The Federal IT Security Institute (FITSI) in partnership with Phoenix TS in Columbia, MD is hosting the second annual Federal IT Security Conference. Speakers from NIST, DHS, the Defense Department as...

Sector (Toronto, Ontario, Canada, November 13 - 15, 2017) Illuminating the Black Art of Security. Now entering its 11th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving...

Countermeasure (Ottawa, Ontario, Canada, November 9 - 10, 2017) Now into its sixth year in Ottawa, and consistently advancing in both size and content quality, COUNTERMEASURE continues to be the national capital's premier IT security event. As in years past, attendees...

2017 ICIT Gala & Benefit (Washington, DC, USA, November 9, 2017) The Annual ICIT Gala and Benefit is the year’s most prestigious and intimate gathering of legislative, agency and private sector leaders committed to protecting our Nation’s critical infrastructures. This...

4th Annual Journal of Law & Cyber Warfare Conference (New York, New York, USA, November 9, 2017) Join thought leaders across the industry for a day of collaboration and education with an outstanding group of cyber security experts. In this one-day program, we continue JLCW's 5+ year reputation for...

Fourth Annual JLCW Conference (New York, New York, USA, November 9, 2017) The 2017 Journal of Law and Cyber Warfare symposium speakers represent an unparalleled group of cyber security experts with a wide variety of industry expertise and knowledge. Attendees will hear from...

SINET Showcase 2017 (Washington, DC, USA, November 8 - 9, 2017) SINET – Washington DC provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity. As always, this event...

Connected Medical Device & IOT Security Summit (Baltimore, Maryland, USA, January 25 - 26, 2018) The Summit will offer practical solutions to many of the daunting security challenges facing medical device and connected health technology companies, healthcare providers, payers and patients. The program...

CyCon US (Washington, DC, USA, November 7 - 8, 2017) The 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.) will take place 7-8 Nov 2017 at the Ronald Reagan Building in Washington D.C. CyCon U.S. facilitates knowledge generation and information...

RSA Conference 2017 Abu Dhabi (Abu Dhabi, UAE, November 7 - 8, 2017) RSA Conference 2017 Abu Dhabi is the leading information security event in the region. This year's Conference will take place 7 to 8 November at the Emirates Palace in Abu Dhabi. Join us for two days of...

National Initiative for Cybersecurity Education Conference and Expo (Dayton, Ohio, USA, November 7 - 8, 2017) Cybersecurity has emerged as one of the leading creators of jobs and opportunity for all economic sectors. The demand for cybersecurity positions in both the public and private sector is large and growing,...

POC 2017 (Seoul, Korea, November 2 - 3, 2017) POC started in 2006 and has been organized by Korean hackers & security experts. It is an international security & hacking conference in Korea. POC doesn't pursue money. POC concentrates on technical and...

Exploring Health IT Innovation and Cybersecurity in the Digital Era (Kalamzoo, MIchigan, USA, November 2 - 3, 2017) Government, industry and academic leaders in health information technology and cybersecurity will headline a conference focused on "Exploring Health IT Innovation and Cybersecurity in the Digital Era"...

Cyber Security Summit: Boston (Boston, Massachusetts, USA, November 1, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Boston. Receive...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.