skip navigation

More signal. Less noise.

Daily briefing.

South Korea's CERT warns that an Adobe Flash Player zero-day is being exploited in the wild. Adobe is moving to patch its much exploited, often fixed product. Many security experts say the best patch for Flash Player is to simply disable it. Many observers think the exploitation, apparently in progress for two months, is the work of North Korean hackers.

Radware has located a new Internet-of-things botnet whose functionality they liken to Mirai. They've traced the host to a hacking group, San Calvicie, which operates a server in the Seychelles. San Calvicie hosts the venerable online game Grand Theft Auto: San Andreas in an environment that enables players to create and share mods. They're also in the denial-of-service protection racket, and will keep you operating for just $16 a month. They offer denial-of-service-as-a-service, too. You can direct "Corriente Divina" attacks against any target for $20.

Bitcoin's price has hit a two-month low, but cryptocurrency miners and scamming continue unabated. BeeToken speculators were just winkled out of another $1 million in Ethereum after succumbing to phishing attacks.

Threats to industrial control systems grow with the attack surface. A Mocana survey of operators shows some surprising blind spots with respect to digital hygiene.

The US Ninth Circuit has ruled in favor of Twitter in a lawsuit that sought damages from the social media platform on the theory that it culpably enabled terrorist inspiration.

The House Intelligence Committee's staff memo on surveillance practices (the "Nunes Memo") is expected to be released later today.

Notes.

Today's issue includes events affecting European Union, India, Israel, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Russia, United Kingdom, United States.

Implement these seven cybersecurity best practices for 2018.

Is your organization prepared for the threat landscape of 2018? In this article, ObserveIT takes a look at  seven cybersecurity best practices—ranging from preparing for GDPR to testing backup systems to leveling up user training—that will better prepare you for everything from spearphishing to insider threats. Rather than dwell on the past, take stock of where your organization stands today and put these best practices in place, and you’ll be well-prepared for the coming year.

In today's podcast we hear from our partners at Dragos as Robert M. Lee discusses the security (or lack thereof) of wind power systems. Our guest, Dana Simberkoff from AvePoint, discusses the trend of many women working in privacy, and why it’s one area in security where an equal number of women are being engaged. 

Cyber Attacks, Threats, and Vulnerabilities

New Adobe Flash Zero-Day Spotted in the Wild (BleepingComputer) South Korean authorities have issued a warning regarding a brand new Flash zero-day deployed in the wild.

Adobe Flash Player Zero-Day Spotted in the Wild (Threatpost) A zero-day exploit targeting Adobe Flash Players has been reported by the South Korean Computer Emergency Response Team and confirmed by Adobe.

Attackers Exploiting Unpatched Flaw in Flash (KrebsOnSecurity) Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.

Operation PZCHAO: Inside a highly specialized espionage infrastructure (Bitdefender) More than 30 years after the end of the Cold War, digital infrastructures worldwide have become strategic national fronts with the same importance as the geographical frontiers of air, land, sea and space

DDoS mystery: Who's behind this massive wave of attacks targeting Dutch banks? (ZDNet) The attackers and their motives for concerted attacks on Netherlands finance institutions remain unknown.

Hackers Have Already Targeted the Winter Olympics—and May Not Be Done (WIRED) Two state-sponsored hacking operations are plaguing Pyeongchang, with murky motivations and no clear endgame.

Iran Uses Offshore Firms to Mask Involvement in Cyberattacks, Former Israeli Lawmaker Says (CTECH) Iranian cyberattacks originate in “eleven independent companies” operating “from different countries,” Israeli venture capitalist and former politician Erel Margalit said Wednesday

These GTA: San Andreas server hosts also let you pay $20 to launch a cyberattack (CNET) Researchers discover a botnet, called JenX, linked to a hacking group that also hosts servers for Grand Theft Auto mods.

New Tool Automatically Finds and Hacks Vulnerable Internet-Connected Devices (Motherboard) Hacking just got fully automated for script kiddies.

BeeToken customers duped out of $1 million worth of Ethereum in phishing scam (SC Media US) BeeToken customers were duped out of more than $1 million worth of Ethereum in a phishing scam targeting BeeToken's initial coin offering (ICO).

Why is Bitcoin’s price down to two-month lows? (TechCrunch) Crypto investors are seeing red this week. Bitcoin plunged to two-month lows on Thursday, dipping below $9,000 for the first time since November. This week..

More bad news pushes bitcoin’s value below $9,000 (Ars Technica) Bitcoin is now down 55 percent from its December peak.

Cisco: Crypto-Mining Botnets Could Make $100m Annually (Infosecurity Magazine) Cisco: Crypto-Mining Botnets Could Make $100m Annually. Black hats are eschewing ransomware in favor of less risky ways to make cash

Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises (Dark Reading) Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.

Cyberspace Triggers a New Kind of Arms Race (SIGNAL) In dark corners of the Internet, criminals vie for access to weapons available to anyone with cash and a computer.

Fortune 500 Staff Spill 2.7 Million Log-Ins to Dark Web (Infosecurity Magazine) Fortune 500 Staff Spill 2.7 Million Log-Ins to Dark Web. Leaked usernames and passwords for online accounts represent a growing security risk

3 of 5 Fortune 500 companies vulnerable due to ManageEngine flaws (HackRead) A hacker can exploit these security flaws to gain administrator type control of the system using ManageEngine software.

3 Ways Hackers Steal Your Company's Mobile Data (Dark Reading) The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.

Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet (TrendLabs Security Intelligence Blog) The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affects more than half a million users. (The malicious extension is detected as BREX_DCBOT.A.) This botnet was used to inject ads and cryptocurrency mining code into websites the victim would visit. We have dubbed this particular botnet Droidclub, after the name of one of the oldest command-and-control (C&C) domains used.

Criminals Move to Cash in on Cryptocurrency Gold Rush (Infosecurity Magazine) Cybercriminals have developed several schemes to defraud those looking to profit from the growth in cryptocurrencies.

All businesses targeted by CEO phishing scams - losses estimated at $5.3bn (Computing) Lack of payload make many phishing emails hard to block, warns Agari

GandCrab blends old and new threat resources as ransomware evolves (SC Media UK) A ransomware threat called GandCrab has emerged during the last week of January, win itself not that newsworthy.

MindLost Ransomware Is a Piece of Junk That Wants to Collect Credit Card Details (BleepingComputer) Security researchers have discovered a new strain of ransomware that encrypts users files and redirects users to an online page to pay the ransom via credit/debit card.

Why knowledge is key in the fight against ransomware (Silicon Republic) A new Sophos report shows ransomware is becoming more sophisticated, requiring new approaches to endpoint security.

US HHS OCR issues cyber extortion newsletter (Data Protection Report) This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.… Continue reading

Simple but Effective Malicious XLS Sheet (SANS Internet Storm Center) Here is another quick analysis of a malicious Excel sheet found while hunting. The malicious document was delivered through a classic phishing attempt from Jane’s 360[1], a website operated by HIS Markit...

How the Spies Learned to Stop Worrying and Love Fitbit (Foreign Policy) The debate over whether fitness trackers should be allowed in sensitive areas has dragged on for years.

Strava Storm: Why Everyone Should Check Their Smart Gear Security Settings before Going for a Jog (Scientific American) A fitness-tracking app’s ability to reveal supposedly clandestine locations is a reality check for people lax about protecting their security and privacy

How exposed deep-sea cables could leave the economy vulnerable to a Russian attack (C4ISRNET) Fiber optic cables on the ocean floor are vital infrastructure to the world economy. A new report claims the cables are vulnerable to attack.

Groundhog Day: Third-party cyber risk edition (Help Net Security) The personal trials that Bill Murray's character Phil Connors went through were something we could all relate to as new documented instances of breaches involving a third-party pop up every week.

Security Patches, Mitigations, and Software Updates

Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks (Dark Reading) Critical use-after-free vulnerability being used in targeted attacks.

Adobe finally responds to claims of North Korean hackers exploiting Flash zero-day for TWO MONTHS (Computing) The best fix for Adobe Flash security flaws is to uninstall it

6 important security takeaways from applying Spectre and Meltdown patches (TechRepublic) After the Spectre and Meltdown vulnerabilities were discovered earlier this month, the race to guard against them was on. Here's what one systems administrator learned while applying patches.

Cyber Trends

Threats to Industrial Control Systems Grow as Vulnerabilities Increase (eWEEK) NEWS ANALYSIS: The growing number of digital interfaces to industrial control systems is increasing each year, but the percentage left unprotected on the internet is growing even faster.

Observations from Mocana Webinar – some very surprising survey results (Control Global) Wednesday, January 31st, 2018, I participated with Mocana on a webinar on the Hatman malware (Trisis – Triconex safety system) attack. The survey question responses from the webinar are the first time I have seen such a lack of confidence in firewalls and network filtering as well as such an acknowledgement that the ICS endpoint devices need to be secured.

Challenges in cloud data security lead to a lack of confidence (SearchCloudSecurity) A new study on cloud data security shows that while cloud use is up, not many people are confident that enterprise data is secure in the cloud.

UK Financial Firms Admit to "Shocking" Cybersecurity Practices (Infosecurity Magazine) 67% of respondents admit that cybersecurity practices in their organizations “would shock outsiders.”

Marketplace

Insurance Companies See Big Opportunity in Unregulated Cryptocurrency Market (Bitcoinist) Insurance companies are ready to dip their toes into the unregulated sea of cryptocurrencies, offering protection from theft and large-scale heists.

Insurers gingerly test bitcoin business with heist policies (Reuters) Major global insurers are starting to offer protection against cryptocurrency theft, willing to tackle daunting challenges it brings rather than miss out on this volatile and loosely regulated, but rapidly growing business.

Hacking Team Is Still Alive Thanks to a Mysterious Investor From Saudi Arabia (Motherboard) An investor from Saudi Arabia is apparently behind a company that bought a stake in the controversial spyware vendor.

Trend Micro sets up Toronto lab for ‘ethical hackers’ to expose security threats (Financial Post) International cybersecurity company Trend Micro is setting up a new Toronto research lab for “ethical hackers” in collaboration with Canadian telecom giant Telus Corp …

Intel names new CTO in midst of Spectre and Meltdown issues (CRN Australia) Position has not been filled since 2013.

Products, Services, and Solutions

New infosec products of the week​: February 2, 2018 (Help Net Security) Infosec products of the week include releases from the following vendors: Elcomsoft, IDrive Online, Kenna Security, and StackRox.

Wombat Security Announces New Innovative & Leading Capabilities for PhishAlarm Email Reporting Button (Wombat) New functionality provides patented features saving security and helpdesk teams time and effort to manage their helpdesk inbox

The days of VPNs are numbered (Security Boulevard) We have been talking about how it's time to re-evaluate giving full access to the corporate network for some time. In fact, Akamai's Sr. Director of Enterprise Security & Infrastructure Engineering talks about one of his core goals--No VPN--here. Over...

SonicWall to Extend Powerful Firewalls to Virtual Environments, Roll Out Next-Generation Endpoint Protection Across Hybrid Infrastructures (BusinessWire) New product offerings scale SonicWall security capabilities to endpoints, virtualized environments and third-party solutions

Bromium Application Isolation Now Available for Citrix XenServer (GlobeNewswire News Room) Virtualization-Based Cybersecurity Solution Protects Common Attack Vectors Targeting End Users

Don't Expect Big Security Improvements After Cisco's Skyport Deal (Data Center Knowledge) Acquisition’s main purpose is brainpower; Skyport appliance will sunset

The Qubes high-security operating system gains traction in the enterprise (CSO Online) Qubes OS defends at-risk enterprise users from targeted attacks, as well as drive-by malware and the Meltdown exploit.

Technologies, Techniques, and Standards

DoD launches comprehensive review of cell phone security (Military Times) A comprehensive review of how the Department of Defense uses GPS-enabled technology, is underway, the Pentagon confirmed Thursday, one day after Defense Secretary Jim Mattis was reported to be considering a ban on smartphones in the Pentagon.

Cyber Kill Chain Model Needs A Makeover (SIGNAL) Adding new steps will trap threats before they strike.

Incoming: Too Much Data Security Can Be as Bad as Too Little (SIGNAL) In today’s world, the most valuable resource is information. The fastest-growing companies are data companies.

The future of smartphone security: Hardware isolation (Help Net Security) Most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against threats. The next generation of mobile security will be primarily based on hardware rather than software solutions.

Design and Innovation

New cryptocurrencies offer better anonymity, new security challenges (CSO Online) Anonymous cryptocurrencies like Monero and Zcash help cybercriminals evade detection and make cryptojacking more profitable.

Research and Development

Trust is good, quantum trickery is better (Phys.org) An international team of scientists has proven, for the first time, the security of so-called device-independent quantum cryptography in a regime that is attainable with state-of-the-art quantum technology, thus paving the way to practical realization of such schemes in which users don't have to worry whether their devices can be trusted or not.

Researchers showcase automated cyber threat anticipation system (Help Net Security) A group of researchers is trying to develop an automatic early warning system that should help defenders take preventative action before specific cyber attacks start unfolding.

AI, Please Explain Yourself (SIGNAL) Researchers develop ways to help machines account for their decisions.

Academia

Building a Cybersecurity Profession (Infosecurity Magazine) Why education is at the heart of solving the cybersecurity skills gap

Legislation, Policy, and Regulation

Meet the Shin Bet’s cyber warriors (The Jerusalem Post) The Shin Bet’s growing team of cyber warriors is competing against opponents who are ever more “agile, flexible in their methods of operation and diversified in their execution capabilities.”

Russia Steadily Cultivating Electronic Warfare While U.S., NATO Lag Behind (Washington Free Beacon) Russia has steadily improved its electronic warfare capabilities to prepare for potential conflict with the West.

Union Budget 2018: Experts welcome cyber security initiative (BGR India) The government plans to build a secure work environment online by creating a Center of Excellences (CoEs) for disruptive technologies, including cyberspace.

US Government in Whois GDPR Warning (Infosecurity Magazine) US Government in Whois GDPR Warning. NTIA wants info to remain freely accessible despite new European privacy laws

NSA Chief Adm. Mike Rogers Expected to Retire this Spring; Leaves Complicated Legacy (USNI News) The search is on for a replacement for Adm. Mike Rogers, the head of the National Security Agency and the last Obama intelligence appointee remaining in the Trump administration. Rogers is expected to retire this spring after an eventful – and often controversial – four years. When Rogers does step down, his four-year tenure at the secretive …

House panel presses DHS, FBI to help small biz with cyber defense (FCW) As the number of cyber events rise, Congress is looking to DHS and FBI for guidance to help small businesses.

Exclusive: Aspen Institute launches cybersecurity initiative (Axios) They want to implement security solutions with buy-in from across the public and private sectors.

Litigation, Investigation, and Law Enforcement

Big questions before Nunes memo is released (CNN) President Donald Trump is expected to signal Friday that he wants a memo written by GOP staffers faulting the FBI over the Russia investigation released

Washington Awaits Nunes Memo That Has Pushed It Into Terra Incognita (NPR) Republicans leaned forward. Democrats cried foul. And national security leaders warned that the capital might be about to cross a point of no return over a memo authored by Rep. Devin Nunes, R-Calif.

Trump to approve release of GOP memo Friday over objections from law enforcement, intelligence community (Washington Post) The document, which alleges surveillance abuses by FBI, has set off a political firestorm.

Trump and FBI at war over Russia links memo (Times) President Trump’s strained relations with the FBI sank to a new low as they clashed over the expected release of a classified memo that accuses a rogue cabal of agents of plotting against him...

CNN Analyst Warns Against Releasing Nunes Memo: 'Are We Going to Be a Democracy After Today?' (Washington Free Beacon) CNN political analyst Brian Karem on Thursday described the debate over whether to release a Republican-written classified memo critical of the FBI and the Justice Department as a "tipping point for our democracy," warning the document's release may lead the country to be ruled by "demagoguery and despotism."

Media’s longtime crusade for transparency ends with Nunes memo as ‘The Post’ remains in theaters (Fox News) The media industry’s decades-old crusade for transparency ended this week as liberal pundits from a variety of news organizations called for the controversial Devin Nunes memo to stay private.

FBI Officials Knew of New Clinton Emails Weeks Before Alerting Congress (Wall Street Journal) Top FBI officials were aware for at least a month before alerting Congress that emails potentially related to an investigation of Hillary Clinton had emerged during a key stretch of the 2016 presidential campaign, according to text messages reviewed by The Wall Street Journal.

Paul asks FBI for info on Peter Strzok's and Lisa Page's level of access (TheHill) Sen. Rand Paul (R-Ky.) is calling on the FBI to release information related to the two FBI officials who sent text messages disparaging President Trump, including their current level of access within the agency.

Here’s What Happens If ‘Magnificent Bastard’ Mueller Gets Fired (WIRED) The special counsel is under attack, but if Robert Mueller gets fired, the investigation into Trump’s Russia ties and obstruction of justice could keep going.

Appeals court: Twitter can’t be sued for “material support” of terrorism (Ars Technica) 9th Circuit: “We conclude that Twitter has the better of the argument.”

House Science Threatens Subpoena for Kaspersky Documents (Nextgov.com) DHS won’t provide information about a government ban on the Russian antivirus until litigation with the company is complete.

The Publisher of Newsweek And The International Business Times Is Buying Traffic And Engaging In Ad Fraud (BuzzFeed) Several of Newsweek Media Group’s business websites are buying and manipulating traffic that originates on pirated video streaming sites. The company acknowledged buying traffic, but denies engaging in ad fraud.

Web giants warned as Finsbury Park terrorist Darren Osborne faces jail (Times) Tech giants were told last night to do more to tackle far-right propaganda after a terrorist radicalised online in weeks was convicted of driving a van into Muslims outside a mosque. Darren Osborne...

Rappler exec, reporter cite defense from cyber libel (Inquirer) Rappler Executive Editor Maria Ressa and former Rappler reporter Reynaldo Santos Jr. on Thursday insisted before the National Bureau of Investigation (NBI) that the complaint for libel against them should be dismissed.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

SecureWorld Charlotte (Charlotte, North Carolina, USA, February 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Midlands Cyber: US Cyber Market Workshop (Lutterworth, England, UK, February 27, 2018) We are delighted to announce that we will be running two workshops, led by Andy Williams, the International Director of the iCyber Centre @bwtech, Maryland. The workshops have been tailored by the team...

SecureWorld Boston (Boston, Massachussetts, USA, March 14 - 15, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Infosecurity Magazine North America Virtual Conference (Online, March 21 - 22, 2018) Tune in on Wednesday March 21 for day two of our two-day online event to learn what’s going on at the heart of the industry. Our easy to digest format offers a mix of short sessions, panel debates and...

SecureWorld Philadelphia (Philadelphia, Pennsylvania, USA, March 28 - 29, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Kansas CIty (Kansas City, Missouri, USA, May 9, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Houston (Houston, Texas, USA, May 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Atlanta (Atlanta, Georgia, USA, May 30 - 31, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Chicago (Chicago, Illinois, USA, June 5, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Twin Cities (Minneapolis, Minnesota, USA, September 6, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Detroit (Detroit, MIchigan, USA, September 12 - 13, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld St. Louis (St. Louis, Missouri, USA, September 18 - 19, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Cincinnati (Cincinnati, Ohio, USA, October 17, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Upcoming Events

Women in Data Protection, Securing Medical Devices and Health Records (Washington, DC, USA, February 9, 2018) Join some of the top cyber and privacy professionals as they talk about the landscape of the medical device and electronic health records market. They will also talk about the dangers to patients' health...

Cyber Security Summit: Silicon Valley (San Jose, California, USA, February 13, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their companies’ critical data with innovative solution providers & renowned information security experts.

Security Titans (Scottsdale, Arizona, USA, February 23, 2018) Security Titans is a ground-breaking event, bringing the biggest names in Information Security together - all in one day, on a single stage to give the nation's cyber security industry access to the very...

European Cybersecurity Forum – CYBERSEC Brussels (Brussels, Belgium, February 27, 2018) CYBERSEC Forum is an unique opportunity to meet and discuss the current issues of cyber disruption and ever-changing landscape of cybersecurity related threats. Our mission is to foster the building of...

The Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, February 28, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

Insider Threat Program Management With Legal Guidance Training Course (Herndon, Virginia, USA, March 6 - 7, 2018) The course will cover current regulations like National Insider Threat Policy NITP and NISPOM Conforming Change 2, and more. The course will provide the ITP Manager and Facility Security Officer with the...

SINET ITSEF 2018 (Silicon Valley, California, USA, March 7 - 8, 2018) Bridging the gap between Silicon Valley and the Beltway. SINET – Silicon Valley provides a venue where entrepreneurs can meet and interact directly with leaders of government, business and the investment...

PCI Security Standards Council Middle East and Africa Forum (Cape Town, South Africa, March 14 - 15, 2018) Don’t miss the data security event of the year for the payment card industry. Join us for: networking opportunities, updates on industry trends, insights and strategies on best practices, engaging keynotes...

Cyber 9-12 (Washington, DC, USA, March 16 - 17, 2018) Now entering its fifth year, the Cyber 9/12 Student Challenge is a one-of-a-kind competition designed to provide students across academic disciplines with a deeper understanding of the policy challenges...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.