skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

A CyberWire Daily News Briefing redesign is coming.

By the end of next week we'll have completed a new design for our email, the better to avoid falling into spam traps or becoming enmeshed in the array of anti-phishing measures enterprises increasingly deploy. You've seen some of the changes already with our addition of inline links to our summary.

When the redesign is complete, you'll see fewer links to suggested reading in the email itself. That selected reading will remain present in its entirety on our website, posted as always with the appropriate Daily News Briefing. We hope you'll find the new format more user-friendly. We'll announce the date of the rollout as it approaches. And, as always, thanks for subscribing and reading.

FireEye warns that Russian threat actors are conducting opportunistic and worrisome reconnaissance of the North American power grid. FireEye calls the group they’ve been monitoring “TEMP.Isotope,” but it’s better known as either Dragonfly 2.0 or, of course, Energetic Bear. TEMP.Isotope seems interested, for now, in collection and not disruption. Some of that collection is thought to be designed with a view to improving Russian power distribution, but it’s difficult to read much of the rest as anything other than battlespace preparation (WIRED).

Russia’s Ukrainian battlespace is well-prepped, and newly kinetic in the Sea of Azov. Information operations have begun: Ukraine's protests against naval attacks are just, says Moscow, an “electoral ploy” (Radio Free Europe/Radio Liberty).

Another kinetic war—the one in Yemen—is spilling over into cyberspace. The Saudi-backed government and the Iran-backed Houthi rebels are contending for control of the Internet, blocking opponents, collecting intelligence, and conducting some online banditry (Foreign Policy).

Akamai reports that the UPnProxy vulnerability that enables exploitation of the Universal Plug and Play protocol is now being used to hit unpatched devices behind router firewalls. Attacks use EternalBlue and EternalRed, which the ShadowBrokers released (and said were NSA exploits) against targeted computers. Akamai calls the campaign “Eternal Silence” (TechCrunch). More than 45,000 routers are believed to be compromised so far (ZDNet).

Dell has warned of an attempted breach of its networks, and has taken the precaution of resetting customer passwords (Threatpost).

The US has indicted two Iranians on charges related to distribution of SamSam ransomware.

Notes.

Today's edition of the CyberWire reports events affecting China, Germany, Iran, United Kingdom, United States, Venezuela, and Yemen.

How to Budget for Insider Threat Management, Proactively

According to a Ponemon Institute study, 34% of cybersecurity professionals said a lack of budget was a major barrier to effective insider threat management. So, how do you ask for the budget you need to proactively detect and stop insider threats? The latest guide from ObserveIT gives you the in-depth information you need to ask for a dedicated insider threat line item in your cybersecurity budget. Download The Guide to Budgeting for Insider Threat Management today.

In today's podcast, up later this afternoon, we hear from our partners at Terbium Labs, as Emily Wilson discusses some of the GDPR's unintended consequences. Our guest is Francis Dinha, founder and CEO of OpenVPN, discussing the VPN landscape.

And of course, because it's Thursday, Hacking Humans is up. In this episode, "Be very aware of your desire to be right," Joe explains URLs and DNS. Dave has tips to prevent holiday skimming. A bogus bank barrister is the catch of the day. ("Barrister": that's "lawyer" to you, Yankee.) Writer Ben Yagoda explains cognitive biases.

Rapid Prototyping Event: The Turing Test (Columbia, Maryland, United States, December 11 - 13, 2018) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM, is hosting a Rapid Prototyping Event in which participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process.

Cyber Attacks, Threats, and Vulnerabilities

Russian Hackers Are Still Probing the US Power Grid (WIRED) Researchers warn that utilities hackers don't need to cause blackouts to do damage.

The Other War in Yemen—for Control of the Country’s Internet (Foreign Policy) Opponents in the civil war use the web to block access, gather intelligence, and even mine cryptocurrency.

After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology (New York Times) China’s practice of breaking into American computers has become a core grievance of the Trump administration as leaders of the two nations prepare to meet.

China specialists who long supported engagement are now warning of Beijing’s efforts to influence American society (Washington Post) A new report raises concerns about efforts to curtail free speech on American campuses and obtain U.S. technology.

Hackers are using leaked NSA hacking tools to covertly hijack thousands of computers (TechCrunch) More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable. First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the lea…

Hackers are opening SMB ports on routers so they can infect PCs with NSA malware (ZDNet) Akamai says that over 45,000 routers have been compromised already.

AutoIt-Compiled Worm Spreads Backdoor via Removable Drives (SecurityWeek) Trend Micro security researchers have discovered an AutoIt-compiled worm that infects removable drives to spread the njRAT backdoor to other machines.

Russian language malspam pushing Shade (Troldesh) ransomware (SANS Internet Storm Center) Shade ransomware was spotted in the wild as early as 2014, and it was first called Troldesh.

UPnProxy: EternalSilence (Akamai) UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely...

Snakemackerel delivers Zekapab malware (Accenture) Snakemackerel delivered Zekapab malware the same day the UK government announced a draft of the Brexit agreement. Learn more about this cyber attack.

Facebook bug resurrects ghostly messages from the past (Naked Security) In the latest in a long line of SNAFUs, it seems Facebook has found a new way to inadvertently torment us: resurfacing old chat messages.

That Virus Alert on Your Computer? Scammers in India May Be Behind It (New York Times) The police outside New Delhi raided fake tech-support centers that sent false warnings to Americans and Canadians and then charged to “fix” the nonexistent infection.

Microsoft Warns of Two Apps That Expose Private Keys (Threatpost) The two apps are created by headset software company Sennheiser HeadSetup.

Dell Warns of Attempted Breach on Network (Threatpost) The company said it has reset passwords for all Dell.com customers.

Dell.com resets all customer passwords after cyber attack: statement (Reuters) Dell Inc said on Wednesday that it reset passwords for all accounts on its Dell....

NUUO Firmware Vulnerabilities Disclosed by Digital Defense, Inc. Researchers (Digital Defense) Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in NUUO NVRmini2 Network Video Recorder firmware.

NUUO Firmware Disclosure (Digital Defense) Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.

New industrial espionage campaign leverages AutoCAD-based malware (ZDNet) Researchers warn about industrial espionage group targeting companies in the energy sector with AutoCAD-based malware.

Industry Reactions to USPS Exposing User Data (SecurityWeek) Industry professionals comment on reports that a vulnerability in an API used by USPS exposed the data of 60 million customers

Pro-Bernie group hacked in quarter-million-dollar email scam (POLITICO) Our Revolution had raised the money to help a Native American tribe fight an oil pipeline.

Hacker Steals Crypto from Copay Wallets Apps (Infosecurity Magazine) Attacker uses malicious code to gain legitimate access to JavaScript library EventStream.

Make-A-Wish Website Victim of Cryptojacking Attack (Security Boulevard) Cybercriminals recently compromised the website of the Make-A-Wish Foundation, inserting a cryptomining script, also known as cryptojacking.

The new threats: trust attacks and AI malware (Computing) The latest methods are designed to manipulate, not destroy, says Darktrace

The Nature of Mass Exploitation Campaigns (Threatpost) Examples of how attackers carry out mass exploitation campaigns and how to defend against them.

How bring-your-own-land attacks are challenging enterprises (SearchSecurity) Researchers at FireEye developed a bring-your-own-land approach that endpoint security tools can't detect. Learn how this is possible, what can be done to mitigate these attacks and how enterprises can stay safe with expert Nick Lewis.

Cyber Trends

7 trends driving enterprise IT transformation in 2019 (Verizon) Verizon Enterprise Solution’s view of those enterprise technology trends that are most likely to impact our global business and government customers in 2019

Cybersecurity Threats Keep Evolving, Research Shows (eSecurity Planet) We examine 11 important cybersecurity research reports released in November -- and the controls organizations should consider.

What do AI, blockchain and GDPR mean for cybersecurity? (ABA Journal) Emerging technologies will affect cybersecurity in the coming years. Artificial intelligence and blockchain will play pivotal roles in data protection, creating new solutions, risks and regulatory headaches.

Real estate companies are prime targets for cyber attacks (Inman) A new report found that real estate companies suffered 54 cyber attacks on average this quarter. Here's why and what to do defend against them

Cyberkriminelle haben leichtes Spiel beim Weihnachtsshopping (UNN) G DATA Umfrage zeigt, dass vor Weihnachten viele Käufer die Datensicherheit beim Onlinekauf auf die leichte Schulter nehmen

Marketplace

Personnel Issues are Stymieing Pentagon's Cybercapabilities (The Daily Signal) Tech businesses often offer hard-to-beat salaries and benefits, and can onboard new people much faster than the sluggish government clearance process.

Venafi Secures $100M Financing Round Led by TCV (BusinessWire) New funding to accelerate growth and support new Machine Identity Protection Development Fund

Corvus Raises $10 Million Series A (PRWeb) Boston-based InsurTech company, Corvus, announced a $10 million Series A investment led by .406 Ventures and Hudson Structured, along with expanded funding from...

Facebook Needs A Cybersecurity Clean-Up, CyberArk Is The Company For The Job (Seeking Alpha) Facebook management faces a continuing onslaught of criticism for its data crisis and mismanagement, turning the crisis into a calamity with calls for resignati

A Plan to Turn New York Into a Capital of Cybersecurity (New York Times) With online dangers nearly everywhere, a partnership will work with local universities and global tech firms to make Manhattan a hub for data protection.

Nutanix chief slams VMware for dodging 'head-to-head' competition (CRN Australia) Claims competitor avoids Nutanix in proof of concept accounts.

Boeing Wins $383M Protected Tactical Enterprise Service Deal (Zacks Investment Research) Boeing's (BA) PTES system provides secure communications to war fighters for availing connectivity in contested environments without getting their location identified.

Products, Services, and Solutions

Surfshark - the first VPN to implement IKEv2/IPsec on its Windows app (Surfshark) Our native VPN app for Windows from now on is powered by fast and modern security protocol IKEv2/IPsec! It provides many benefits for users - from increased initial connection speeds to a longer battery life.  

Ayehu Launches Global Partner Program to Support Increasing Demand for Intelligent Automation (GlobeNewswire News Room) Program Empowers Growing Community of MSPs, OEM Partners and SIs with AI-Powered IT Automation Resources, Tools, Education and Support

CIS Introduces its First Hardened Container Image for Secure Applications in the Cloud (Sys-Con Media) Initial Configuration Now Available on AWS Marketplace for Containers

Qualys Integrates with Amazon Web Services Security Hub to Provide Users with Vulnerability and Compliance Visibility (Qualys) Extends Protection for Amazon Web Services workloads and infrastructure against critical vulnerabilities, threats from public exploits, and non-compliant deployments

Nutanix introduces Xi Cloud Services for the multicloud era (Help Net Security) Nutanix Xi Cloud Services suite gives IT teams the freedom to run their applications on the optimal platform, not restricted by technology limitations.

DriveSavers introduces the Passcode Lockout Data Recovery service for consumers (Help Net Security) DriveSavers' Passcode Lockout Data Recovery service aids with lockouts and forgotten passwords on encrypted, password-protected smartphones and tablets.

Keyfactor and Gemalto Collaborate to Deliver Secure Identity Services (IoT Evolution World) New integrated solution enables companies to confidently move certificate management and IoT security to the cloud

The French Ministry of Interior Selects Gemalto to Secure Critical Communication Mobile Networks (BusinessWire) The French Ministry of Interior has selected Gemalto, the world leader in digital security, to deliver robust connectivity and security in next-genera

noHold's AI Platform Complies with Top Industry Standards (PR Newswire) Security and compliance are key components to any successful business. According to Gartner, "Through 2022, at...

Technologies, Techniques, and Standards

Germany proposes security guidelines for routers, but not everybody is happy (Bitdefender) Anyone who has been reading the computer security headlines in recent years knows that there is a raging battle going on for control of home and SOHO broadband routers. Online criminals have woken up to the power they can exert through hijacking large numbers of routers into botnets, launching devastating distributed denial-of-service (DDoS) attacks, stealing …

Proofs of Concept Abusing PowerShell Core: Caveats and Best Practices (TrendLabs Security Intelligence Blog) We explored proofs of concept (PoCs) that would help in better understanding and preventing possible and future PowerShell Core-based threats.

Incorrect Assessments of Data Value Putting Organizations at Risk (Dark Reading) Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.

Three ways artificial intelligence can improve cybersecurity (Fifth Domain) Federal agencies should utilize AI technologies to gain more actionable insights

When to Cut Your Losses on a Wasteful Security Project (SecurityWeek) Organizations need to continually evaluate where each effort stands in relation to its allotted budget and schedule, along with the value it brings to the organization’s security posture.

Keeping data swamps clean for ongoing GDPR compliance (Help Net Security) The increased affordability and accessibility of data storage over recent years can be both a benefit and a challenge for businesses. While the ability to

Career advice: Good enough security trumps best security (CSO Online) The realization that most of the world doesn’t want the best security will help you advance in your security career.

Is security the real stuff of nightmares? (Help Net Security) With more customer data gathered and stored than ever before, the risk of implementing a sub-par security strategy effects every level of the organisation.

Agencies Will Soon Have a Cyber Hygiene Score—And Will Know Where They Rank (Nextgov.com) The AWARE score will be based on data from agencies’ continuous monitoring tools and will give the Homeland Security Department a holistic view of the government’s cybersecurity posture.

Hot fuzz: Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities (Register) Flaw-spotting toolkit already has 42 zero-days to its name

The extreme ways people protect themselves from hacks (CNN) Facebook CEO Mark Zuckerberg famously covers up his laptop's webcam with a sticker. But some people are taking personal security a step further.

Design and Innovation

The greatest security innovations of 2018 (Popular Science) Safety happens by the inch, through a relentless effort to stop the simple vulnerabilities that can lead to major threats—on our doorsteps, overseas, and in our streets.

Research and Development

DARPA, BAE to develop AI for interpreting radio-frequency signals (UPI) DARPA has selected BAE Systems to develop machine learning algorithms to decipher radio frequency signals for protection against enemy hacking and jamming attempts.

This is when AI’s top researchers think artificial general intelligence will be achieved (The Verge) Short answer: maybe within our lifetimes, but don’t hold out.

Legislation, Policy, and Regulation

Putin Accuses Poroshenko Of Electoral Ploy As Ukraine Imposes Martial Law (RadioFreeEurope/RadioLiberty) Martial law came into force across a large swath of Ukraine on November 28, following a clash at sea that Kyiv called an "act of aggression" by Moscow and Russian President Vladimir Putin claimed was a ploy to boost his Ukrainian counterpart's popularity ahead of an election in March.

NATO Readies for Cyber Threats With Wargames on Russian Doorstep (Bloomberg) Alliance gathers in neighboring Estonia to simulate attacks. Cyber increasingly seen as element of hybrid military tactics.

When South American nations look for cyber help, China looms (Fifth Domain) Cyber Command is partnering with countries in South America for cybersecurity, but is bring threatened by China.

U.K. cybersecurity agency mounts transparency push (NBC News) The goal is to prevent cyberattacks like "WannaCry," which paralyzed computer systems around the world in May 2017.

GCHQ and the NCSC publish the UK Equities Process (GCHQ) To disclose or not to disclose, that is the question.

Defense officials taking advantage of new cyber authorities (Fifth Domain) New authorities allow DoD to act faster and respond quicker to activities in cyberspace.

An Outcome-Based Analysis of U.S. Cyber Strategy of Persistence & Defense Forward (Lawfare) The new U.S. Cyber Command vision and the Department of Defense Cyber Strategy embody a fundamental reorientation in strategic thinking.

Congress has refused to restore net neutrality as Dec. 10 deadline nears (Ars Technica) There's almost no Republican support for forcing vote to restore net neutrality.

Trump nominees testify before Senate panel on plans for election agency (TheHill) A pair of President Trump's nominees for a federal election agency testified before a Senate panel Wednesday on their plans to help state and local officials administer elections.

FCC Gets Complaint: Proposed Ham Radio Rules Hurt National Security (Hackaday) On November 10th, [Theodore Rappaport] sent the FCC an ex parte filing regarding a proposed rule change that would remove the limit on baud rate of high frequency (HF) digital transmissions. Accord…

Estonia’s CIO Tackles AI Strategy For Government (Wall Street Journal) As artificial intelligence weaves itself into the fabric of government services in the small Northern European country of Estonia, the government’s top technology executive says it’s necessary to formalize a strategy for how the technology should be used.

Litigation, Investigation, and Law Enforcement

Ransomware Suspects Indicted (Federal Bureau of Investigation) Two Iranian men were indicted in connection with the deployment of the sophisticated and sinister SamSam ransomware that crippled the operations of critical facilities in the U.S. and Canada.

Federal Indictments in SamSam Ransomware Campaign (Dark Reading) Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.

DOJ Indicts Hackers for Ransomware That Crippled Atlanta (WIRED) SamSam ransomware has plagued the city of Atlanta, multiple hospitals, and other institutions across the US. The feds now think they know who did it.

U.S. Targets Iranian Hackers for Laundering Bitcoin In Connection to Major Ransomware Attack (Wall Street Journal) The U.S. Treasury Department imposed sanctions on two Iranian men the administration said laundered ransomed bitcoin from a major cyberattack that hit U.S. cities, hospitals and other critical networks.

U.S. Treasury Adds Digital Currency to Means of Identifying Sanctions Targets (Wall Street Journal) The move came as part of a joint action with the U.S. Justice Department in which prosecutors announced charges against an Iranian hacking cell allegedly running a ransomware scheme. The Treasury put sanctions on two men it said had laundered the millions of dollars worth of bitcoin gained from the scheme.

Analysis | The Cybersecurity 202: Justice Department's charges against Iranian hackers are a step forward (Washington Post) But holding them accountable could be tricky.

2 Iranian hackers charged in ransomware attack on MedStar, others (Maryland Daily Record) Two Iranian computer hackers were charged Wednesday in connection with a multimillion-dollar cybercrime and extortion scheme that targeted government agencies, cities and businesses…

Facebook Considered Charging for Access to User Data (Wall Street Journal) Facebook considered charging third parties for access to user data several years ago, company emails show. Such a move would have departed from its policy against selling such data, court filings in a lawsuit against the company indicate.

Facebook staff discussed selling API access to apps in 2012-2014 (TechCrunch) Following a flopped IPO in 2012, Facebook desperately brainstormed new ways to earn money. An employee of unknown rank sent an internal email suggesting Facebook charge developers $250,000 per year for access to its platform APIs for making apps that can ask users for access to their data. Employee…

Analysis | A visual guide to the Roger Stone-WikiLeaks side of the Russia investigation (Washington Post) A complicated set of interactions over the course of 2016.

As he heads to jail, George Papadopoulos says he met Israeli cyber-security exec (Times of Israel) Shai Arbel, co-founder of Terrogence counterterrorism firm, confirms he had 'routine business meet' last year with the Trump probe convict and with Israeli businessman George Tawil

Bipartisan Senate duo asks White House to investigate ZTE's work in Venezuela (TheHill) A bipartisan pair of senators is asking the White House to look into whether the Chinese telecommunications firm ZTE violated U.S. sanctions by helping Venezuela track and monitor its citizens.

DOJ made secret arguments to break crypto, now ACLU wants to make them public (Ars Technica) In MS-13 case, ACLU is challenging sealing of DOJ filings, judge's order.

Black box data shows pilots fought control system in Indonesia crash (Ars Technica) Flight data shows bad sensor data kept forcing nose of aircraft down.

School district fails to reclaim $120,000 wired by bank to scammer (HOTforSecurity) A school district in Indiana which had $120,000 transferred from its bank account after its email account was hacked, has failed in an attempt to reclaim the cash. The problems for Lake Ridge Schools began in October 12 2016 when money earmarked for part of a seven... #fraud #school #wirefraud

Prisoners stole more than $500K from troops through dating app sextortion ring (Military Times) NCIS agents executed arrest warrants Wednesday in connection to a sextortion ring that has victimized hundreds of service members.

Symantec Tries To Delete Cyber Lab’s Antitrust Suit (Law360) Symantec Corp. on Monday urged a California federal judge to toss an antitrust suit accusing it and other cybersecurity firms of conspiring to boycott a software lab because its testing would reveal serious flaws in their own products.

Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims (Register) Profit driving NSS claims of industry boycott, antivirus makers swear

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Mid-Atlantic Collegiate Cyber Defense Competition (Laurel, Maryland, USA, March 28 - 30, 2019) The Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC)—presented by the National CyberWatch Center—is a unique experience for college and university students to test their knowledge and skills...

Infosecurity and ISACA North America Expo and Conference (New York, New York, USA, November 20 - 21, 2019) In November 2019, Infosecurity North America and ISACA will align in the field of security, cybersecurity and risk management to create an incredible experience for attendees in programming, solutions...

Upcoming Events

Army Autonomy and Artificial Intelligence Symposium and Exposition (Detroit, Michigan, USA, November 28 - 29, 2018) This symposium will explore and showcase innovative ways the U.S. Army is developing critical capabilities in robotics, autonomy, machine learning, and artificial intelligence. The goals are to explore...

The Cyber Security Summit: Los Angeles (Los Angeles, California, USA, November 29, 2018) This event is an exclusive conference connecting Senior Level Executives responsible for protecting their company’s critical data with innovative solution providers & renowned information security experts.

IEEE WIE Forum USA East (White Plains, New York, United States, November 29 - December 1, 2018) IEEE WIE Forum USA East 2018 focuses on developing and improving leadership skills for individuals at all stages of their careers. Attendees will have the opportunity to hear inspirational and empowering...

Securing Digital ID 2018 (Alexandria, Virginia, USA, December 4 - 5, 2018) As an increasing number of transactions move online and are mobile-enabled, the conference will explore today’s complex world of digital identities and how they are used for strong authentication and remote...

First Annual Maryland InfraGard Cybersecurity Conference (College Park, Maryland, USA, December 5, 2018) InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely...

International Cyber Risk Management Conference (Hamilton, Bermuda, December 6 - 7, 2018) Now in its fourth year in Canada, the International Cyber Risk Management Conference (ICRMC) has earned a reputation as one of the world’s most trusted cyber security forums. We are proud to bring ICRMC...

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Wall Street Journal Pro CyberSecurity Executive Forum (New York, New York, USA, December 11, 2018) The WSJ Pro Cybersecurity Executive Forum will bring together senior figures from industry and government to discuss how senior executives can best prepare for hacking threats, manage breaches, and work...

National Cyber League Fall Season (Chevy Chase, Maryland, USA, December 15, 2018) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.