skip navigation

More signal. Less noise.

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past.

WannaCry, NotPetya, ransomware-as-a-service, and fileless attacks abounded. And, that’s not everything. The victims of cybercrime ranged from private businesses to the fundamental practices of democracy. Read The Cylance Threat Report: 2017 Year in Review Report and learn about the threat trends and malware families their customers faced in 2017.

Daily briefing.

SecurityWeek's 2018 ICS Cyber Security Conference

We conclude or coverage of last week's SecurityWeek ICS Cyber Security Conference with some notes and observations. The conference (organized by SecurityWeek) will be posting video of the presentations on its site, and they'll be well-worth your time. You can conveniently browse the conference's interactive agenda here.

On Friday Twitter took down a number of inauthentic accounts run from Iran. Earlier Iranian influence operations were artlessly direct in following the Islamic Republic's domestic and international line, but this latest round of trolling was effectively indistinguishable from the familiar St. Petersburg style. The content pushed was opportunistically divisive, directed against fissures in both American and British culture. St. Petersburg's Internet Research Agency apparently referred traffic to bogus pages operated by Iran. This could be a sign of collusion, but simple alignment of interests and recognition of good work ("good" from Moscow's point-of-view) are at least as likely.

Gab goes down after the Pittsburgh synagogue killings.

IBM announced its intention to acquire Red Hat for $34 billion, a bet that IBM's future lies in hybrid cloud and subscription-based software.

On Friday the Librarian of Congress and the US Copyright Office added more exemptions to Digital Millennium Copyright Act enforcement. The exemptions are intended to reduce the risk that legitimate security research would run afoul of the DMCA.

The FBI has glumly warned companies not to expect simple attribution to do much to deter North Korean hacking. Pyongyang really doesn't have much to fear when it comes to reputational risk alone, which shows how having nothing to lose can sometimes amount to a position of strength.

The Chinese government's policy of stationing loyal citizens, mostly ethnic Han, in the households of mostly Muslim Uighurs may remind Americans why their Bill of Rights has a Third Amendment to preclude such dragonnades.

Notes.

Today's issue includes events affecting Canada, China, Iran, Japan, Democratic Peoples Republic of Korea, Russia, Ukraine, United Kingdom, United States.

Create a culture of cybersecurity awareness with Coachable Moments.

According to The Ponemon Institute, two out of three insider threat incidents are caused by employee or contractor mistakes. The good news is, these mistakes can easily be avoided ... with the right coaching. Just in time for Cybersecurity Awareness Month, the Coachable Moments series from ObserveIT gives cybersecurity teams the tools they need to empower people to understand the policies and best-practices intended to keep them safe. Check out Coachable Moments today to learn more.

In today's podcast, out later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson tells us how data from the most recent Facebook breach have been showing up on the dark web.

New York Times Event: Cyberwarfare with Google, Department of Justice & more (Washington, DC, United States, October 30, 2018) David Sanger, national security correspondent for The New York Times will moderate a discussion on cyberwarfare, one of the greatest threats to American democracy and commerce. He will be joined by John Demers, assistant attorney general for the national security division at the Department of Justice; Yasmin Green, the director of research and development for Jigsaw, a Google company; and Dmitri Alperovitch, co-founder of CrowdStrike, who discovered Russian hacking of the Democratic National Committee.

Maryland Cybersecurity Career & Education Fair (Rockville, Maryland, United States, November 9 - 10, 2018) Join us for two dynamic days that put on display why Maryland is where cyber works. Friday will feature a career and education fair, connecting cybersecurity job seekers with opportunities across the state of Maryland. On Saturday, high school and undergraduate students compete in our cyber challenge.

Dateline SecurityWeek's 2018 ICS Cyber Security Conference

Consequences, models, and other notes on ICS security (The CyberWire) The value of models, some comparative numbers, and the perennial importance of paying attention to the basics.

Cyber Attacks, Threats, and Vulnerabilities

Facebook Removes Fake Accounts That Originated in Iran (BloombergQuint) Facebook removed 82 fake pages, accounts, groups originating in Iran to clean up its network ahead of U.S midterm elections.

Taking Down Coordinated Inauthentic Behavior from Iran (Facebook Newsroom) Today we removed multiple Pages, groups and accounts that originated in Iran for engaging in coordinated inauthentic behavior on Facebook and Instagram.

Russian disinformation on Facebook targeted Ukraine well before the 2016 U.S. election (Washington Post) Activists, officials and journalists from countries who reported abuses years earlier say Facebook took little or no action, according to an investigation for a new documentary.

How Russia, China and Iran spread propaganda in the US (Fifth Domain) Russia, China and Iran have taken different approaches in their disinformation campaign targeting the U.S., according to experts and American officials.

China Telecom accused of exploiting points-of-presence to conduct internet espionage (Computing) Series of BGP hijackings by China Telecom are no accident, warn authors of new Military Cyber Affairs repor

China has been 'hijacking the vital internet backbone of western countries' (ZDNet) Chinese government turned to local ISP for intelligence gathering after it signed the Obama-Xi cyber pact in late 2015, researchers say.

Bloomberg’s ‘bombshell’ (or dud) on Chinese espionage: Even if true, what’s new? (AEI) We are now three weeks past the publication of Bloomberg Businessweek’s “bombshell” story that claimed that groups associated with the Chinese military had managed to introduce malicious server chips during the manufacturing process in China. According to Bloomberg, the tiny chip corrupted thousands of servers that were subsequently used by some 30 US companies, including Apple and Amazon.

Amazon Reportedly Pulls Ads From Bloomberg Following Hacking Story (Fortune) The news comes after Bloomberg published a story alleging Amazon and Apple's products were hacked by China.

North Korea blamed for two cryptocurrency scams, five trading platform hacks (ZDNet) Two new reports support FireEye's characterization that North Korea is "the most destructive cyber threat right now."

FBI to private industry: Attribution won’t deter North Korean hacking - Cyberscoop (Cyberscoop) The FBI has told American companies that North Korean government hackers will continue to target financial institutions worldwide despite the U.S. government’s public attribution of such activity to Pyongyang.

Narwhal Spider APT group using steganography to deliver URLZone malware to Japanese victims (Cyware) The URLZone malware is currently being used by a threat group called Narwhal Spider to target victims in Japan. The campaign targeting Japan was spotted using a combination of steganography and malicious PowerShell.

The Resilient Satori Botnet (The Art of Transforming Network into Networking) In 2018, Satori was starting to add capabilities to exploit Claymore cryptocurrency miners in addition to the IoT exploits it had used in late 2017.

'Remini' App Used by Schools Left Personal Info Open to the World (Motherboard) The API exposed the profile photos of children, as well as email addresses, phone numbers, and milestones parents and educators use the app to preserve.

Fortnite Scams Are Even Worse Than You Thought (WIRED) YouTube videos with millions of views. Nearly 5,000 bogus websites. V-Bucks scammers have gotten out of control.

Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments (TrendLabs Security Intelligence Blog) Cybercriminals make use of old file types in brand-new ways in spam attachments, proving that they are regularly experimenting to evade spam filters.

BianLian - from rags to riches, the malware dropper that had a dream (ThreatFabric) BianLian, or when a threat actor realizes that he can make more money by transforming his dropper into banking malware.

Hacker creates seven new variants of the Mirai botnet (Security Boulevard) In September 2016, Twitter, CNN, Spotify, and many others were knocked offline by the biggest DDoS attack in history. Today we know it by the name Mirai, but no one would have imagined at the time that this attack was coming from a herd of Internet of Things (IoT) devices cobbled together to form a botnet.

Android device firmware cheats Chinese ad networks (Security Boulevard) After publishing our story about pre-installed malware on Android devices, we continued to analyze the firmware images of cheap Android devices. It is a rather sad endeavour, as our statistics put pre-installed malware as one of the top infection vectors. But, today we have a bit of a lighter story.

Malware using Excel XLAM Excel Macro enabled addins to bypass protections (My Online Security) We have been noticing a change in the malware delivery pattern with Lokibot ( and possibly other malware) over the last few days. Instead of using the more normal Excel file extensions like XLS or…

Cobalt Group tries to slip malicious PDFs past bank employees, researchers say (Cyberscoop) A financially-motivated hacking group is targeting bank employees across the globe, according to research from cybersecurity company Palo Alto Networks.

Cymulate Finds Logical Bug in Microsoft Office Suite – Word Embedded Video Code Execution (AP NEWS) Cymulate , a leading provider of Breach & Attack Simulation (BAS) solutions and a Gartner 2018 Cool Vendor, announced today it has uncovered a security flaw in Microsoft Office Suite which may affect Word users.

These bot shoppers are every sneakerhead's nightmare (CNET) Security researchers have to contend with millions of bot attacks every day. The most persistent irritant? Shoes.

Cathay Enlists Firm Once Sued for Data Breach to Help After Hack (Bloomberg) Experian hired to track identity theft after hack at Cathay. Customers question delay in disclosing the breach of systems.

Canadian Crypto-Exchange Shutters After $6m ‘Hack’ (Infosecurity Magazine) Canadian Crypto-Exchange Shutters After $6m ‘Hack’. Commentators suggest exit scam

Cyber firm claims to have hacked into Democratic fundraising files in Maryland (ABC News) A cyber firm claimed on Wednesday to have hacked into poorly protected Democratic fundraising files in Maryland.

More than just a Data Breach: a Democratic Fundraising Firm Exposure (Hacken Blog) What happens when no proper cybersec check is performed? Confidential customer data becomes exposed to all Internet users! A Maryland-based Democratic fundraising firm didn't set a password to their database. Hopefully, Hacken's specialist found a vulnerability and prevented the catastrophe.

Foley & Lardner Faced Cyber Event, But Says Data Is Safe (Law360) Foley & Lardner LLP was hit with a cyber event that disrupted its IT systems this past week, Jill Chanen, a firm spokesperson, said in an email Friday.

Girl Scouts Alerted to Possible Data Breach (Infosecurity Magazine) Girl Scouts Alerted to Possible Data Breach. Thousands may have been affected in Orange County

Cyber Trends

Fifth of US Consumers Never Return to Breached Brands (Infosecurity Magazine) PCI Pal research highlights importance of good security

Organizations feel ready to put highly sensitive data in the cloud (Help Net Security) Many corporate employees are ready to store highly sensitive data in the cloud. However, many are still skeptical of the security posture of their own

Marketplace

China's  ZTE to fall to $1bn loss after year of fines (The Telegraph) Chinese smartphone and telecoms company ZTE expects to post a $1bn (£780m) loss after a damaging year that has seen it hit by huge fines from the US over breaking economic sanctions.

IBM to acquire software company Red Hat for $34 billion (Yahoo) The transaction is by far IBM's biggest acquisition. It underscores IBM Chief Executive Ginni Rometty's efforts to expand the company's subscription-based software offerings, as it faces slowing software sales and waning demand for mainframe servers. IBM, which has a market capitalization

IBM to Acquire Red Hat for About $33 Billion (Wall Street Journal) IBM agreed to buy software-and-services company Red Hat for about $33 billion, a deal that Chief Executive Ginni Rometty hopes will boost a cloud-computing business central to an effort to revive the tech giant.

IBM swoops on Red Hat in 'game-changing' $34bn deal for cloud market (The Telegraph) Computing giant IBM has leapfrogged rivals Amazon and Microsoft to become the largest hybrid cloud provider with a $34bn deal to buy software company Red Hat.

Forget Watson, the Red Hat acquisition may be the thing that saves IBM (TechCrunch) With its latest $34 billion acquisition of Red Hat, IBM may have found something more elementary than “Watson” to save its flagging business. Though the acquisition of Red Hat  is by no means a guaranteed victory for the Armonk, N.Y.-based computing company that has had more downs than …

IBM is betting the farm on Red Hat — and it better not mess up (TechCrunch) Who expects a $34 billion deal involving two enterprise powerhouses to drop on a Sunday afternoon, but IBM and Red Hat surprised us yesterday when they pulled the trigger on a historically large deal. IBM has been a poster child for a company moving through a painful transformation. As Box CEO (and…

Gab forced offline over apparent tie to Pittsburgh synagogue shooter (Ars Technica) PayPal, Medium, Joyent, and GoDaddy all denied Gab service over the weekend.

Cyber Saturday: Roundup of Reader Reactions to Facebook's 'War Room' (Fortune) Your weekend brief on code-makers and codebreakers.

Microsoft executives remain committed to supplying tech to military - including AI (Computing) President Brad Smith explained Microsoft's controversial decision in an open letter

Products, Services, and Solutions

Netwrix unveils new Netwrix Auditor for Network Devices (Netwrix) The new Netwrix Auditor for Network Devices enables stringent control over user activity around Cisco and Fortinet infrastructures

Longview™ Partners with GlobalSign and Intrinsic ID to Deliver Robust and Comprehensive IoT Security (Global Sign) Built from the ground up with integrated security, Longview is a complete IoT solution

Mimecast provides an ‘invisible cloak of security’ for UAE law company (Intelligent CIO Middle East) With an increase in sophisticated cyberattacks against its network a leading UAE law firm realised it was time to take action. As a result, Fichte & Co. implemented Mimecast Secure Email Gateway with Targeted Threat Protection, which the company’s CIO Matthew James Peet describes as: ‘like an invisibility cloak, it is so effective.’   When […]

Sophos appoints Tech Data in regional cyber security push (Channel Asia Singapore) Sophos has entered into strategic channel partnership with distributor Tech Data across five key ASEAN markets.

Opus and Grant Thornton Team Up to Help Understaffed Risk Departments (PRWeb) Opus, a leading provider of global compliance and risk management solutions, and professional consulting services firm Grant Thornton LLP have jointly launched O

Bring visibility to shadow APIs and ensure that security standards are being met (Help Net Security) Shadow APIs are a category of backend APIs hidden from the views of traditional security tools. They often run on infrastructure in the public cloud.

Copy of Chinese Spy Chip Used in Security Training (Infosecurity Magazine) New infrastructure-security combat training offered by CYBERGYM encompasses advanced forensics analysis.

Technologies, Techniques, and Standards

How To Prevent Your Business Becoming Collateral Damage Of Geopolitical Cyber Conflict (Forbes) The democratization of cyberwarfare may have blurred the boundaries between cybercriminal and nation-state actor, but business remains firmly in the firing line. So how do you prevent your organization from becoming collateral damage during these times of increasing geopolitical cyber conflict?

What can we do to tackle today’s phishing epidemic? (Barracuda) Phishing offers a great ROI for cybercriminals, but there are some simple things you can do to protect yourself. Phil Muncaster has details in this post.

What the American Bar Association’s Formal Opinion 483 Means for Lawyers (Cooley) Last week, the American Bar Association’s (“ABA”) Standing Committee on Ethics and Professional Responsibility (the “Committee”) issued Formal Opinion 483 (the “Opinion”) that sets forth the ABA’s …

How to protect your organization from insider threats, the #1 risk for data loss (Help Net Security) If the breaches of the last 24 months have taught us anything - it’s that insider threats are a cause for equal if not greater concern.

How to Secure Your WiFi Network (The Mac Security Blog) Whether at home or at work, your wifi network is the gateway to the internet. While it lets your devices reach out into the world, it can also let hackers get into your network, potentially comprom...

Ghouls of the Internet: 6 Tips to Help Protect Your Family from the Digital Threats of Scareware and Ransomware (McAfee Blogs) Seasonally, it's a spooky time of year but our digital realities can sometimes be even more frightening. Scareware or ransomware attacks can cause individuals and businesses incredible emotional and financial distress. Here are 6 ways to help safeguard your family online.

Here's What U.S. Companies Need to do NOW for GDPR Compliance, Accordi (PRWeb) The GDPR regulation for compliance for controllers and processors has effectively passed. The deadline of May, 2018, has come and gone for thousands of North American

Design and Innovation

DeepPhish: Simulating Malicious AI to Act Like an Adversary (Dark Reading) How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.

Pentagon ‘Rebel Alliance’ Uses Hacking to Find Cyber Skywalkers (Bloomberg Government) The Defense Department’s digital team is launching a series of new hacking-centric initiatives in the hopes of recruiting skilled cybersecurity professionals – from both outside the Pentagon and among its active-duty members.

Legislation, Policy, and Regulation

Forget Russia: Is Finland the Hybrid Warfare Champion? (The National Interest) At the very least, Helsinki is making some progress. Here's the latest.

China’s Nightmare Homestay (Foreign Policy) In Xinjiang, unwanted Chinese guests monitor Uighur homes 24/7.

Regulation could 'backfire' and break up the UK crypto market, MPs warned (The Telegraph) Attempts to tame the “wild west” of digital currencies will backfire and damage the UK fintech market, experts have warned.

Feds Expand Security Researchers' Ability to Hack Without Going to Jail (Motherboard) "No researcher wants to end up in jail for discovering a vulnerability."

Microsoft to honour data localisation requests from governments (News Minute) Over 1.2 billion people use Microsoft Office in 140 countries and 107 languages around the world so the task to safeguard their data is humongous.

White House Sets Deadlines for Agencies to Protect Their Digital Crown Jewels (Nextgov.com) The new guidance also requires agencies to justify buying cyber monitoring tools that aren’t vetted by Homeland Security.

Litigation, Investigation, and Law Enforcement

No evidence from UK on cyber attack allegations: Russian embassy (UNI) In a statement given to the press, the Russian embassy to the United Kingdom said that it had not received any proof from the British officials to corroborate the claims of cyber attacks allegedly carried out by Russia against the UK infrastructure.

FBI Investigation Out of NY Leads to South Florida Pipe Bomb Suspect (New York Law Journal) The FBI has arrested 56-year-old Cesar Sayoc Jr. of Aventura Florida in connection with a string of packages containing explosives that were mailed to various public figures including former U.S. President Barack Obama and former Secretary of State Hillary Clinton.

How Feds Tracked Down Mail Bomb Suspect Cesar Sayoc (WIRED) At a press conference Friday, officials detailed how they identified Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.

Mail bomb suspect made numerous references on Facebook to Russian associates and echoed pro-Kremlin views (Washington Post) The now deleted Facebook account belonging to Cesar Sayoc, the man charged with sending pipe bombs to prominent Democrats this week, discussed his “Russian brothers” and posted video links aligned with Russian views on the Syrian war. Sayoc’s Russian-themed discussions began abruptly in 2015. But the meaning and motive of the posts, many of them rambling and hard to understand, are not clear. The Washington Post obtained the posts from a researcher who collected them before Facebook deleted the account.

For the record, I didn’t vote for Donald Trump, says Pittsburgh synagogue killer (Times) A social media profile of Robert Bowers, the suspect charged with 11 counts of murder, after the synagogue shooting in Pittsburgh yesterday, was removed shortly after the wounded gunman was...

Synagogue Shooting Suspect's Anti-Semitic Gab Posts Are Part of a Pattern (WIRED) It may never be entirely clear why Cesar Sayoc and Robert Bowers chose to carry out violent attacks. But their social media activity, on places like Gab and Twitter, mirrors a broader increase in anti-Semitism on the internet.

Qualcomm claims $7bn in royalties from Apple (Computing) Qualcomm's claims follow on from 2017 Apple patent demand

Microsoft's Digital Crime Unit busy catching cyber thugs in India (The Economic Times) Microsoft has a digital crime unit which is working round-the-clock to check cyber crimes.

California Will Pause Net Neutrality Law for Federal Suit (WIRED) The delay could stretch into years, while a lawsuit challenging the FCC's order repealing net neutrality rules is resolved.

Satori botnet author in jail again after breaking pretrial release conditions (ZDNet) Still unclear what Nexus Zeta has done, but he's now incarcerated in the SeaTac detention center.

Mirai botnet hacker ordered to pay $8.6 million in damages (Reuters) A 22-year-old hacker was ordered on Friday to pay $8.6 million in damages and se...

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks (KrebsOnSecurity) The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater.

Two Alleged Hackers Indicted for Lynda Breach (PYMNTS.com) Following a data breach at learning platform Lynda in 2016, two hackers were indicted in Florida this month on charges of extortion and hacking. One alleged hacker lived in Florida, while the other was a Canadian citizen who was a Toronto resident, according to reports. The two individuals allegedly were able to get a hold […]

Kilgore police arrest ex-student in school social media threats (Longview News-Journal) Longview police are investigating a new threat on Snapchat aimed at Longview High School students and planned to boost police presence at Friday night's football game.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Symposium on Securing the IoT (Boston, Massachussetts, USA, October 29 - 31, 2018) Join us for the Symposium on Securing The Internet of Things, featuring keynote speakers from the leading industry companies who are solving the issues of IoT and secure connectivity. There will also be...

Times Talks: Arming for Cyberwarfare (Washington, DC, USA, October 30, 2018) David Sanger, a national security correspondent and author of “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age,” will moderate a discussion in Washington, D.C., on cyberwarfare, one of the...

SecureWorld Denver (Denver, Colorado, USA, October 31 - November 1, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Cyber Security Dallas (Dallas, Texas, USA, October 31 - November 1, 2018) Cyber Security Dallas will bring top speakers and industry experts to the Dallas-Fort Worth (DFW) metroplex, which boasts one of the largest concentrations of corporate headquarters in the United States.

InfoWarCon 18 (Leesburg, Virginia, USA, November 1 - 3, 2018) InfoWarCon 18 brings together a highly elite group of political, military, academic, DIYer, and commercial cyber-leaders and thinkers from around the world. We examine the current, future, and potential...

RETR3AT Cybersecurity Conference (Montreat, North Carolina, USA, November 2, 2018) Each year, Montreat College’s Center for Cybersecurity Education and Leadership hosts RETR3AT, a conference designed to engage, educate, and raise awareness about cybersecurity in Western North Carolina...

4th Annual Cyber Southwest (CSW) Symposium (Tuscon, Arizona, USA, November 2, 2018) Be a part of the 4th Annual Cyber Southwest (CSW) Symposium set to take place at the University of Arizona, Eller College of Management - McClelland Hall in Tucson, AZ on Friday, November 2nd, 2018. CSW...

Hybrid Identity Protection Conference (New York, New York, USA, November 5 - 6, 2018) Learn what cutting-edge industry leaders are doing to improve identity protection in the modern organization and how they are boosting enterprise security. Network with the world’s leading identity experts...

Hybrid Identity Protection Conference 2018 (New York, New York, USA, November 5 - 6, 2018) The Hybrid Identity Protection Conference is the premier educational and networking event for identity experts. Learn what cutting-edge industry leaders are doing to improve identity protection in the...

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...

2nd Annual Aviation Cyber Security Summit Summit (London, England, UK, November 6 - 7, 2018) Now in its 2nd year, the Cyber Senate Aviation Cyber Security and Resilience Summit (AVCIP2018) will take place on 6th and 7th in London United Kingdom 2018. This two-day executive forum will include presentations,...

Federal IT Security Conference: FITSC 2018 (College Park, Maryland, USA, November 7, 2018) Phoenix TS and Federal IT Security Institute (FITSI) are partnering to host the third annual Federal IT Security Conference (FITSC) this November. Speakers from NIST, DHS, the Defense Department as well...

SINET Showcase (Washington, DC, USA, November 7 - 8, 2018) Highlighting and advancing innovation. SINET Showcase provides a platform to identify and highlight “best-of-class” security companies that are addressing the most pressing needs and requirements in Cybersecurity.

SecureWorld Seattle (Seattle, Washington, USA, November 7 - 8, 2018) Connecting, informing, and developing leaders in cybersecurity. SecureWorld conferences provide more content and facilitate more professional connections than any other event in the Information Security...

Infosecurity North America (New York, New York, USA, November 14 - 15, 2018) With 23+ years of global experience creating leading information security events, Infosecurity Group is coming to New York in November 2018. Infosecurity North America will provide a focussed business...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.