skip navigation

More signal. Less noise.

Optimize your security teams with threat intelligence.

At Recorded Future, we believe every security team can benefit from threat intelligence. That's why we've launched our new Threat Intelligence Grader — so you can quickly assess your organization's threat intelligence maturity and get best practices for improving it. Get your Threat Intelligence Score™.

Daily briefing.

Cryptojacking continues to preoccupy cybercriminals. They're succeeded in restocking Google Play with at least twenty-five cryptomining apps, according to researchers at Sophos. Google has ejected some of the cryptojackers, but not all, and when they finish the purge, others are likely to take their place. Most of the apps use embedded Coinhive code to mine Monero. A lot of them masquerade as games; others represent themselves as test prep tools. If you're preparing for the LSAT, the SAT, the ACT, the GRE, the MCAT, or even the PSAT, look elsewhither. 

The runner-up in cybercrime remains ransomware. Scotland's Arran Brewery was hit with a targeted version of Dharma Bip last week. They declined to pay the ransom and have, they say, recovered. The infection vector was an emailed cover letter accompanying a job application.

In response to user backlash, Google has decided to offer an opt-out for its automatic Chrome login.

The US Congress is holding hearings this week on privacy, and Big Tech, which fears an American GDPR, is taking them seriously.

As US midterm elections approach, state and Federal officials are talking (and seem to be doing) a great deal about securing voting systems. The political campaigns themselves, however, seem to be a different kettle of fish. A lot of them appear to be sliding into learned helplessness about their own data and communications—it's difficult and expensive to secure things, so maybe they should hope for the best. Expect some doxing, at least, as campaigns enter their endgames.

Notes.

Today's issue includes events affecting Brunei, Cambodia, Canada, China, India, Indonesia, Laos, Malaysia, Myanmar, Philippines, Russia, Singapore, Spain, Thailand, United Arab Emirates, United Kingdom, United States, and Vietnam.

Is your company passionate about empowering women to succeed in the cyber security industry?

The CyberWire’s 5th Annual Women in Cyber Security reception is a networking event that highlights and celebrates the value and successes of women in the cyber security industry. Leaders from the private sector, academia, and government from across the region and at varying points on the career spectrum can connect with each other to strengthen relationships while building new ones. Consider sponsoring the event. Limited sponsorships are available. Visit our website to learn more.

In today's podcast we hear from our partners at Virginia Tech's Hume Center, as Dr. Charles Clancy talks about university spin-offs and partnerships. Our guest is Dinah Davis from Code Like a Girl on how men can help increase diversity through mentorship.

FireEye Cyber Defense Summit 2018 (Washington, DC, United States, October 1 - 4, 2018) Get trained by a FireEye expert at our annual Cyber Defense Summit. Training opportunities at this event offer attendees hands-on, small-group, interactive sessions with some of the most experienced FireEye cyber security experts.

CyberMaryland Job Fair on October 9 in Baltimore, MD. (Baltimore, Maryland, United States, October 9, 2018) Cleared and non-cleared cybersecurity pros make your next career move at the CyberMaryland Job Fair, October 9 in Baltimore. Meet leading cyber employers including Bank of America, FireEye, NSA, Raytheon, USCYBERCOM and more. Visit ClearedJobs.Net or CyberSecJobs.com for more details.

Dragos Industrial Security Conference (DISC) 11/5/18 (Hanover, Maryland, United States, November 5, 2018) Reserve your spot now for the Dragos Industrial Security Conference (DISC) on November 5th, 2018. DISC is a free, annual event for our customers, partners, and those from the ICS asset community. Visit https://dragos.com/disc/ for more information.

Cyber Attacks, Threats, and Vulnerabilities

Hackers attack RWE website amid Hambach Forest evictions (Deutsche Welle) Unknown hackers have launched large-scale DDoS attacks against German energy company RWE, crippling its website. The attack comes as police clear protesters from the Hambach Forest site where RWE plans to mine for coal.

Cryptojacking apps return to Google Play Market (Sophos News) At least 25 Android apps on the official Google Play store contain code that mines cryptocurrencies in the background.

Stealthy cryptomining apps still on Google Play (Help Net Security) Researchers have flagged 25 stealthy cryptomining apps on Google Play, and some of these have still not been removed, they warn.

Malware hits Freelancers at Fiverr and Freelancer.com (HackRead) Unfortunately, unsuspected freelancers are falling for the malware scam.

Mac OS Mojave zero-day warning (ComputerWeekly) The latest version of Apple’s Mac operating system contains a vulnerability that could be exploited by attackers to access protected files, a researcher warns.

Candidates hit snooze button on hacker threat, saying defending cyberattacks is hard (Olympian) The Federal Election Commission reported Democratic and Republican party candidates don’t spend enough money defending campaigns from cyber threats, even when they’re aware of the dangers of getting hacked.

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security (CSO Online) The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

The Human Factor in Social Media Risk (Dark Reading) Your employees need help recognizing the warning signs and understanding how to protect themselves online.

Which Mobile Threats Do You Need to Prepare For? (Security Intelligence) As the workforce has embraced digital transformation, the volume and frequency of mobile threats has skyrocketed. Which threats should your organization be worried about?

One Emotet infection leads to three follow-up malware infections (SANS Internet Storm Center) During 2018, Emotet has been a continual presence in the malicious spam (malspam) landscape.

Barcelona unaffected by cyber attack (Port Strategy) Operations at the Port of Barcelona have remained unaffected by a cyber attack last week.

Scottish Brewery Recovered from Ransomware Attack (Infosecurity Magazine) Arran Brewery raises a glass to successful recovery from targeted cyber-attack.

Brewery became victim of targeted ransomware attack via job vacancy ad (CSO Online) Hackers took a job ad on the Arran Brewery website and posted it on international recruitment sites. One of the resumes submitted as a result had a Dharma Bip ransomware payload.

COI on SingHealth cyber attack: Alarm bells did not ring for key cyber-security employee despite suspicious activity (The Straits Times) A key cyber-security employee at Integrated Health Information Systems, SingHealth's technology vendor, was on holiday when suspicious activities were first detected on SingHealth's network in June this year.. Read more at straitstimes.com.

DoorDash customers say their accounts have been hacked (TechCrunch) Food delivery startup DoorDash has received dozens of complaints from customers who say their accounts have been hacked. Dozens of people have tweeted at @DoorDash with complaints that their accounts had been improperly accessed and had fraudulent food deliveries charged to their account. In many c…

Cyber-Attack automation gives hackers unprecedented advantage (Houston Chronicle) Houston-based security company Alert Logic released a report flagging increasing cybersecurity concerns across industries.

Meet Your Uninvited Guest- The Capitalistic Cybercriminal (CRN) As long there is money to be made, cybercriminals will continue to take advantage of our security weakness to pick our pockets! And hackers are a dime a dozen, with lots of tools at their disposal. Check out this Cyber Threat Report, brought to you by Sophos, to learn more about the capitalistic cybercriminal and the money behind malware.

Security Patches, Mitigations, and Software Updates

Google to give Chrome users an opt-out to ‘forced login’ after privacy backlash (TechCrunch) Google has responded to blowback about a privacy hostile change it made this week, which removes user agency by automating Chrome browser sign-ins, by rowing back slightly — saying it will give users the ability to disable this linking of web-based sign-in with browser-based sign-in in a fort…

Third-Party Patch Available for Microsoft JET Database Zero-Day (SecurityWeek) An unofficial patch is already available for the unpatched Microsoft JET Database Engine vulnerability that Trend Micro's Zero Day Initiative (ZDI) recently made public

Outrunning Attackers On The Jet Database Engine 0day ()Patch) Micropatching Makes It Possible To Create And Apply Patches Before Attackers Write a Reliable Exploit by Mitja Kolsek, the 0patch Team ...

Cloudflare Encrypts SNI Across Its Network (SecurityWeek) Cloudflare this week announced it has turned on Encrypted SNI (ESNI) across all of its network, making yet another step toward improving user privacy

Why Mojave’s dark mode isn’t dark enough (Ars Technica) Our creative director mocks up the way he wishes dark mode would look instead.

Cyber Trends

Why Are Breaches Getting Worse? (Infosecurity Magazine) Despite increased budgets, better awareness and improved board buy-in, data breaches are not only becoming more common, but also more explosive.

The Cyber Kill Chain Gets A Makeover (Dark Reading) A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.

PKI Use is Main Driver for IoT Security (Infosecurity Magazine) Adoption of PKI is enabling the use and management of IoT devices in the business

Social engineering attacks skyrocket more than 500 percent (Fifth Domain) Social engineering methods of hacking jumped five-fold in the past quarter thanks in part to the World Cup.

McAfee Labs Threats Report (McAfee Labs) Welcome to the McAfee® Labs Threats Report September 2018. In this edition, we highlight the notable investigative research and trends in threats statistics gathered by the McAfee Advanced Threat Research and McAfee Labs teams in Q2 of 2018.

New tactics subvert traditional security measures and strike organizations of all sizes (Help Net Security) Alert Logic's State of Threat Detection 2018 report shows attackers are gaining scale through new techniques such as killchain compression.

Attack Threats Believed to Increase Collaboration (Infosecurity Magazine) Pros believe potential threats have a positive effect on information sharing, says AlienVault.

Full compliance with the PCI DSS drops for the first time in six years (Help Net Security) Verizon survey stats show the first PCI DSS compliance drop in six years. Global compliance only reached 52.5% in 2017, down from 55.4% compliance in 2016.

Verizon’s payment study shows businesses are more vulnerable to cyber crime (VentureBeat) Compliance with payment security standards dropped for the first time in six years, making businesses more vulnerable to cyber crime, according to a new report from Verizon.

Cryptocurrency mining malware increases 86% (Help Net Security) McAfee released its McAfee Labs Threats Report September 2018, examining the growth and trends of new cyber threats in Q2 2018.

Cryptojacking Uncrowns Ransomware as Major Threat for Healthcare Industry (Security Boulevard) The healthcare industry is among the top targets of cyberattacks, especially since the internet of things found its way into the industry and completely revolutionized it. After healthcare’s share of ransomware attacks in 2017, and a great deal of data theft, phishing and more ransomware in 2018, cybercriminals gradually switched methods, tapping into the cryptojacking space.

UK Bosses Get Tough on Supply Chain Security (Infosecurity Magazine) A third would terminate contract if negligence caused a breach

Marketplace

On the new battlefield, the Navy has to get software updates to the fleet within days, acquisition boss says (C4ISRNET) If the U.S. Navy can't get software updates to the fleet fast, it's falling behind on the modern battlefield.

What went wrong at Instagram and how Zuckerberg, once untouchable, is now vulnerable (The Telegraph) In every gangster movie, there comes a moment where the Don has to lay down the law.

Keychain Closes $1 Million Round to Deploy Data Provenance Infrastructure (Markets Insider) Keychain raised US$1,000,000 in a first round comprised of Monex Ventures, Inc., IDATEN Ventures LLC, and th...

Sequretek raises Rs 27 Cr led by Unicorn India Ventures (Entrackr) Cybersecurity startup Sequretek has raised Rs 27 crore in a bridge round led by existing investor Unicorn India Ventures and GVFL.

Genesis10 and HolistiCyber Form Partnership (Genesis10) Genesis10 announced plans to formally partner with HolistiCyber in order to complement the firm’s IT Services. HolistiCyber is an Israel-based, global provider of the most sophisticated, nation-state-level cybersecurity services and capabilities,

LORCA seeks cyber stars to tackle industry’s two biggest cybersecurity challenges (New Electronics) The London Office for Rapid Cybersecurity Advancement (LORCA) has launched an open call for its second cohort of cyber innovators.

Abu Dhabi-based DarkMatter seeks to nurture regional cybersecurity talent (TahawulTech.com) DarkMatter has unveiled its new strategy aimed at being region’s first and only fully-integrated digital transformation, defence and cybersecurity solutions provider.

DarkMatter expands to include DX services (ITP.net) UAE cybersecurity specialist adds digital transformation arm as part of business shift.

ISEC7 Group Joins AppConfig Community (UNN GmbH) The successful solution ISEC7 Mobile Exchange Delegate to activate common business use cases across enterprise mobility management deployments.

Products, Services, and Solutions

GlobalPlatform Simplifies Implementation of Standardized IoT Device Security (Global Platform) New configuration helps device manufacturers to protect constrained devices from hackers and malware

Endace Launches World's First Petabyte Network Recording Appliance (PRNewswire) Redefines security and performance analytics with a 5x leap in storage density, 40Gbps recording and triple the analytics throughput

Almost Every Major Free VPN Service is a Glorified Data Farm (HackRead) If you are a VPN user it is time to come out from the myth that every VPN is here to secure your privacy.

Lockpath Announces New Platform for Security Configuration Assessment (PRNewswire) Blacklight Platform to Help Organizations Proactively Harden Systems and Ensure Device Compliance

Barracuda Announces Integration with Microsoft Azure Virtual WAN (Barracuda Networks) Barracuda CloudGen Firewall Now Available for Customers Using Azure Virtual WAN for Large-scale Branch Connectivity

Protect IoT Devices from Cybersecurity Threats with AT&T and Ericsson (AT&T) AT&T and Ericsson will test devices under industry program to build a more secure wireless ecosystem for the internet of things to combat the growing cybersecurity threats.

Crowdfense launches Vulnerability Research Hub for top security researchers (Help Net Security) The Crowdfense Vulnerability Research Hub is a process-oriented platform for researchers and brokers interested in trading 0day cyber capabilities.

ExtraHop brings enterprise network traffic analysis to the cloud through Microsoft Azure (Help Net Security) ExtraHop Reveal(x) offers threat visibility across the hybrid enterprise allowing SecOps teams to detect threats and act to eliminate them.

Symantec protects Office 365 with DLP and new data rights management (Help Net Security) New enhancements to Symantec Data Loss Prevention (DLP) technology provide visibility, protection and control of data no matter where it lives or travels.

Verizon Digital Media Services Unleashes Managed Cloud Security (Channel Partners) Verizon Digital Media Services' managed cloud security offering complements features previously available within the cloud security solution, including a dual web application firewall (WAF), distributed denial-of-service (DDoS) protection, bot management and real-time analytics and reporting.

Viakoo Demonstrates Automated Service Assurance Solution To Assist With Compliance Challenge At GSX 2018 (Security Informed) Viakoo, a provider of a proven means to proactively automate surveillance and access control system verification in the security industry, is demonstrating solutions to assist in proving and...

ECS Federal Lands Contract for FBI Cybersecurity Program Support (GovCon Wire) TYSONS CORNER, VA, September 25, 2018 — ECS Federal will help develop and manage the Cybersecurity R

Cloudflare partners with Microsoft, Google and others to reduce bandwidth costs (TechCrunch) Say hello to the Bandwidth Alliance, a new group led by Cloudflare that promises to reduce the price of bandwidth for many cloud customers. The overall idea here is that customers who use both Cloudflare, which is turning eight years old this week, and a cloud provider that’s part of this all…

Technologies, Techniques, and Standards

The gap between network cyber security and control system engineers prevents control systems from being secured (Control Global) Control system cyber security is a team sport yet we still don’t have team participation. Until that time, control systems cannot be secured or be maintained in a safe manner.

A Step in the Right Direction for Small Business Cybersecurity (Infosecurity Magazine) The NIST Small Business Cybersecurity Act will help organizations gain access to mechanisms that only seemed attainable by larger, better-resourced organizations.

Venafi Study: How Succesfully Are Federal Agencies Responding to BOD 18-01? (Venafi) Venafi study reveals that Federal IT professionals are overconfident in the ability to effectively respond to Binding Operational Directive (BOD) 18-01.

Google Maps Is a Better Spy Than James Bond (Foreign Policy) Open-source intelligence is a vital tool for governments—and for checking them.

How to Make the Business Case for an Intelligence Program (SecurityWeek) There are many challenges inherent to starting an intelligence program, but making a business case for one can be among the most difficult.

Without Handcuffs: Creating A Culture of Compliance (SecurityWeek) Over time, holding people responsible will lead individuals to see how their actions impact the security of the organization and come to consider themselves responsible for the security of the company.

Hacking Back: Simply a Bad Idea (Dark Reading) While the concept may sound appealing, it's rife with drawbacks and dangers.

Design and Innovation

Cyber Spies Don’t Have to Worry About Robots Taking Their Jobs, Intel Chief Says (Nextgov.com) The intelligence community will still need human analysts even as when machine learning does more, Director of National Intelligence Dan Coats told students.

Blockchain and GDPR, Can they go hand to hand with each other? (Crytpoground) The discussion around the General Data Protection Regulation (GDPR) crosswise over the European Union (EU) countries is substantially more seasoned than the information wellbeing contentions related to Facebook, Target, and numerous different organizations.

Online giants are feeding children 'social heroin', warns former Google Design Ethicist (The Telegraph) Social media is like “heroin” for children but Silicon Valley engineers don’t realise as they’re largely in their 20s and childless, Google’s former Design Ethicist has claimed.

Safari’s “Siri Suggested” Search Results Highlighted Conspiracy Sites And Fake News (Buzzfeed) The Siri Suggested recommendation feature inside Safari promoted Pizzagate videos, Holocaust denier articles, and debunked race science posts.

Research and Development

Zephyr and Fuchsia take different paths to security (LinuxGizmos.com) At the recent Linux Security Summit, NSA computer researchers describe their contributions to security code in Zephyr and Fuchsia OSes. Each security stack differs considerably from each other and from Linux.

Bluefin Announces the Granting of Continuation Applications on Two Core Patents (Markets Insider) Bluefin, provider of the leading payment security platform supporting payment gateways, processors and indepen...

Academia

National workshop on cryptography begins at USTM (The Shillong Times) The ancient art of secret writings in signs and codes has come a long way and cryptography has become an indispensable tool to protect secrecy in many spheres of life.

Purdue, Infosys Detail Cybersecurity Training Efforts (Inside Indiana Business) India-based Infosys (NYSE: INFY) and Purdue University are providing more details on one aspect of a partnership announced more than a year ago. The university says it will provide intensive cybers...

Legislation, Policy, and Regulation

ASEAN members commit to a unified stand against cybercrime (CSO) During the Singapore International Cyber Week 2018, ASEAN member states agreed to strengthen cyber coordination and capacity-building efforts for a more effective defence against cyber threats

German cyber defense blends military and commerce (Deutsche Welle) A cyber defense training pact has been signed by Deutsche Telekom and Germany's Bundeswehr. Their deal expands a network of commercial and federal information security hubs centered in Bonn.

No need to ban Huawei in light of Canada’s robust cybersecurity safeguards, top official says (The Globe and Mail) Head of cybersecurity dismisses calls to join U.S. and Australia in blocking Chinese firm

New cybersecurity chief defends approach to Huawei security concerns (MobileSyrup) Canada's newest cybersecurity chief has defended the country's approach to rumours of Huawei security risks.

The Implications of Defending Forward in the New Pentagon Cyber Strategy (Council on Foreign Relations) The concept of "defend forward" is heavily emphasized in the new Department of Defense cyber strategy. Despite what others may think, defending forward in cyberspace is not a new concept. 

The Marines want to test all recruits for cyber skills (Fifth Domain) The test provides another tool for talent management in an increasingly modern battlefield.

New Ofcom Rules Could Help Tackle Vishing (Infosecurity Magazine) Regulator clamps down on nuisance calls

Litigation, Investigation, and Law Enforcement

Google will acknowledge privacy mistakes to US Senate (CRN Australia) Will provide testimony to committee this week.

Testing Firm NSS Labs Declares War on Antivirus Industry (SecurityWeek) NSS Labs claims that AMTSO has organized a conspiracy against the EPP product testing industry – and specifically NSS Labs – to prevent independent testing of EPP products.

He Took Home Documents to Catch Up on Work at the N.S.A. He Got 5½ Years in Prison. (New York Times) Nghia Pho, 68, hoping to win a promotion at the National Security Agency, started taking his classified work home, where Russian hackers are believed to have stolen it.

Roman Abramovich accused over ‘money laundering and crime links’ (Times) The Russian billionaire Roman Abramovich has been accused of money laundering and having links to organised crime in a leaked Swiss police report. The Chelsea FC owner’s application for residency...

H.R. McMaster dishes on two reasons for leaks: 'One of them was to damage the president' (Washington Examiner) Former national security adviser H.R. McMaster spoke Tuesday of two reasons for leaks he's observed — addressing a national security issue he grappled with while working in the Trump administration.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

4th European Cybersecurity Forum – CYBERSEC (Krakow, Poland, October 8 - 9, 2018) CYBERSEC is a public policy conference dedicated to strategic aspects of cyberspace and cybersecurity. CYBERSEC 2017 brought together record-breaking 150 speakers and more than 1,000 delegates from all...

Cyber Security & Artificial Intelligence MENA Summit (Dubai, UAE, November 6 - 7, 2018) Cyber Security and Artificial Intelligence MENA Summit has been designed to bring you a remarkable opportunity to gain fresh insights into areas such as artificial intelligence and machine learning impact...

API Security Summit (London, England, UK, November 21, 2018) The API Security Summit, taking place in London on the 21st of November 2018 will bring together the financial services community, regulators, fintechs, TPPs and associations from across UK and Europe to find solutions to the current lack of standardisation, debate what standards/legislation may emerge in 2019, and how to plan with these in mind.

2018 Cloud Security Alliance Congress (Orlando, Florida, USA, December 10 - 12, 2018) Today, cloud represents the central IT system by which organizations will transform themselves over the coming years. As cloud represents the future of an agile enterprise, new technology trends, such...

Upcoming Events

Global Security Exchange (Las Vegas, Nevada, USA, September 23 - 27, 2018) Global Security Exchange—formerly the ASIS Annual Seminar and Exhibits—delivers new opportunities to exchange key ideas and best practices, expand global connections, and experience innovations. The GSX...

Connect Security World 2018 (Marseilles, France, September 24 - 26, 2018) While the number of IoT devices predicted by 2020 varies within tens of billions, all analysts agree that security is now the top concern of organizations looking at deploying IoT solutions. To address...

5th Cyber Operations for National Defense Symposium (Washington, DC, USA, September 25 - 26, 2018) The 2018 Cyber Operations for National Defense Symposium will focus on the evolving nature of US Cyber policies and strategies. Cyber leaders from throughout the federal government will come together to...

PCI Security Standards North America Community Meeting (Las Vegas, Nevada, USA, September 25 - 27, 2018) The PCI Security Standards Council’s 2018 North America Community Meeting is THE place to be. We provide you the information and tools to help secure payment data. We lead a global, cross industry effort...

Hack the Capitol (Washington, DC, USA, September 26 - 27, 2018) The National Security Institute is partnering with the Wilson Center and ICS Village to host Hack the Capitol, a two-day event focused on Industrial Control Systems (ICS) and security. ICS are used throughout...

COSAC & SABSA World Congress (Kildare, Ireland, September 30 - October 4, 2018) For 25 years COSAC has delivered a trusted environment in which to deliver information security value from shared experience and intensive, productive, participative debate and development. Sales content...

Monterey Cyber Security Workshop 2018 (Pacific Grove, California, USA, October 1 - 2, 2018) People with special expertise interested in making progress on the subjects at hand meet at the Monterey Incubator for a workshop to build an understanding of vital issues of the day. The workshop follows...

Cyber Defense Summit 2018 (Washington, DC, USA, October 1 - 4, 2018) FireEye's annual Cyber Defense Summit will feature both training and an opportunity to hear from the experts. Introductory, intermediate and advanced training courses will be provided during the first...

Retail Cyber Intelligence Summit (Denver, Colorado, USA, October 2 - 3, 2018) Network with 250+ CISOs and their teams from retail and consumer facing industries: restaurants, hospitality, gaming, convenience, grocery and more. Share best practices, gain insights, network. This conference...

IP Expo Europe (London, England, UK, October 3 - 4, 2018) IP EXPO Europe is Europe's number ONE IT event for those looking to find out how the latest IT innovations can drive their business forward. IP EXPO Europe is co-located at Digital Transformation EXPO...

Borderless Cyber USA 2018 (Washington, DC, USA, October 3 - 5, 2018) How do you future proof your cybersecurity strategy? Can you identify and report cyber incidences so you can respond quickly to manage consequences? Public and private sector cyber experts from across...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.