skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

The CyberWire's 6th annual Women in Cybersecurity Reception will be here in October.

Our 6th Annual Women in Cybersecurity Reception takes place October 24 at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.

The European Central Bank closed down one of its websites yesterday after sustaining an unspecified cyberattack on the Banks' Integrated Reporting System (BIRD). Reuters reports that ECB says no "market-sensitive data" were compromised, but that email addresses, names, and titles of BIRD newsletter subscribers may have been taken.

The Norman cryptominer, tracked by Varonis, shows some unusual evasiveness. Its DLL arrives with the Agile obfuscator. The malware also injects an obfuscated miner into an appropriate application along its execution path, and it stops mining Monero when the infected user opens Task Manager.

The Wall Street Journal reports that employees at Capital One expressed concern over what they saw as high turnover among the bank's cybersecurity unit. There are reports that a third of the cybersecurity staff left in 2018. The unit was responsible for threat hunting, firewall configuration, and similar security tasks. Even given the turnover, Capital One points out that total cybersecurity headcount actually increased over that period. Nonetheless, insiders complained of a poor organizational climate, lax security oversight, and slow deployment of security tools.

Instagram is introducing a feature that will permit users to flag information they believe to be false. Reuters has an account of the tool, which appears to be an interim gesture in the direction of controlling fake news.

US Cyber Command has posted Electric Fish malware from North Korea's APT38 threat group to VirusTotal. FireEye has reported that APT38 is heavily involved in state-directed financial crime. Its activities overlap those of the Lazarus Group.

Notes.

Today's issue includes events affecting Canada, China, European Union, India, Democratic Peoples Republic of Korea, Malaysia, United Kingdom, United States.

Bring your own context.

It's worth considering cyber insurance as part of a risk management strategy.

"Honestly, I think there's a lot of value in looking at cybersecurity insurance for some organizations. And, in fact, there could reasonably be more value than maybe buying that next hundred-thousand-dollar tool that's going to protect your network. And you need to take the time to understand the risk and the benefit. For example, insurance might protect you from a breach that occurred, and you aren't that exposed to a breach, so you don't need to buy that new network monitoring tool. You don't need to buy that solution that is expensive and you have to bring on cybersecurity resources where, because you're not so exposed or not in an industry that has a lot of interest to attackers, an insurance policy could be the better solution for you."

—David Dufour, vice president of engineering and cybersecurity at Webroot, on the CyberWire Daily Podcast, 8.14.19.

There are three things you can do with risk: accept it, mitigate it, or transfer it. Insurance transfers risk.

What are the best practices and tools for SecOps in 2019?

Read the 2019 SANS Security Operations Survey report for key insights & strategies from principal SANS Instructor Christopher Crowley & SANS Director of Emerging Technologies John Pescatore. Download your copy now.

In today's podcast, out later this afternoon, we hear from our partners at the SANS Technology Institute, as Johannes Ullrich, dean of research and proprietor of the SANS StormCast Podcast, talks through IP fragmentation in operating systems. Our guest, John Smith from ExtraHop, discusses the aftermath of an insurance claim.

CyberTexas Job Fair, August 20, San Antonio. Visit ClearedJobs.Net or CyberSecJobs.com for details. (San Antonio, Texas, United States, August 20, 2019) Cleared and non-cleared cybersecurity pros make your next career move at the free CyberTexas Job Fair, August 20 in San Antonio. Meet face-to-face with leading cyber employers. Visit our site for more details.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Cyber Attacks, Threats, and Vulnerabilities

Cybercom publicly posts malware linked to North Korean hackers (TechCrunch) U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely use…

ECB shuts down one of its websites after hacker attack (Reuters) The European Central Bank (ECB) shut down one of its websites on Thursday after ...

ECB Shuts Site After Subscriber Data Breach (Infosecurity Magazine) Central bank hit by hackers but market data remains safe

Capital One Cyber Staff Raised Concerns Before Hack (Wall Street Journal) Before a giant data breach, Capital One employees raised concerns within the company about what they saw as high turnover in its cybersecurity unit and a failure to promptly install some software to spot and defend against hacks, according to people familiar with the matter.

Capital One management was alerted by staff of multiple security issues prior to data breach (Computing) Employees were unhappy that routine cybersecurity measures were being neglected

New Malware Miner Sneakily Hides When Task Manager Is Open (CoinDesk) Meet "Norman" – a new variant of monero-mining malware that employs crafty tricks to avoid being spotted.

New "Norman" Malware Took Part in Large-Scale Cryptominer Infection (The State of Security) Researchers identified a large-scale cryptocurrency miner infection in which a new malware family called "Norman" took part.

Norman Cryptomining Employs Sophisticated Obfuscation Tactics (Threatpost) A new XMRig Monero cryptominer stands apart, despite its non-flashy name.

Meet Norman, the latest virus plundering Monero (Yahoo) For reasons unknown to Decrypt, they’ve called it “Norman.”

Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation (Inside Out Security) The Varonis Security Research team recently investigated an ongoing cryptomining infection that had spread to nearly every device at a mid-size company. Analysis of the collected malware samples revealed a...

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive (Threatpost) The savvy technique of avoiding malicious links in the email allowed the phish to reach its targets.

MetaMorph HTML Obfuscation Phishing Attack (Avanan) Hackers are building upon the recent wave of HTML attachment phishing attacks with a new campaign that uses the refresh tag to hide malicious URLs.

Analysis: New Remcos RAT Arrives Via Phishing Email (TrendLabs Security Intelligence Blog) In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIT wrapper that incorporates various obfuscation and anti-debugging techniques to evade detection, which is a common method for distributing known malware.

Microsoft Voicemail Notifications Used As Bait in Phishing Campaign (BleepingComputer) A newly spotted phishing campaign uses Microsoft voicemail notifications as baits to trick targets into opening HTML attachments that redirect to the attackers' landing pages using a meta element.

Apache Struts Called Out For Incorrect Security Advisories (Infosecurity Magazine) Open source project may have put customers at risk with wrong info

A compendium of container escapes (Help Net Security) Brandon Edwards, Chief Scientist at Capsule8, talks about about a compendium of container escapes, and the RunC vulnerability in particular.

Hackers Subvert Security Checks Like the Browser Padlock (Wall Street Journal) Recent attacks have shown that cybercriminals have co-opted techniques and tools that people commonly use to distinguish real communications and websites from fake ones, such as the padlock in a browser window.

Clickjacking Still Popular Among Online Scammers (Infosecurity Magazine) A perennial technique among online fraudsters, clickjacking isn't going away anytime soon, researchers say.

All Your Clicks Belong to Me: Investigating Click Interception on the Web (USENIX) Click is the prominent way that users interact with web applications.

Formjacking Now Accounts For Most Web Breaches (Infosecurity Magazine) Magecart and similar attacks siphon payment details direct from websites

Kaspersky AV injected unique ID that allowed sites to track users, even in incognito mode (Ars Technica) Feature Kaspersky added in 2015 also made it possible to be ID'd across different browsers.

Kaspersky Lab Exposed Users' Browsers to Website Tracking (PCMAG) Ronald Eikenberg, a journalist at German computer magazine c't, noticed the code Kaspersky Lab was injecting into browsers, and realized the privacy ramifications. 'Any website can read the user's Kaspersky ID and use it for tracking,' he wrote.

Why the deepfakes threat is shallow (Axios) Researchers say simpler kinds of disinformation are a bigger threat.

Siemens SCALANCE Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2.

Fuji Electric Alpha5 Smart Loader (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.

Johnson Controls Metasys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Metasys Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could be leveraged by an attacker to decrypt captured network traffic.

Siemens SINAMICS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to perform a denial-of-service attack.

City of Saskatoon loses $1 million to fraudster posing as executive (Saskatoon StarPhoenix) This type of fraud has not happened before at City of Saskatoon

British Airways e-ticketing bug may have exposed data on 2.5 million passengers (ConsumerAffairs) A bug has been detected in British Airways e-ticketing system which could expose a passenger’s personal data.Researchers at Wandera, a mobile security

U.S. Coast Guard warns of cyber-attack & electronic interference threats to commercial vessels (AJOT) The U.S. Coast Guard warned of a “significant cyber incident” on one ship that “exposes potential vulnerabilities on board commercial vessels” and reported on a second incident in which “unknown interference” impacted a U.S. flag vessel. Both incidents occurred in 2019

Cyber-attack leads to forensic samples backlog (BBC News) Police warn of delays to investigations and court cases after the attack led to a backlog of 20,000 samples.

A researcher made a Lightning cable that can hack your computer (The Verge) Nothing is sacred

Why You Should Never Borrow Someone Else's Charging Cable (Forbes) Cyberhackers have figured out how to implant charging cables with malware that can remotely hijack mobile devices and computers. Here's how not to be a victim.

A Buttplug Hacker Talks Security, Consent, and Why He Hacked a Buttplug (Gizmodo) Voting machines weren’t the only thing getting penetrated at DEF CON this year.

Security Patches, Mitigations, and Software Updates

Kaspersky and Trend Micro get patch bonanza after ID flaw and password manager holes spotted (Register) Quis custodiet ipsos custodes?

Firefox fixes “master password” security bypass bug (Naked Security) The bug’s in Firefox, but our advice is worth reading whether you use Firefox or not.

Critical updates for Microsoft Patch Tuesday may cause testing headaches (Computerworld) This is a huge month for Patch Tuesday as Microsoft attempts to address 93 unique vulnerabilities spanning Windows desktop and server platforms, Microsoft Office and core development tools.

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches (Computerworld) Sometime in the past few hours, Microsoft posted official warnings about an 'invalid procedure call error' associated with August patches for all versions of Windows, from Win7 onward, and encompassing all flavors of Visual Basic. Who’s testing this stuff?

Cyber Trends

Thefts from cryptocurrency exchanges continue despite increased security (Help Net Security) The CipherTrace report analyzes cryptocurrency-related crime and how countries are working to foster trust and safety in the crypto economy.

Exabeam Study: Red Team vs. Blue Team Cyberattack Tests (MSSP Alert) Security professionals often prefer red team security testing, aka "ethical hacking," over blue team security assessments & analyses, an Exabeam survey shows.

Most UK financial firms hit by cyber attack in the past year (ComputerWeekly) The majority of UK financial companies are failing to prevent cyber security incidents, mainly because of employees failing to follow security policies and a lack of security budget, a survey reveals.

Marketplace

Converged Security Solutions Buys Maverick Cyber-Defense (FinSMEs) Converged Security Solutions (CSS), a Reston, Virginia-based security company, is acquiring Maverick Cyber-Defense, LLC, a Virginia-based cybersecurity company.

Accenture to Acquire Analytics8, Australian Analytics and Data Specialists (BusinessWire) Accenture entered into an agreement to acquire Analytics8, a privately held Australian big data and analytics consultancy.

Cloudflare, in its IPO filing, thanks a third cofounder: Lee Holloway (TechCrunch) Not every co-founder is acknowledged at the companies that they help to launch. Sometimes, they quit or they’re elbowed out. Often, they’re conveniently written out of the company’s history. In the case of Cloudflare, a third co-founder who began the company with its higher-profil…

Cisco: Shivering China Comments And Tech Implications (Seeking Alpha) Cisco had some frightening comments about China.

Trade War Pain Comes to Cisco Systems (The Motley Fool) The networking hardware giant for a time seemed immune to the impacts of the U.S.-China economic conflict. Not anymore.

Kaspersky touts APAC Transparency Center as proving 100% trustworthiness (ZDNet) The company's third global Transparency Center to open next year in Malaysia.

NAVAIR Selects Sabre Systems to Perform Cyber Warfare and Resiliency R&D (SIGNAL Magazine) Sabre Systems Inc., Warrington, Pennsylvania, is awarded $42,999,468 for cost-plus-fixed-fee delivery order N68335-19-F-0533 against a previously issued basic ordering agreement (N68335-16-G-0022).

Former Coinbase CTO joins crypto startup Findora (Decrypt) Balaji Srinivasan, a former executive at leading cryptocurrency exchange Coinbase, joins a stellar group of advisors at DeFi startup Findora.

Malwarebytes Snags AlienVault's Mike LaPeters To Globalize Channel (CRN) Malwarebytes has hired former AlienVault channel chief Mike LaPeters to unite the company's different regions and different types of channel partners under a single umbrella.

Products, Services, and Solutions

New infosec products of the week: August 16, 2019 (Help Net Security) BitSight Enterprise Analytics enables more effective risk management BitSight Enterprise Analytics helps security and risk leaders gain insight into the

StackRox Kubernetes Security Platform Available via Google Cloud Platform Marketplace (PR Newswire) StackRox, the leader in container and Kubernetes security, today announced that The StackRox Kubernetes...

ZeroFOX's new solution safeguards political candidates, campaigns, and organizations from threats (Help Net Security) ZeroFOX announced the availability of a new Election Protection offering to safeguard political candidates, campaigns, and organizations from threats.

You've quit Facebook, but is it finally time to ditch WhatsApp too? (The Telegraph) So you've quit Facebook, deleted the app from your phone, cleared every cookie out of your browser history, asked the company to delete all your data and endured the mandatory one-month cooling-off period.

Microsoft, Imprivata Launch Cloud Access Security Tool for Healthcare (Dark Reading) Imprivata Identity Governance enables customers to manage the provisioning, tracking, and deprovisioning of users in hybrid on-premises and cloud environments.

Technologies, Techniques, and Standards

One easy way for underwriters to find out if their clients’ data has already been breached (Canadian Underwriter) Underwriters can better price cyber insurance if they have a clear understanding of that user’s real risk of being breached. To do that, it’s essential to understand when a user’s email and password combination has been exposed in a previous…

Organizations that scan applications in production have a reduced risk of being breached (Help Net Security) Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink.

Extending security to fourth parties your business needs, but doesn't control (Help Net Security) Fourth parties may provide a critical service but in turn extend your risk surface in ways you hadn’t understood, or can’t really attempt to control.

How to prevent data destruction from cybersecurity attacks (TechRepublic) IBM's Christoper Scott discusses malware, how cyberattackers get into environments, and why using multifactor authentication is crucial if you use an online service.

Network Deception Techniques Cut Dwell Times, Says Report (Infosecurity Magazine) Those who lay false trails for hackers can often detect them more quickly, says a survey released this week.

Counting on Quantitative Cyber Risk (Infosecurity Magazine) The perceived importance of cyber risk has almost tripled in five years, but the expertise and technology has not kept pace

How Facebook Catches Bugs in Its 100 Million Lines of Code (WIRED) For the past four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase.

Safe travels: 7 best practices for protecting data at border crossings (CSO Online) Border agents are requesting access to devices and the data on them with no regard to your organization's security policies. Here's how to protect that data and your employees.

How Secure is Your Online Store’s Rewards Program? (business.com) Hackers are going to great lengths to steal loyalty rewards' program data. It is critical businesses know this is happening and take steps to prevent it.

The ‘SAFE’ replacement for a popular Army file-sharing tool (Fifth Domain) The Defense Information Systems Agency launched a new secure file sharing site Aug. 15 as part of an effort to replace a popular tool run by the Army that had far exceeded what its creators had intended and become the go-to site for sending large files.

The Army’s new multi-domain units are understaffed (Fifth Domain) The Army accelerated the fielding of new units but did not conduct sufficient risk assessments, Congress' watchdog agency found in a new report.

Design and Innovation

An Army prototype smartphone hints at the risks of biometric security (NBC News) Biometrics have emerged in consumer electronics as an alternative to passwords, but security experts warn that they also bring new privacy risks.

Instagram adds tool for users to flag false information (Reuters) Instagram is adding an option for users to report posts they think are false, th...

At Twitter, It Seems No One Can Hear the Screams (WIRED) Twitter’s brass at an event this week struggled to balance the platform’s reputation for viral rage with the conversational mecca it wants to become.

Research and Development

A Guide to Not Killing or Mutilating Artificial Intelligence Research (War on the Rocks) Editor’s Note: This article was submitted in response to the call for ideas issued by the co-chairs of the National Security Commission on Artificial

Academia

A Summer Camp for the Next Generation of N.S.A. Agents (The New Yorker) The National Security Agency hopes that its GenCyber camps inspire young people to pursue work in cybersecurity, a field in which three hundred thousand jobs remain unfilled in the U.S. alone.

Legislation, Policy, and Regulation

Huawei boss: 'UK won't say no to us' in the roll-out of 5G (Sky News) Ren Zhengfei said the UK's decision on whether to incorporate equipment from Huawei in the roll-out of 5G is "very important".

Trump Administration Asks Congress to Reauthorize N.S.A.’s Deactivated Call Records Program (New York Times) The White House is seeking reauthorization of a law that lets the N.S.A. gain access to logs of Americans’ phone and text records — while acknowledging that the program has been indefinitely halted.

Trump administration urges Congress to reauthorize NSA surveillance program (TheHill) The Trump administration is urging Congress to reauthorize the National Security Agency's (NSA) authority to collect phone record information on millions of Americans, according to a letter obtained by The Hill.

Litigation, Investigation, and Law Enforcement

A friend for stalked women in cyberspace (The Hindu) Cyber Mithra receives 54 complaints in just 15 days of its launch

Kostya and Me: How Sam Patten Got Ensnared in Mueller’s Probe (WIRED) A political consultant crosses paths with Konstantin Kilimnik, Paul Manafort, and Cambridge Analytica, then becomes part of the Russia investigation.

Re: Investigation of the DOJ’s and FBI’s Handling of the Clinton Investigation (US Senate) We write to provide you with information that we developed as part of your investigation into the mishandling of highly classified information and operation of a non-government server for official business by Secretary Clinton and her associates. Statements made in a joint bipartisan staff interview by intelligence community officials involved in the classification review raise particular concerns that senior State Department officials sought to downgrade classified material found on the server.

Delta Sues Chatbot Provider Over 2017 Breach (Wall Street Journal) The airline is suing an artificial-intelligence company that powered a chatbot on its website, accusing it of lax cybersecurity that caused a 2017 data breach. The unusual lawsuit highlights the sensitive relations between companies that have been hacked and their business partners.

Plaintiffs argue Facebook knew of privacy leak vulnerability (Seeking Alpha) Plaintiffs in a suit against Facebook (FB +0.9%) are working to amend their complaint about the "View As" privacy leak, saying that the company knew about the risks of the feature but didn't remedy them because it would hurt business, Bloomberg reports.

Epic Games slapped with lawsuit over hacked Fortnite accounts (HackRead) Follow us on Twitter @HackRead

Second Life Is Plagued by Security Flaws, Ex-Employee Says (WIRED) A former infosec director at Linden Lab alleges the company mishandled user data and turned a blind eye to simulated sex acts involving children.

Former Employee Accused Of Stealing From Pittsburgh Cyber Security Firm (CBS Pittsburgh) A one-time system administrator for a Pittsburgh cyber security firm is charged with stealing nearly $200,000 from his former employer

Watchdog: Hiring freeze increased cyber risk at State (FCW) An extended hiring freeze at the Department of State delayed key cybersecurity initiatives and placed highly classified information at risk, according to a watchdog report.

Security Clearance Backlog Cut In Half: Kari Bingen (Breaking Defense) In April 2018 the government hit a high point of 725,000 delayed clearances. Today, the number has dipped below 360,000. In May, we reported that would-be federal employees and defense contractors waited an average of 221 days for a Secret clearance and 534 days for a Top Secret clearance.

Could Your Home Country Pride Hurt Your Security Clearance? (ClearanceJobs) ClearanceJobs is your best resource for news and information on security-cleared jobs and professionals. Learn more with our article, "Could Your Home Country Pride Hurt Your Security Clearance? ".

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

KNOW Identity (Las Vegas, Nevada, USA, April 5 - 8, 2020) The KNOW Identity Conference is the industry-leading identity event. With 2000+ attendees and 50+ content-rich sessions, KNOW is a powerful, immersive event, where the leading edge of digital identity...

Upcoming Events

AcceleRISE (Minneapolis, Minnesota, USA, August 14 - 16, 2019) Prepare for your future. Designed for young industry professionals like yourself, and presented by SIA, AcceleRISE brings together tomorrow’s security leaders for two-plus days of idea sharing, coaching, The conference, hosted by SIA’s RISE community for young professionals and those new to the industry, will present blended learning sessions featuring a mix of keynotes, panel sessions, team building exercises, peer networking and workshops.

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Pittsburgh Cybersecurity Conference (Pittsburgh, Pennsylvania, USA, August 22, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, August 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial...

Integrate (Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.