skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

This October: the CyberWire's 6th annual Women in Cybersecurity Reception.

Our 6th Annual Women in Cybersecurity Reception will be held this October 24th in the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.

After Twitter on Monday identified and suspended 936 accounts it determined were conducting information operations against the ongoing protests in Hong Kong (and modified its advertising policy to no longer accept paid advertising from state-controlled media), and after Facebook took down seven pages, three groups, and five accounts for the same coordinated inauthenticity, China's government protested the companies' actions. Beijing says the accounts belonged to Chinese living temporarily overseas: they were expressing their patriotic outrage over the Hong Kong protests. China's government added, Reuters reports, that it also had a "right to tell its story."

Group-IB has a follow-up report on Silence, the Russian-speaking criminal gang they've tracked for the last three years. Initially marked by slovenly opsec and a target set largely confined to Russia, Silence has upgraded its security game and expanded internationally. Their expansion and improvement seem opportunistic and derivative, repurposing code and perhaps personnel from other gangs, notably TA505. Their customary infection technique is phishing, beginning with a reconnaissance phase that sends bogus email delivery failure notices.

Stars and Stripes reports that US servicemembers are caught up in a large South Korean credit card breach.

Scammers are gaming search engine results with paid advertising to display their own phone numbers at the top of search results for help lines belonging to well-known brands, Naked Security reports. The ads seem to make economic sense for the criminals: they get a solid return on their marketing investment. Voice assistants have proven particularly vulnerable to this form of deception.

Notes.

Today's issue includes events affecting Armenia, Australia, Austria, Azerbaijan, Belarus, China, Cyprus, Czech Republic, Denmark, European Union, Georgia, Germany, Greece, India, Iran, Israel, Kazakhstan, Kenya, Republic of Korea, Kyrgyzstan, Latvia, Malaysia, New Zealand, Poland, Romania, Russia, Serbia, Taiwan, Turkey, Switzerland, Ukraine, United Kingdom, United States, Uzbekistan, and Vietnam.

Bring your own context.

Bug bounties used to be a mom-and-pop segment of the security market, but that's changed.

"We're definitely seeing more adoption. It's becoming much more mainstream, I would say. And also, we're actually starting to see the rewards more accurately reflect the type of value that these kinds of bugs have. You're seeing organizations offering rewards in the tens or, in some places, even hundreds of thousands of dollars, which really makes it worth that investment on behalf of the researcher to be spending the time to find these unique and interesting vulnerabilities in software."

—Ben Waugh, chief security officer at Redox, on the CyberWire Daily Podcast, 8.19.19.

Companies are also growing more comfortable with outsiders looking at their systems. (The outsiders are going to poke around in any case, right?)

Is your cybersecurity program aligned with your business goals and objectives?

Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.

In today's podcast, out later this afternoon, we speak with our partners at Lancaster University, as Daniel Prince discusses cyber risk in the global economy. Our guest, Rick Howard, from our partners at Palo Alto Networks, describes a Palo Alto study that reveals Americans' confusion about cybersecurity.

Cyber Warrior Women Summer Social: Sip and Paint (Columbia, MD, United States, August 21, 2019) Join the Cybersecurity Association of Maryland, Inc. (CAMI) for the annual Cyber Warrior Women Summer Social, an all-about-fun-and-networking event! We're adding an artistic element to this year's event with a wine glass painting exercise. No previous art experience required.

Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte (Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.

Cyber Attacks, Threats, and Vulnerabilities

Attacks by Silence (Group-IB) A comprehensive technical analysis of this small cybercriminal group’s tools, tactics, and evolution. This is the first time Group-IB’s reports of this kind have been made publicly available.

US troops may be victims of massive credit card hack in South Korea, military says (Stars and Stripes) The thefts targeted unspecified business and financial entities in South Korea and included information on at least 38,000 U.S.-issued payment cards, according to an alert distributed by the Eighth Army.

After Twitter and Facebook blame China for Hong Kong disinformation, government defends its right to online speech (Washington Post) China pushed back against claims by Twitter and Facebook that the government had run disinformation operations aimed at the Hong Kong protests. The comments underscored the challenging of setting global standards for online speech.

China cries foul over Facebook, Twitter block of fake accounts (Reuters) China said on Tuesday it had a right to put out its own views after Twitter and ...

Severe Flaws in Kubernetes Expose All Servers to DoS Attacks (BleepingComputer) Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction.

Scammers use bogus search results to fool voice assistants (Naked Security) The Better Business Bureau reports that scammers have worked out how to game search results for company customer support telephone numbers.

No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs (Register) Developer account cracked due to credential reuse, source tampered with and released to hundreds of programmers

New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry (Cofense) The CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF attachment to deliver the notorious Adwind malware. This campaign was found explicitly in national grid utilities infrastructure. Adwind, aka JRAT or SockRat, is sold as a malware-as-a-service where users can purchase access to the software for a small subscription-based fee. The malware boasts the following features: Takes screen shots Harvests credentials from Chrome, IE and Edge Accesses the webcam, record video and take photos Records audio from the microphone Transfers files Collects general system and user information Steals VPN certificates Serves as a Key Logger Email Body Fig1. Email Body...

Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response (TrendLabs Security Intelligence Blog) When we first investigated MyKings in 2017, we focused on how the cryptominer-dropping botnet malware used WMI for persistence. Like Mirai, MyKings seems to be constantly undergoing changes to its infection routine. The variant we analyzed for this incident did not just have a single method of retaining persistence but multiple ones, as discussed in the previous section. In addition to WMI, it also used the registry, the task scheduler, and a bootkit — the most interesting of which is the bootkit (detected by Trend Micro as Trojan.Win32.FUGRAFA.AB).

Criminals on the Hunt For Ransomware on Underground Forums (Threatpost) A detailed look at underground forums shows that cybercriminals aren't sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains.

Dissecting BioStar2's Vulnerabilities: Biometric Databases as the New Target (Frost & Sullivan) BioStar 2 has become the first major example of how biometric access still has its own vulnerabilities that vendors, integrators, and end users must be aware of before implementing any of these solutions within their organization.

MoviePass security lapse exposed customer card numbers (TechCrunch) Movie ticket subscription service MoviePass has exposed tens of thousands of customer card numbers and personal credit cards because a critical server was not protected with a password. Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found an exposed database on …

Apple accidentally reopens security flaw in latest iOS version (the Guardian) Vulnerability could be exploited to gain control of iPhone, users are warned

Sierra Wireless AirLink ALEOS (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, Cross-site Request Forgery, Information Exposure, Missing Encryption of Sensitive Data 2.

Siemens SCALANCE X Switches (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches --------- Begin Update A Part 1 of 2 --------- Vulnerability: Insufficient Resource Pool --------- End Update A Part 1 of 2 ---------

Zebra Industrial Printers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: Zebra Equipment: Industrial Printers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted packets to a port on the printer, resulting in the retrieval of a front control panel passcode.

Chrome users ignoring warnings to change breached passwords (Naked Security) If you were told that the password you had just entered was known to have been compromised in a data breach, what would you do?

Texas agency blames 'single threat actor' for recent ransomware attacks (TheHill) The Texas Department of Information Resources (DIR) pointed to a “single threat actor” on Tuesday as being responsible for a recent spate of ransomware attacks on small local governments and other state entities. 

Ransomware is everywhere — even in this sleepy Texas town (Los Angeles Times) When a ransomware attack hit Keene, Texas, no one noticed.

Expect more ransomware attacks like Texas (StateScoop) Hackers are tweaking their malware to create more sophisticated attacks against state and local governments, a cybersecurity expert said.

7 Florida municipalities have fallen prey to cyber attacks since last year (Naples Daily News) In Florida, seven municipalities have reported phishing or ransomware attacks on computer systems since December 2018.

Following crippling cyberattack, Tangipahoa School employees to receive limited paychecks (The Advocate) Tangipahoa Parish School System employees will receive a paycheck this week despite the district’s payroll system being disabled during a recent cyberattack, but it will be limited in that it

‘Iranian Hackers’ Claim Hack on Macon County, Ill., Website (Government Technology) The cyberincident Sunday night targeted the Circuit Clerk’s Office, hijacking control of its main web page. The perpetrator claimed to be Iranian in a message accompanied by an image of a Guy Fawkes mask.

Security Patches, Mitigations, and Software Updates

‘Kaspersky-in-the-Middle’ bugs triaged (The Daily Swig) UXSS flaw raises concerns about security software intercepting encrypted connections

Cyber Trends

Kaspersky Report Finds Nearly a Third of Healthcare Employees Never Received Cybersecurity Training (BusinessWire) A new report from Kaspersky finds employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in th

Beyond Compliance: Cyber Threats and Healthcare (FireEye) The healthcare vertical faces a range of threat actors and malicious activity. Given the critical role it plays within society and its relationship with our most sensitive information, the risk to this sector is especially consequential.

Hacking for Good: The Cult of the Dead Cow and the Rise of Hacker Culture (Decipher) Members of the Cult of the Dead Cow are joined by fellow hackers and security leaders Dug Song, Katie Moussouris, and Heather Adkins to trace the origins of hacker culture and its lasting influence.

Marketplace

Army faces familiar workforce woes in cyber, electronic warfare units (FCW) The Government Accountability Office warned the Army's rapid integration of cyber and electronic warfare force components poses staffing and training concerns.

Make Room for Unconventional Cyber Warriors (SIGNAL Magazine) International officials recommend introverts, students on the autism spectrum and middle-aged career changers for the cyber workforce.

AKUA enters Silicon Valley logistics and supply chain accelerator (Technical.ly Baltimore) The locally rooted company with a team at Spark Baltimore is one of 22 selected for the Plug and Play program, which prioritizes connecting corporations and startups.

PerimeterX Expands Offerings for eCommerce with Acquisition of PageSeal (PerimeterX Bot Defender) New Product, PerimeterX Page Defender, Now Available

CyberRisk Alliance acquires US Cybersecurity Collaborative establishing its Peer Council Business Platform (SC Media) CyberRisk Alliance ("CRA"), the holding company of SC Media, has acquired Cybersecurity Collaborative in the US, a peer council platform for Chief Information Security Officers (CISOs) and other senior-level security executives from Stuart Cohen, the company’s founder and CEO. Stuart will continue to lead the business as its chief executive.

Gemini crypto exchange led by Winklevoss names Damato as CSO (Mobile Payments Today) Gemini Trust Co., a cryptocurrency exchange led by the Winklevoss brothers, has named David Damato, the former chief security officer at Tanium, as its new CSO. While at Tanium, Damato was in charge of building and managing a team that...

ZeroNorth Names John Worrall as CEO (Yahoo) ZeroNorth, the industry’s only provider of risk-based vulnerability orchestration, announced today that John Worrall has been named chief executive officer. Worrall brings more than 25 years of leadership, strategy and operational experience to the role, across early stage and established cybersecurity

IOMAXIS Announces Paul Barboza as Chief Operating Officer (PR Newswire) IOMAXIS, LLC announced that Paul Barboza has joined the company as the Chief Operating Officer. With management...

Products, Services, and Solutions

Grupo Tecno Teams with Trustwave to Bring Cybersecurity Services to Enterprises in Mexico (Trustwave) Trustwave and Grupo Tecno, a large information technology integrator, announced an alliance to offer Trustwave Managed Security Services and cybersecurity technologies to enterprises and other institutions in Mexico and other Spanish speaking countries in Latin America.

Veracode Releases Advanced Software Composition Analysis Solution Decreasing Open Source Risk with the Power of Machine Learning and Automated Fix Information (West) Cloud-based solution helps developers prioritize and remediate open source vulnerabilities quickly within DevSecOps environments

ThreatConnect Releases Enhanced Integration with Flashpoint (Market Screener) ThreatConnect users can access near real-time Finished Intelligence and Technical Data from Flashpoint ...

YubiKey 5Ci, a Lightning/USB-C security key, eases 2-factor authentication (Cult of Mac) The first of its kind, YubiKey 5Ci provides iPhone or Mac users with very strong security access to password managers like Dashlane, etc.

ReversingLabs Launches Channel Partner Optimization Program (Yahoo) CAMBRIDGE, Mass., Aug. 20, 2019 -- ReversingLabs, a leading provider of destructive object insights delivering enterprise-scale file analysis, threat hunting, and malware.

Visa Adds New Threat Detection to Prevent Payment Fraud (BleepingComputer) Visa announced the addition of new fraud threat detection and blocking tech designed to boost transaction security and, implicitly, the integrity of its payments ecosystem.

QuintessenceLabs Developing Miniature Quantum Random Number Generator, Broadening Access to Quantum Safe Cybersecurity (Yahoo) Australian Government supports micro-chip development

Technologies, Techniques, and Standards

U.S. Cities Rethink Data Relationship With Residents (Wall Street Journal) Cities across the country are measuring everything from air quality to traffic. Privacy rules and hackers’ interest in such information are prompting city officials to think carefully about how that information is managed.

As homomorphic encryption gains steam, experts search for standards (CyberScoop) As homomorphic encryption gains greater traction, practitioners need a set of agreed parameters for implementing the algorithms.

Victimology: in the shoes of a cybersecurity analyst (ThreatQuotient) When a threat arises, the security team role is to investigate and determine the reality of an attack and its severity. This investigation makes it possible to set up a plan to defeat the offensive and, generally, better protect against certain type of attacks.

Cybersecurity Tech Accord Adopts Bug Disclosure Policies (SDxCentral) The 111 Cybersecurity Tech Accord companies all agree on the big picture: protecting customers and users and improving cybersecurity.

Keeping cameras cyber safe: The perils of wireless connectivity (The Financial Express) Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.

To pay or not to pay ransomware: A cost-benefit analysis of paying the ransom (Emsisoft | Security Blog) An in-depth look at the direct and indirect costs of ransomware and what organizations need to consider before paying the ransom.

Design and Innovation

In New Facebook Effort, Humans Will Help Curate Your News Stories (New York Times) A news section inside Facebook’s mobile app will be run by journalists and not just algorithms, the company said.

Facebook’s Clear History privacy tool finally begins rolling out in three countries (The Verge) But the United States isn’t one of them.

Cloudflare uses lava lamps to generate a fundamental resource: Randomness (Quartz) Humans and computers are horrible at making random numbers, so Cloudflare turns to natural processes.

Intel unveils first artificial intelligence chip Springhill (Reuters) Intel Corp on Tuesday unveiled its latest processor that will be its first using...

Analysis | The Cybersecurity 202: L.A. County voting system pits cybersecurity vs. disability advocates (Washington Post) The new $250 million ballot-marking device was developed over a decade to be ultra-accessible

Research and Development

Preventing privacy leaks when online data can be gathered publicly (MU News Bureau) MU researcher shares a $1.2 million grant from the National Science Foundation with the University of Illinois-Chicago and University of Illinois Urbana-Champaign

Photons entangled in terms of radial quantum states (Physics World) Radial position and momentum of light could be used to create new quantum technologies

Academia

CSM employees advance in national cybersecurity competition (SoMdNews.com) Two former College of Southern Maryland cybersecurity students who now work at the college have earned $500 scholarships and guaranteed their spots as semi-finalists in the national Cyber FastTrack competition.

Baker College Recognized by National Security Agency and U.S. Department of Homeland Security for Excellence in Cyber Defense Education (Benzinga) Baker College, Michigan's largest, private not-for-profit college and the top private transfer school in the state, has been...

Legislation, Policy, and Regulation

After Twitter and Facebook blame China for Hong Kong disinformation, government defends its right to online speech (Washington Post) China pushed back against claims by Twitter and Facebook that the government had run disinformation operations aimed at the Hong Kong protests. The comments underscored the challenging of setting global standards for online speech.

Trump Gives Huawei 90 Day Reprieve, But Customers Warned To Ditch The Brand (Forbes) The U.S. has agreed to extend Huawei's blacklist lifeline by a further 90 days, despite President Trump's last-minute threat to veto such a move.

AP Explains: US sanctions on Huawei bite, but who gets hurt? (ABC News) AP Explains: US sanctions on Huawei bite, but who gets hurt?

Huawei US-China trade dispute won’t greatly impact Australian operations: John Lord (ABC Radio) Telco giant Huawei has been banned from rolling its 5G network in Australia and "Huawei Australia” is also unable to conduct business with the US. Australian chairman John Lord joins AM for his insights.

Telia raises ‘surveillance’ concerns over new Russian security legislation (Mobile Europe) Mobile Europe & European Communications is the leading B2B title for the telecoms industry, exploring operators'​ technology strategies and providing CTOs and their teams with news, analysis and opinion about the latest developments in the sector.

Don't Renew Section 215 Indefinitely (Electronic Frontier Foundation) The New York Times reported that the Trump administration wants Section 215, the legal authority that allows the National Security Agency to collect Americans’ telephone records, renewed indefinitely. That’s despite earlier reports the NSA had shuttered its Call Details Record (CDR) Program because...

An Imperative for Action Brings On Cyber Advantages (SIGNAL Magazine) Bureaucracy must step aside to enable information warfare operational success.

Cyber Command head wants name changed (The Augusta Chronicle) U.S. Army Cyber Command is on its way to Augusta, but it might look a little different.During a keynote address at AFCEA’s TechNet Augusta 2019, Lt.

KnowBe4 Applauds Proposed Legislation for Cybersecurity Training Requirement for U.S. House Members (West) On May 10, 2019, U.S. Representative Kathleen Rice (D-NY) introduced legislation that will require House Members to partake in annual cybersecurity training.

Reclaiming the rights to one’s digital persona (The Washington Times) Most individuals keep a pretty firm grip on their possessions — the cars, the house and the stuff inside it. They’ve got a fairly accurate grasp of their money, too, by taking a quick scan of their financial assets online. Personal data, though, is another story. The complexion of the information that tech giants glean from surveilling users’ Internet activities is as murky for most Americans as a trek in the woods after dark. Americans urgently need a more effective means of ensuring that their cyber-persona is not being stalked from the digital shadows by buck-raking marketers.

Litigation, Investigation, and Law Enforcement

Flaws in Cellphone Evidence Prompt Review of 10,000 Verdicts in Denmark (New York Times) Data offered in court was flawed when technical errors linked some phones to the wrong towers or created a less-detailed picture of their locations, officials said.

Trade official for Scottish government ‘held by China’ (Times) A trade official for the Scottish government who works at the British consulate in Hong Kong has been missing for two weeks and is feared to have been detained by Chinese authorities. Simon Cheng...

Facebook's Libra Currency Gets European Union Antitrust Scrutiny (Bloomberg) EU sends questionnaires to groups tied to Libra proposals. Antitrust regulator cites ‘possible competition restrictions’.

The Justice Department is working with states on tech investigation, antitrust chief says (The Verge) "I think we just have to have proper, timely and aggressive enforcement of the antitrust laws."

Exclusive: The results from Facebook's conservative bias audit (Axios) Facebook will release the findings of a roughly year-long conservative bias audit.

Mercedes caught up in privacy storm over car trackers (CNN) Mercedes-Benz is using location sensors to track and repossess vehicles in the United Kingdom when drivers fall behind on payments, raising privacy concerns and leading one prominent politician to call for a government investigation.

Banks do not report most cybercrimes, says top cop (The Times of India) India Business News: According to Maharashtra Police special IGP (cyber) Brijesh Singh, cybercriminals are gradually targeting banks’ infrastructure rather than customers.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

SecureWorld Bay Area (Santa Clara, California, USA, August 21, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...

Pittsburgh Cybersecurity Conference (Pittsburgh, Pennsylvania, USA, August 22, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, August 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial...

Integrate (Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...

Washington DC Cybersecurity Conference (Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.