skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

The CyberWire's 6th annual Women in Cybersecurity Reception will be here in October.

Our 6th Annual Women in Cybersecurity Reception takes place October 24 at the International Spy Museum's new facility at L'Enfant Plaza in Washington, DC. The Women in Cybersecurity Reception highlights and celebrates the value and successes of women in the cybersecurity industry. The event focuses on networking, and it brings together leaders from the private sector, academia and government from across the region, and women at varying points in their careers. It's not a marketing event; it's just about creating connections. If you're interested in getting an invitation to this year's event, tell us a little bit about yourself and request one here. A very limited number of sponsorship opportunities remain, so please let us know if you're interested in one of those, too.

Google has joined Facebook and Twitter in taking down social media accounts probably operated by Chinese government sock puppets. Mountain View blogged yesterday that it had closed two-hundred-ten YouTube accounts it found spreading coordinated disinformation about the ongoing protests in Hong Kong. Google didn’t explicitly attribute the activity to the Chinese government, but it did note that the activity was similar to the campaigns flagged by Twitter and Facebook. Google also observed behavior it associates with inauthenticity, notably the use of VPNs.

The SBU, Ukraine's security service, confiscated cryptomining rigs at the Yuzhnoukrainsk nuclear power facility. An undisclosed number of personnel are under investigation for illicitly mining cryptocurrency on the plant's computers. Cointelegraph noted the similarities to the case of the nuclear engineers Russian authorities arrested in February of 2018 for pulling Bitcoin from the Russian Federal Nuclear Center. The nuclear power and research sector deploys a lot of computational power, which attracts cryptojackers. The Uniam news service claimed that control systems at Yuzhnoukrainsk were connected to the Internet, which presents its own problems.

ESET reports the first known instance of spyware built on AhMyth open-source malware. "Radio Balouch" or "RB Music," advertised itself as a Balouchi-music streaming service. It delivered as promised, but also came with an information stealer. It has been expelled from Google Play.

Valve has patched the Steam flaws spurned bug hunter Vasily Kravets discovered. The company told Ars Technica that it recognizes its handling of the disclosures was a mistake. It's adjusting its policies accordingly.

Notes.

Today's issue includes events affecting China, European Union, France, India, Israel, New Zealand, Russia, Ukraine, United Kingdom, United States.

Bring your own context.

A Palo Alto survey found that 62% of Americans feel that they should be responsible for the security of their own personal information, but only 24% claimed to have even so much as a rudimentary security process in place to meet that responsibility. (And, we might add, some fraction of that 24% is probably blowing sunshine.)

"As I've gotten more mature in this field it occurs to me that blaming the user for not being technical enough to see adversaries like OilRig and Emissary Panda and Reaper attacking their laptops, you know—that all just belongs in the pile of cybersecurity elitist B.S., OK? It just does. Right? I have problems spotting malicious links in email, and I've been doing this stuff for over twenty years. But the community has been expecting the grandmas of the world to know enough to spot these advance attacks. In hindsight, you know, that's just laughable."

—Rick Howard, head of Palo Alto Networks' Unit 42, on the CyberWire Daily Podcast, 8.21.19.

He's right, and his point applies not only to the grandpas and grandmas, but to millennial gamers, businesses of all sizes, government agencies, etc.

Is your cybersecurity program aligned with your business goals and objectives?

Cybersecurity is a business risk, not an IT problem, and a critical part of business strategy. Security should not be an afterthought. Taking a proactive approach facilitates board-level cyber initiative buy in, supports traction across business units, establishes management alignment for key priorities, and manages data complexity. Let Edwards Performance Solutions better structure and position your cybersecurity program – making it a business asset for continued success.

In today's podcast, out later this afternoon, we speak with out partners at Cisco Talos, as Craig Williams discusses their research into the Heaven's Gate remote access Trojan. Our guest, Cathy Hall from Sila, shares thoughts on privileged access management.

Cyber Security Summits: Chicago on August 27 and on September 17 in Charlotte (Chicago, Illinois, United States, August 27, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Darktrace, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

Second Annual DataTribe Challenge (Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge­.

Zero Day Con (Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.

Cyber Attacks, Threats, and Vulnerabilities

Google shutters more than 200 YouTube channels amid Hong Kong protests (CNBC) Google says it shut down hundreds of YouTube channels tied to misinformation around the Hong Kong protests.

YouTube Channels Suspended For 'Coordinated' Influence Campaign Against Hong Kong (NPR) The announcement by Google, which owns YouTube, comes days after Facebook and Twitter suspended accounts for an alleged campaign to manipulate public opinion about Hong Kong's pro-democracy protests.

Hacktivism returns to its roots as a cyber warfare tool (The Daily Swig | Web security digest) Back in hack

TrickBot: Ono! New Tricks! (Binary Defense) The Binary Defense Threat Hunter team reveals unusual behaviors of a new TrickBot variant. Threat Hunting is an integral part of any successful cybersecurity effort.

The Silence hacking crew grows louder (Naked Security) The hacking group, which specialises in stealing from banks, has been spreading its coverage and becoming more sophisticated.

Why People Keep Falling for Viral Hoaxes (Wired) It's not because they're stupid.

Thousands Of Banned Chinese Surveillance Cameras Are Watching Over America (Forbes) Federal government bodies should’ve started kicking out tech from Chinese surveillance dealers. But thousands of snooping cameras from the likes of Hikvision and Dahua remain on U.S. soil.

Spyware App on Google Play Gets Boot, Returns Days Later (Threatpost) The app purported to stream music – but actually siphoned victims' device contacts and files.

AhMyth –based malicious app found in Google Play (SC Media) A new type of Android-centric spyware has been found that is capable of avoiding Google’s app-vetting process.

First‑of‑its‑kind spyware sneaks into Google Play (WeLiveSecurity) ESET research breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice.

27 fake apps removed from Play Store (DNA India) 27 fake apps removed from Play Store - Google reportedly removed 27 fake Android apps that prompted users to install a fake Play Store. Pune-based Quick Heal Technologies discovered these apps claiming they are from dropper category.

New Sneaky Threat Against Your Chrome Credentials (CyberArk) CyberArk labs found a malware sample that uses technology that's unusual for malware, making it hard for antivirus software to detect.

Banking Trojan Banjori Analysis Report (NSFOCUS, Inc.,) Banjori is a banking trojan that has been active since it was first spotted in 2013. It identifies personal online banking users in France, Germany, and the USA as major targets. After infecting a user, the trojan injects a malicious payload into the user’s active processes and collect the user’s information.

Cheap black market PHI drives ransomware, espionage (Healthcare IT News) For a few hundred dollars, any hacker can buy their way into a healthcare network.

The Shady Secrets of Shadow Networks (Akamai) Shadow networks are side channels to traditional networks, undetected and working quietly in the background alongside what the traditional network was designed to do.

Side-Channel Attacks: Cyber Warfare's New Battleground (Security Boulevard) Today's security solutions can't achieve the level of security necessary to combat complex threats, including advanced side-channel attacks.

Unpatched squid flaw could result in DoS and remote code execution attacks (SC Media) Buffer overflow vulnerability in the Squid web proxy could put organisations at risk with attackers potentially gaining ability to execute arbitrary code.

Fortnite Hack Warning Issued For 250 Million Players (Forbes) Cybercriminals have taken aim at 250 million Fortnite gamers with a malicious hack. Here's everything you need to know.

Fortnite players are furious after ‘cheat’ actually just deletes their files (The Independent) 250 million players across PC, Xbox, PS4 and other devices are at risk to the malware

NCSC warns organisations to dump Python 2 or risk WannaCry-style cyber attacks (Computing) Python 2.x will no longer receive bug fixes and security patches from January 2020.

Millions knowingly putting their systems at risk of the next WannaCry by failing to update from Python 2 (SC Media) WannaCry ransomware as a classic example of what can happen when organisations run unsupported software, and to continue using Python 2 past its end of life equals accepting all those risks says NCSC.

BEC Attacks: How CEOs and Executives are Put at Risk (Phishlabs) When it comes to impersonating employees for phishing attacks, CEOs and executives are most at risk.

MGH reports data breach that exposed information of nearly 10,000 people (Boston Globe) The breach exposed information about participants in certain research programs, including their names, dates of birth, medical record numbers, and medical histories.

Seguin safe from ransomware cyber attack (Seguin Gazette) Nearly two dozen Texas cities recently were targeted in a cyber attack, but the city of Seguin was not one of those municipalities, a pair of local officials said.

Nampa School District cyberattack caused by email (Idaho Press) Nampa School District officials are still working around the clock to figure out the source of a cyberattack that shut down the district network Wednesday morning.

Security Patches, Mitigations, and Software Updates

Valve patches recent Steam zero-days, calls turning away researcher 'a mistake' (ZDNet) Valve also updates bug bounty rules to prevent similar incidents from happening again.

Valve says turning away researcher reporting Steam vulnerability was a mistake (Ars Technica) Maker of Steam changes policy to make clear privilege-escalation flaws are in scope.

Cisco warns about public exploit code for critical flaws in its 220 Series smart switches (Help Net Security) Security updates for Cisco 220 Series smart switches were released in early August, but Cisco now warns about public exploit code for all the fixed flaws.

Facebook delivers ‘clear history’ tool that doesn’t ‘clear’ anything (Naked Security) The new feature “disconnects,” but doesn’t delete, your browsing history. Facebook will still use it for analytics.

Cyber Trends

Survey: Most Security Pros Said Their Orgs Struggled with Cloud Configs (The State of Security) A recent survey conducted by Tripwire at Black Hat USA 2019 provided crucial insight into how industry pros view cloud security today.

Vast majority of newly registered domains are malicious (SC Media) Newly registered domains (NRDs) are created at the astounding rate of about 200,000 every day and a recent report indicates that 70 percent of these are

Cyber Adversaries Flock to Apps Where the Users Are and When Users Are Online (Engineering News) Fortinet Threat Landscape Report Reveals Nearly 60% of Threats Shared at Least One Domain, Indicating the Majority of Botnets Leverage Established Infrastructure

Facebook phishing surges, Microsoft still most impersonated brand (Help Net Security) Facebook phishing has been on a tear throughout 2019 and advanced one spot up to number three in Q2 thanks to a 175.8 percent increase in phishing URLs.

The Ethics of Hiding Your Data From the Machines (WIRED) It’s one thing to try to keep personal information from Facebook. But what if a company is going to use it to save people’s lives?

Over a Third of Firms Have Suffered a Cloud Attack (Infosecurity Magazine) Outpost24 poll finds organizations failing on security testing

Mobile Identity Is The New Security Perimeter (Forbes) The formidable challenges of securing a perimeter-less enterprise where the mobile device identities are the new security perimeter need a mobile-centric zero-trust network to succeed.

Understanding the Magnitude of Insider Threats: A Global Epidemic (Cyber Defense Magazine) As the nature of cyber threats has developed over the last 10+ years, the National Insider Threat Special Interest Group (NITSIG), founded by the author, has provided the U.S. Government and businesses with a “Central Source” of information related to Insider Threat Mitigation (ITM).

Marketplace

Cybersecurity salary, skills, and stress survey (Help Net Security) Exabeam is conducting an annual survey to understand skills, compensation trends and workplace trends among SOC and security analysts. All participants

Cyber insurance: Brokers’ key questions answered (Insurance Business) Exclusive Insurance Business report shines spotlight on red hot market

VMware acquires Carbon Black for $2.1B and Pivotal for $2.7 billion (TechCrunch) VMware today announced that it is acquiring Carbon Black, a publicly traded security company that focuses on securing modern cloud-native workloads. The price of the acquisition is about $2.1 billion. In addition, VMware also confirmed the acquisition of Pivotal, which will have a value of about $2…

Ping Identity files for $100M IPO on Nasdaq under the ticker ‘Ping’ (TechCrunch) Some eight months after it was reported that Ping Identity’s owners Vista Equity had hired bankers to explore a public listing, today Ping Identity took the plunge: the Colorado-based online ID management company has filed an S-1 form indicating that it plans to raise up to $100 million in an…

Applied Insight Awarded New Cybersecurity Task Order With U.S. Air Force (Yahoo) Applied Insight, a market leader in solving complex technology challenges for federal government customers, backed by The Acacia Group, announced today that it has been awarded a new $16 million task order to provide cybersecurity and information assurance services to the U.S. Air Force Air Mobility Command. Under the Enterprise Security Services task order, the AI cybersecurity team will provide specialized technical services in support of AMC’s command and control systems, ensuring their ability to operate securely on Department of Defense, Air Force and AMC enterprise networks.

'The damage to reputations will put companies out of business' - cybersecurity expert Graham Cluley on GDPR fines (CRN) Award-winning blogger will talk channel partners through how to position their security offering in the age of huge fines at CRN's Channel Conference MSP,Security ,GDPR

Huawei: Inside the secretive, blacklisted company (NBC News) Huawei, the telecommunications giant in China, is now at the center of the trade war with the U.S. NBC News’ Janis Mackey Frayer takes a rare in-depth look into the secretive company.

Palantir CEO Alex Karp: future of AI shouldn't be left to "a handful of people in Palo Alto" (Reclaim The Net) Google has several ongoing high-profile projects - involving AI, cloud computing and hardware infrastructure - in China.

The war inside Palantir: Data-mining firm’s ties to ICE under attack by employees (Washington Post) So far, Palantir has stood firm in its support of the government, even as employees and activist groups say there is growing evidence that Palantir lends support to ICE agents whose work violates the civil liberties of undocumented immigrants. A workplace raid resulting in the arrest of 680 migrant workers in Mississippi on Aug. 7 was carried out by the unit of ICE that uses Palantir software to investigate potential targets and compile evidence against them.

The Complicated Politics of Palantir’s CEO (Bloomberg) Karp is a left-of-center, Hillary Clinton-supporting CEO who just so happens to have a contract to aid Trump’s border police.

SAIC announces prime spots $812M worth of national security, intelligence contracts (Intelligence Community News) Science Applications International Corp. of Reston, VA announced on August 21 that it was awarded $812 million in contracts to support various U.S. government national security and intelligence act…

HP CEO Dion Weisler Stepping Down (Wall Street Journal) HP Chief Executive Dion Weisler is stepping down as the leader of one of the world’s largest PC makers later this year for family health reasons.

Qualys Appoints Wendy M. Pfeiffer, CIO of Nutanix, to its Board of Directors (Yahoo) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced Wendy M. Pfeiffer joined its Board of Directors. Wendy brings more than 20 years of technology industry and executive leadership

Products, Services, and Solutions

Flashpoint - Navigating Card Shops Data Essential for Fraud, Security Teams (Flashpoint) Flashpoint’s Card Shops dashboard enables fraud teams to access and filter card data, identify specific exposures, and mitigate potential fraud.

AttackIQ Integrates With Microsoft to Validate Endpoint Configuration and Controls of Microsoft Defender Advanced Threat Protection (ATP) (BusinessWire) Integration of AttackIQ Platform with Microsoft Defender Advanced Threat Protection to help joint customers and prospects.

Puppet gives cracking another silo a go, steps into the security realm (DEVCLASS) Infrastructure automation company Puppet has released Puppet Remediate into the DevOps space, breaking the barrier between ops and Security teams.

New infosec products of the week: August 23, 2019 (Help Net Security) Featured releases this week include products from Yubico, Telesoft Technologies, Acronis, Global Cyber Alliance, and ObserveIT.

Technologies, Techniques, and Standards

5 Steps to Prevent Ransomware from Destroying Your Business (Yahoo) Regular backups stored externally, defense-in-depth cyber security and limited system access lead list of necessary ransomware precautions--in a new article from eMazzanti Technologies HOBOKEN, N.J. , ...

Why the intel community is counting on more cloud success (C4ISRNET) Intelligence leaders unveiled

Design and Innovation

Google proposes alternative plan to improve web privacy - while keeping the ad tech industry onside (Computing) Google's new initiative called 'Privacy Sandbox' aims to boost users' privacy on the web.

The Army wants a better way to visualize the cyber environment (Fifth Domain) The Army is beginning work on how to provide commanders a visual depiction of the invisible domains of warfare.

The Case For ‘Smart’ Security (Above the Law) Artificial Intelligence is on track to disrupt well, everything -- but when it comes to AI and cybersecurity, there’s plenty to consider before implementing AI-based technology in your organization.

Smart security within the intelligent city (Smart Cities World) Steven Kenny, Axis Communications, reflects on the challenges that influence the development of the smart city.

Research and Development

New Research on EV SSL Security from Georgia Tech: EV Domains 99.99% Free of Online Crime (Sectigo™ Official Site) New research from Georgia Tech’s Cyber Forensics Innovation (CyFI) Lab on the topic of Extended Validation (EV) SSL and online criminal actors reveals that domains with EV SSL certificates are 99.99% likely to be unassociated with bad cyber actors. CyFI studied 2.6 million domains associated with…

Identifying vulnerable IoT devices by the companion app they use (Help Net Security) Researchers have analyzed 2,081 IoT companion apps and found that at least 164 IoT devices from 38 different vendors were definitely vulnerable.

Open-source project from NSA researchers will allow for protection against firmware attacks (CyberScoop) A years-long project that could better protect machines from firmware attacks will soon be available to the public, according to an NSA researcher.

Identifying evasive threats hiding inside the network (Help Net Security) There is no greater security risk to an organization than a threat actor that knows how to operate under the radar. Malicious insiders and external

Codemakers find algorithms immune to quantum hacks (Science) A quantum computer could hack the public key encryption schemes that now uphold internet security.

Daily briefing: Cryptographers fight a future without secrets (Nature) Preparing for the day quantum computers bring down public-key encryption, huge US study will offer genetic counselling and how consciousness arose from 3.8 billion years of trying to survive.

Legislation, Policy, and Regulation

India, France Commit to Fight Hateful Content Online, Create Secure Cyberspace (News18) India and France laid down the roadmap on cybersecurity and digital technology in a joint statement after Prime Minister Narendra Modi held talks with French President Emmanuel Macron.

GCSB's warning to ministers about sending classified information via apps (Newshub) Experts are concerned the rules are out of date.

Israel hired Black Cube, allowing spy firm to operate out of military intel base (Haaretz) Defense Ministry admits to hiring spy firm between 2012 and 2014. Around the time, it offered other customers that it spy on former ministers and government officials.

These Videos Show How Palantir Tracks Leakers, Protesters, and Prisoners (Vice) Palantir’s program isn’t just used by law enforcement, but by third-parties who offer augmented versions.

How New A.I. Is Making the Law’s Definition of Hacking Obsolete (Medium) Using adversarial machine learning, researchers can trick machines. But the legal system hasn’t caught up.

CISA Chief Unveils Vision for Federal Cybersecurity (Nextgov.com) Civilian agencies shouldn’t all be forced to manage their own cyber risks, Chris Krebs said.

U.S. Cyber Agency Says Reducing Risks From China Top Priority (Bloomberg) CISA to focus on reducing risks of Chinese supply chain hacks. Other priorities include election security, industrial systems.

Pompeo says the US message on Huawei is clear. Trump's words say otherwise (CNBC) U.S. Secretary of State Mike Pompeo says Huawei CFO Meng Wanzhou, who is under house arrest in Canada and facing extradition to America, is not a bargaining chip in the trade war. But President Trump previously said he could intervene if it helps secure a deal.

Army Cyber Command is trying to become an information warfare force (CyberScoop) U.S. Army Cyber Command could soon have a new identity. Commander Lt. Gen. Stephen Fogarty said this week he wants his military outfit, dedicated to electronic warfare and information operations, to be renamed as the “Army Information Warfare Command.”

Will Encryption Backdoors Hurt Election Infrastructure? Security Professionals Say Yes. (Venafi) The votes are in. Security professionals believe encryption backdoors make election infrastructure more vulnerable to cyberattacks.

Who gets to own your digital identity? (TechCrunch) Even though anonymity is still a hot topic and sought after in the online world, times have changed.

Large Telecoms, State Enforcers Make Pact to Combat Robocalls (Wall Street Journal) Major telecom companies and attorneys general from every state are set to announce Thursday a new pact for combating robocalls, the latest step toward cutting off such calls before they reach a consumer’s phone.

Frosh announces joint effort to combat illegal robocalls (Maryland Daily Record) A coalition of 51 attorneys general and 12 phone companies have agreed to a set of principles to fight illegal robocalls, the Maryland Office of the Attorney General announced Thursday.

Litigation, Investigation, and Law Enforcement

Swatting Is a Deadly Problem—Here's the Solution (WIRED) Seattle has a no-brainer solution: If you're afraid of being swatted, list your address in a registry that police can check.

Facebook publishing 2015 data-scraping document (Seeking Alpha) Facebook (FB -0.2%) says it's agreeing with the D.C. attorney general to jointly make public a September 2015 document that shows company employees discussing public data scraping.

Document Holds the Potential for Confusion (Facebook Newsroom) We are agreeing with the District of Columbia Attorney General to jointly make public a September 2015 document in which Facebook employees discuss public data scraping.

Hefty GDPR fines are working, research finds (Verdict) Although large GDPR fines are damaging to the reputations, and finances, of the companies involved, they are having an impact on cybersecurity spending.

Ukraine: Crypto Miners Arrested for Compromising Nuclear Plant Security (Cointelegraph) Ukrainian nuclear power plant officials have been arrested for compromising security with a crypto mining setup at the facility.

Oklahoma man who installed secret cameras in ‘staggering’ number of homes gets life sentence (Fox News) A man who pleaded guilty to installing secret cameras in a “staggering” number of homes in Oklahoma County while working for a security company over the last five years was given a life sentence Wednesday, according to a report.

Ex-U.S. Marine held by Russia in spy case says prison authorities... (Reuters) A former U.S. Marine held in Russia on suspicion of spying said on Friday that p...

SECNAV orders comprehensive review of Navy, Marine Corps JAGs (Military Times) More fallout from a botched SEAL war crimes trial.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Industrial Control Systems Joint Working Group (ICSJWG) Fall Meeting (Springfield, Massachusetts, USA, August 27 - 29, 2019) The Cybersecurity and Infrastructure Security Agency (CISA) hosts the Industrial Control Systems Joint Working Group (ICSJWG) to facilitate information sharing and reduce the risk to the nation’s industrial...

Integrate (Melbourne, Victoria, Australia, August 27 - 29, 2019) Get ready to think beyond and lose yourself in the technology of tomorrow at Integrate 2019. Integrate is Australia's leading event dedicated to helping businesses harness the power of AV technology to...

Washington DC Cybersecurity Conference (Washington, DC, USA, August 29, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...

9th Annual Peak Cyber Symposium (Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.