skip navigation

More signal. Less noise.

How to Build a Security Operations Center (SOC) on a Budget

Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now

Daily briefing.

Eclypsium this morning released a study of potential security issues that arise with bare-metal cloud services. IBM, among the vendors affected, responded yesterday by requiring that all Baseboard Management Controllers "be reflashed with factory firmware before they are re-provisioned to other customers." Eclypsium says it's pleased to learn of this mitigation, but that they disagree with IBM's assessment of the vulnerability as "low severity"—Eclypsium thinks it more serious than that.

New research from the University of Cambridge and Rice University shows that computers with USB-C ports are more vulnerable to direct memory access attacks than previously thought. Current protection provided by input-output memory management units, or IOMMUs, was found to be insufficient. As a result, Cambridge says, many computers running Windows, macOS, and Linux can be compromised by peripheral devices like chargers. Complete remediation will require "changes in system design" on the part of the technology companies, which the researchers say is in progress. Until then, users are advised to avoid connecting untrusted devices to their platforms.

A hacker hijacked the Twitter account for the mayor of Tampa, Florida, and used it to post a series of vile and threatening tweets, including a fake ballistic missile warning. Naked Security notes that the "egregious nature" of the other tweets led most people to conclude that the account had been hacked, so the inbound missile alert was widely dismissed.

TurboTax didn't suffer a data breach, contrary to some reports. Rather, credential stuffing attacks hit an undisclosed number of accounts, Newsweek reports.

Notes.

Today's edition of the CyberWire reports events affecting Antigua and Barbuda, Argentina, Australia, Bahamas, Barbados, Belize, Bolivia, Brazil, Canada, Chile, China, Colombia, Costa Rica, Cuba, Dominica, Dominican Republic, Ecuador, El Salvador, European Union, Grenada, Guatemala, Guyana, Haiti, Honduras, Jamaica, Mexico, Nicaragua, Panama, Paraguay, Peru, Russia, Saint Lucia, Saint Vincent and the Grenadines, St. Kitts and Nevis, Singapore, Suriname, Trinidad and Tobago, United Arab Emirates, United Kingdom, United States, Uruguay, and Venezuela.

What if you could augment your security team by adding zero staff?

Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, out later this afternoon, we hear from our partners at Accenture, as Justin Harvey reviews the various types of vulnerabilities adversaries target. Our guest, Guarav Tuli from F-Prime Capital, describes the current venture capital environment for cyber.

CYBERTACOS RSA (San Francisco, California, United States, March 4, 2019) Join us for ALL YOU CAN EAT FREE TACOS! What better way to start your week at RSA? On Monday, March 4, CYBERTACOS is coming back to San Francisco as part of RSA. Join us from 7:00-10:00pm for networking, food and drinks.

Experience Deep Learning for Network Threat Protection at RSA 2019 (San Francisco, California, United States, March 4 - 8, 2019) Signatures and sandboxes can’t keep up with automated attacks. Visit Blue Hexagon booth N4204 and hear how we’re harnessing deep learning to stop known and unknown network threats in less than a second. Pick up a free copy of the book “How To Measure Anything in Cybersecurity Risk.”

Register for the RSA Conference 2019 today! (San Francisco, California, United States, March 4 - 8, 2019) Be part of an empowered global community at RSA Conference 2019, March 4 – 8 in San Francisco. With the latest cybersecurity solutions, countless experts and more, it’s easy to see why RSAC is infosec’s leading event.

XM Cyber is coming to RSA (San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

5th Annual Cyber Security Conference for Executives (Baltimore, Maryland, United States, March 13, 2019) The 5th Annual Cyber Security Conference for Executives, hosted this year by The Johns Hopkins University Information Security Institute and Ankura, will be held on Wednesday, March 13th, in Baltimore, Maryland. This year’s theme is cybersecurity compliance and regulatory trends, and the conference will feature discussions with thought leaders across a variety of sectors. Join the discussion and learn about current and emerging cyber security threats to organizations, and how executives can better protect their enterprises. Register today!

Cyber Attacks, Threats, and Vulnerabilities

The hacker's paradise: Social networks net criminals $3bn a year in illicit profits (ZDNet) The reach, draw, and popularity of social networks is becoming big business for fraudsters.

The Dark Sides of Modern Cars: Hacking and Data Collection (Threatpost) How features such as infotainment and driver-assist can give others a leg up on car owners.

Most laptops vulnerable to attack via peripheral devices, say researchers (University of Cambridge) Many modern laptops and an increasing number of desktop computers are much more vulnerable to hacking through common plug-in devices than previously thought, according to new research.

Drupal RCE Flaw Exploited in Attacks Days After Patch | SecurityWeek.Com (SecurityWeek) The Drupal remote code execution vulnerability CVE-2019-6340 has been exploited in the wild to deliver cryptocurrency miners and other threats.

MWC 2019: Your bionic hand is now at risk from hackers (ZDNet) Infiltrating pacemakers is yesterday’s news. Advanced prosthetic limbs are now on the hit list.

Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials (BleepingComputer) 40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.

Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints (Register) Direct-to-memory attacks now account for 57 per cent of hacks, apparently.

Most IoT devices are being compromised by exploiting rudimentary vulnerabilities (Help Net Security) Cybercriminals are looking for ways to use trusted devices to gain control of IoT devices via password cracking and exploiting other vulnerabilities.

SG’s first line of defence to fight cyber attacks still lacks teeth (The Independent) Despite reliable infrastructure, technology and regulations in place, the human element is still the weak link when it comes to cyber security.

Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor (BleepingComputer) Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. 

Hacking group using Polyglot images to hide malvertsing attacks (DEVCON) What happens when an image is also JavaScript? And when that image does not even need a payload to extract the malware from the image... Well then you have a polyglot!

Malvertising attacks using polyglot images spotted in the wild (SC Media) The malvertising space may be seeing an influx of more advanced threat actors according one research report that found polyglot images now being used to disguise malvertising attacks.

Researchers discover use of malicious cyber tool to commit digital ad fraud (The Hill) A company focused on cybersecurity for the media industry says it has discovered that hackers are now using a technique designed to hide malicious code to commit digital ad fraud.

IoT Flaws Reveal Need to Work with Researchers (Infosecurity Magazine) McAfee researchers disclose two vulnerabilities in common IoT devices.

Social Engineering Employed to Steal Data (Infosecurity Magazine) One in three cyberattacks during Q4 2018 used social engineering tactics, says Positive Technologies.

Mozilla May Reject UAE Firm's Root Inclusion Request (SecurityWeek) Mozilla is considering rejecting a request by United Arab Emirates-based DarkMatter to be accepted as a top-level certificate authority in Mozilla’s root certificate program.

Cyber criminals cash in on millions with formjacking: ISTR (CISOMAG) Formjacking attacks are simple – essentially virtual ATM skimming – where cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. On average, more than 4,800 unique websites are compromised with formjacking code every month globally.

Undisclosed number of TurboTax accounts breached (SC Media) Intuit, the company behind tax preparation software TurboTax, alerted users their accounts may have been accessed by an unauthorized party.

TurboTax hack: Intuit says there was no data breach, users are not at risk (Newsweek) TurboTax parent company Intuit said Monday it did not suffer a data breach that resulted in a third-party gaining access to the personal information of users.

China's tech giants are a security threat to the UK, says Brit spy bigwig (Register) Times are strange when spies talk about infosec and economics colliding.

Plain wrong: Millions of utility customers’ passwords stored in plain text (Ars Technica) "It's ridiculous vendors are replying to researchers via general counsel, not bug bounty."

Missile warning sent from hijacked Tampa mayor’s Twitter account (Naked Security) Tampa’s mayor was trying to regain control of his Twitter account this week after it was used to post bomb threats and child sex abuse images.

Renting out dedicated cloud server hardware? Don't just grin and bare it. Check your firmware is scrubbed of any spies (Register) Infosec bods spot IBM SoftLayer not wiping down BMC flash memory after use

Eclypsium Bare Metal Cloud Research (Eclypsium) What are bare-metal cloud services? Organizations increasingly deploy their most sensitive and critical applications on bare-metal cloud offerings. These services let organizations easily scale their applications up or down without the cost and challenges of buying and maintaining their own hardware. Using bare-metal ensures they have complete control over the hardware for performance needs of critical applications and that sensitive data is not stored on a machine shared by another cloud customer. It is a high-end cloud option for the most sensitive applications.

Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware (IBM PSIRT Blog) Summary: The Baseboard Management Controller (BMC) is a third-party component designed to enable remote management of a server for initial provisioning, operating system reinstall and troubleshooting. As part of IBM Cloud’s Bare Metal Server offering, clients have access to the BMC.

Renting out dedicated cloud server hardware? Don't just grin and bare it. Check your firmware is scrubbed of any spies (Register) Infosec bods spot IBM SoftLayer not wiping down BMC flash memory after use

Ransomware has been abandoned in favor of cryptojacking attacks against the enterprise (ZDNet) As company defenses improve, criminals are looking for ways to secure a return on their illicit schemes.

Security Patches, Mitigations, and Software Updates

Serious Flaws in WibuKey DRM Impact Siemens Products (SecurityWeek) Siemens informs customers that its SICAM process control system and SIMATIC WinCC HMI are affected by serious vulnerabilities in the WibuKey DRM.

Algorithm flaw meant Census responses could be identified (iTnews) Vulnerability already fixed by ABS.

Android adopts FIDO2 authentication standard as alternative to passwords (SC Media) The Android OS is now certified to employ the FIDO2 standard, a development that could help owners of over a billion Android devices phase out passwords.

Cyber Trends

What Yahoo's Failed Data Breach Settlement Means for Cybersecurity (Infosecurity Magazine) What does the legal state of Yahoo's breach settlement mean for the future of cybersecurity?

Healthcare industry: Key trends and cybersecurity challenges (Help Net Security) The number of breaches in 2018 was lower than that of the previous year. The total number of records breached has more than doubled since 2017.

New Report Shows 550 Percent Increase in Consumer Security Risks Connected to Apps (Security Today) McAfee's Mobile Threat Report found that reporting backdoors, malicious cryptomining, fake apps and banking Trojans all increased substantially in 2018.

Threatpost Data: Password Managers Are Worth the Risk (Threatpost) The Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

Bitglass 2019 Healthcare Breach Report: Hacking and IT Incidents Account for Nearly Half of All Healthcare Data Breaches (GlobeNewswire News Room) Total Number of Records Exposed Reached 11.5 Million in 2018, More Than Twice That of 2017

UK Banks Reported 480% More Breaches in 2018 (Infosecurity Magazine) GDPR likely to have forced industry to be more transparent with FCA.

The Gap Between Mobile Apps and Privacy (BankInfoSecurity) Why are we surprised about the amount and sensitivity of data that mobile apps collect? The online industry has never been forthright about it. That's why we're faced with a yawning gap between user expectations and true privacy. And it's why Facebook, Google, Apple and others have many questions to answer.

Marketplace

Huawei: “The US security accusation of our 5G has no evidence. Nothing.” (TechCrunch) Huawei’s rotating chairman Guo Ping kicked off a keynote speech this morning at the world’s biggest mobile industry tradeshow with a wry joke. “There has never been more interest in Huawei,” he told delegates at Mobile World Congress. “We must be doing something right!…

Weak investment climate main 5G risk, not security fears: Ericsson CEO (iTnews) Europe risks falling behind because of onerous regulation rather security concerns.

Financial Data Exchange Adds 16 Members (PR Newswire) The Financial Data Exchange (FDX) welcomed 16 new members between October 18 and January 31, 2018, bringing the...

12 of the hottest startups at the RSA Conference 2019 (CSO Online) These RSAC Early Stage Expo startups bring fresh cybersecurity solutions to fight phishing, improve application security, provide better cloud protections, enforce security policy, more accurately authenticate and more.

AFP copping cyber skills shortage hard warns chief (iTnews) Specialists hard to find, harder to retain.

Cyber gushes from 2019 spending bill, if you know where to drill (Federal News Network) The fiscal 2019 spending bill increases funding for the continuous diagnostics and mitigation (CDM) program by more than $37 million.

Remediant Adds Security Veteran Tom Kellermann to Advisory Board (AP NEWS) Remediant, Inc. a leading provider of Privileged Access Management (PAM) software, today announced the appointment of Tom Kellermann to its advisory board.

Adams and Reese Expands its Privacy, Cybersecurity and Data Management Capabilities with Addition of David F. Katz in Atlanta (Adams and Reese LLP) Adams and Reese has expanded the capabilities and depth of its privacy, cybersecurity and data management practice with the addition of David F. Katz as a Partner in the firm’s Atlanta office.

Products, Services, and Solutions

OSSPatcher: Automated mobile application patching for bugs in open source libraries (Help Net Security) Researchers are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile applications.

Trustonic and Huawei introduce multi-TEE security platform for mobile app developers (Help Net Security) Trustonic expanding support to include Huawei’s TEE on its mobile application security platform, Trustonic Application Protection (TAP).

Synopsys' new platform enables comprehensive application security from developer to deployment (Help Net Security) Synopsys announced it will showcase its new Polaris Software Integrity Platform at RSA Conference in San Francisco, March 4–8, 2019.

PacketViper Announces Version 5.0 of its Cyber Deception Platform (Business Wire) PacketViper, a leading provider of cybersecurity deception solutions, today announced version 5.0 of their active, threat facing deception platform.

Kenna Security Wins 2019 Cybersecurity Excellence Award for Vulnerability Management (GlobeNewswire News Room) Kenna Security, a leader in predictive cyber risk, has won Gold in the 2019 Cybersecurity Excellence Awards.

Tabcorp uses data to spot suspicious gamblers and appease regulators (iTnews) Tabcorp is using intelligence software to monitor “high risk” - potentially criminal - users of its 9000 retail sites and gambling platforms to stay on the right side of licensing authorities.

NanoLock Collaborates with Micron to Offer Flash-to-Cloud Management Solution for Security of IoT Devices - nanolōck security ltd (NanLōck security ltd) NanoLock Management of Things Platform and Micron® Authenta™ Technology to Deliver Unified Approach for Securing Smart Cities, Automotive and Industrial Gateways Nitzanei Oz, Israel

Cato Fortifies Cloud-native Security Services with New Threat Prevention and Detection Engines (Cato Networks) Cato introduces zero-footprint Managed Threat Detection and Response (MDR) service, and integrates SentinelOne zero-day threat prevention to boost its seamless multi-layer network protection

Cyberbit Launches SCADAShield Mobile -- a Portable System for On-Site, On-Demand Visibility Into the Risk Posture of Industrial Control System Networks (PR Newswire) Cyberbit Ltd., today announced the official launch of SCADAShield Mobile, a portable unit for monitoring and...

Hex Five and wolfSSL Announce the First Secure IoT Stack for RISC-V (PRWeb) wolfSSL, a leading provider of TLS cryptography and Hex Five Security, provider of MultiZone™ Security, the first Trusted Execution Environment for RISC

Technologies, Techniques, and Standards

Vulnerability Scans Are a Lot Like Eating Mushrooms (Infosecurity Magazine) Vulnerability scanning is a security best practice dogged by compromises.

ASD upgrades Essential Eight cyber rules (iTnews) Govt cyber mitigation maturity model augmented as patch priorities shifted.

A Traveler's Guide to OPSEC (Decipher) Traveling can be a lot of fun, but it can also present myriad challenges when it comes to keeping your information and devices secure. A few simple steps and a little advance planning can go a long way to increasing your operational security.

Reverse Engineering is One of Your Best Weapons in the Fight Against Cyberattacks (Security Today) Reverse engineering is a powerful tool to keep in your cybersecurity tool belt.

Android Is Helping Kill Passwords on a Billion Devices (WIRED) By officially certifying the FIDO2 standard, the mobile OS will soon allow logins to sites and services without having to put in a password.

Bruce Schneier takes his pitch for public-interest security to RSAC (CSO Online) Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

More password-less logins are coming to Android (TechCrunch) The FIDO Alliance and Google today announced that Android (from version 7.0 up) with the latest version of the Google Play Services is now FIDO2 certified. At first glance, that sounds rather boring, but it will enable developers to write apps that use a phone’s fingerprint scanner or a FIDO …

The Truth about Business Risk Intelligence (SecurityWeek) Starting a business risk intelligence (BRI) program often requires overcoming challenges that involve resource allocation, operational bandwidth, or stakeholder support, to name a few.

Why Many Organizations Still Don't Get Security (Government Technology) Despite a growing number of security incidents and headline data breaches, many security and technology professionals express the view that their government or company or nonprofit organization doesn't make cybersecurity a priority. Here's how you can help.

Research and Development

DARPA wants robots that humans will trust (C4ISRNET) To be useful, machines will need to understand their own status, and then communicate that plainly to the people around them.

Will AI give the Army a secure ‘Snapchat of information’? (C4ISRNET) Ted Maciuba, the deputy director of robotics requirements at the U.S. Army Maneuver Center of Excellence, discusses working with industry on machines that could give an outsized advantage to infantry.

IARPA to offer potential cure for employees’ ‘linkclickitis’ disease (Federal News Network) The Intelligence Advanced Research Projects Agency (IARPA) will release the details of its Virtuous User Environment (VirtUE) program that secures each employee role in separate cloud containers.

Academia

Stellenbosch University to host cyber warfare conference | IOL Business Report (Business Report) Stellenbosch University and the Council for Scientific and Industrial Research will host the International Conference on Cyber Warfare and Cyber Security.

W. Va. Partners with SANS to Bring Girls into Cyber (Infosecurity Magazine) West Virginia governor says the state has partnered with SANS Institute's Girls Go CyberStart.

Legislation, Policy, and Regulation

Congress considers a national standard for data privacy (OODA Loop) This week, the US Congress will consider the establishment of nationwide data privacy rules.  A Tuesday hearing of the Consumer Protection and Commerce Subcommittee, which is part of the House Energy and Commerce Committee, will be devoted to the issue, and on Wednesday it will be debated by the Senate Commerce, Science and Transportation Committee.

Cyber gushes from 2019 spending bill, if you know where to drill (Federal News Network) The fiscal 2019 spending bill increases funding for the continuous diagnostics and mitigation (CDM) program by more than $37 million.

OAS’s Inter-American Defense Board pushes for better regional cyber collaboration (Jane's 360) Cyber defence is a growing issue in Latin American and the Caribbean, and the Inter-American Defense Board is hosting a cyber defence conference in Bogota in May that officials believe can help drive better regional collaboration and education for the domain.

Europe is prepared to rule over 5G cybersecurity (TechCrunch) The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to Chinese network equipment makers. The Commission is considering a defacto ban on kit made by Chinese companies including Huawei in the face of security and espi…

California Introduces New Data Breach Notification Law (SecurityWeek) New California bill aims to close a loophole in the current data breach notification law by requiring organizations to notify users when passport or biometric information has been compromised.

Data Breach Notification: California Targets 'Loopholes' (BankInfoSecurity) Driven by Marriott's Starwood mega-breach, California lawmakers are pushing legislation that would expand the state's pioneering data breach notification

Labor to punish vendors for stealing govt tech talent (iTnews) The Australian Labor Party has flagged significant changes to government IT procurement rules that would see vendors punished for luring digital talent away from the public sector.

FastMail loses customers, faces calls to move over anti-encryption laws (iTnews) Australia no longer 'respects right to privacy'.

US legal eagle: Well done, you bought privacy compliance tools. Doesn't mean you comply with anything (Register) From California state regs to Europe's GDPR: It's all just a 'veneer of protection.'

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid (Register) Red scare reaches new heights as intel committee urges further crackdown on network-connected gear.

The UK is a Global Cyber Power, says Director GCHQ - Speech (GCHQ) Jeremy Fleming, Director GCHQ, defined the rules and ethics of the cyber age during a keynote speech in Singapore. This is a full transcript of his speech, as delivered.

Tech industry titans suddenly love internet privacy rules. Wanna know why? We'll tell you (Register) Hint: It's something to do with a new California law

Apple and Facebook Fighting International Encryption Battle (WSJ) International governments are passing laws that allow authorities to pressure tech companies such as Apple and Facebook for access to digital secrets.

Litigation, Investigation, and Law Enforcement

Stolen Bitcoin returned to cryptocurrency exchange Bitfinex (iTnews) Fraction of lost amount handed back by US government.

Australia should name parliament cyber attackers (ZDNet) In the case of such a blatant attack on Australia's institutions of government, we should stand ready to point the finger and impose some real costs on the adversary.

Facebook tricked kids into in-game purchases, say privacy advocates (Naked Security) Unsealed court documents show that Facebook referred to big-spending kids as “whales” – a term borrowed from the casino industry.

United States of America v. Paul J. Manafort, Jr., Defendant (United States District Court for the District of Columbia) GOVERNMENT'S SENTENCING MEMORANDUM

Prosecutors Seek 3-Year Sentence in 'Celebgate' Hacking Case (SecurityWeek) Federal prosecutors have recommended a sentence of nearly three years in prison for a former Virginia high school teacher convicted of hacking into private digital accounts of celebrities and others.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

5th Annual Cyber Security For Defense (Washington, DC, USA, June 26 - 28, 2019) Three days of engaging topics, workshops, case studies, and peer-to-peer networking from across the DoD and greater Intelligence Community. Featured topics include cloud security, blockchain, C4I security,...

QuBit Cybersecurity Conference (Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

BSides Columbus 2019 (Columbus, Ohio, USA, March 1, 2019) BSides Columbus is a volunteer-run conference that gives local (and not-so-local) information-security enthusiasts a platform to share their discoveries and breakthroughs with the Central Ohio infosec...

FAIR Analysis Fundamentals Training Course before the 2019 RSA Conference (San Francisco, California, USA, March 3 - 4, 2019) FAIR Analysis Fundamentals training from FAIR Institute Technical Advisor, RiskLens, provides the conceptual foundation and practical experience necessary to competently perform FAIR analyses. This training...

G’Day USA US-Australia Dialogue on Cyber Security (San Francisco, California, USA, March 4, 2019) The 2019 G’Day USA US-Australian Dialogue on Cyber Security will be held in San Francisco in the margins of the annual RSA Conference, which attracts more than 45,000 cyber and digital industry leaders.

RSA 2019 (San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.