skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

E&E News says the North American Electric Reliability Corporation (NERC) issued a non-public warning to utilities that Xenotime, a threat hitherto seen mostly in the oil and gas sector, has been conducting reconnaissance against the grid. The warning is based on research by Dragos, which says that the "activity group" has evidently expanded its target list to the electrical power sector without necessarily abandoning its earlier interests. Dragos thinks Xenotime should be taken seriously (it is, after all, the group responsible for Trisis/Triton, which affected some industrial safety systems), but cautions against overhyping the problem: "no new capabilities [are being] deployed and [the activity observed amounts to] early reconnaissance not compromises of electric utilities."

At least two hacking groups are exploiting the "Return of the Wizard" remote code execution vulnerability in Exim mail servers that was publicly disclosed last week, ZDNet notes. Exim servers handle a large fraction of the world's email traffic, and users are urged to patch. BleepingComputer suggests that an encouragingly large fraction of users are doing just that.

AP reports that a fictitious persona, "Katie Jones," is seeking connections on LinkedIn. The story speculates that the fictional Ms Jones is a catphish deployed by a foreign intelligence service, trolling for recruits. The affair is reminiscent of 2010's Robin Sage experiment. Katie Jones, however, represents an advance over Robin Sage in that the persona seems to have been built in part with the aid of artificial intelligence.

Julian Assange's extradition proceedings advanced today, according to the Guardian.

Notes.

Today's issue includes events affecting Canada, China, Jamaica, Russia, United Kingdom, United States.

Bring your own context.

Third-party Android app stores can be as dodgy as they are common. Perhaps you've downloaded what you took to be a popular game from one of those stores, and wondered why it didn't work. Glitch, right? Not necessarily.

"So, once a user installs the app and tries to run the game, there is no icon present on the dashboard, right? So, because there is no game, the user will not be able to start anything after the installation is complete. But in the back end, the app is actually running, and it starts sending SMS messages. It communicates with the command-and-control server, where it reports the infected device and waits for further instructions from there."

—Deepen Desai, Zscaler's vice president security research and operations, on Research Saturday, 6.15.19, up early tomorrow morning.

The game may be working fine. It's just working for someone other than you.

Get the In-Depth Guide to Operationalizing Threat Intelligence.

Threat intelligence is critical but often difficult to manage, automate, or operationalize. Threat Intelligence Gateways are an exciting, emerging network security technology that take the heavy lifting out of making threat intelligence actionable, operational, and useful. Learn about how this technology is turning threat intelligence into action to block threats at scale in the whitepaper, Operationalizing Threat Intelligence: An In-Depth Guide to Threat Intelligence Gateways.

In today's podcast, up later this afternoon, we speak with our partners at Accenture, as Justin Harvey offers advice for job-hunting grads. Our guest is Dr. Matthew Dunlop, Vice President and Chief Information Security Officer for Under Armour, who discusses the challenges involved in protecting one of the world’s best-known brands.

Cyber Security Summits: Seattle on June 25th and in DC on July 16 (Seattle, Washington, United States, June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The DOJ, U.S. Secret Service, Verizon, Center for Internet Security, Google and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com

RSA Conference 2019 Asia Pacific & Japan (Singapore, Republic of Singapore, July 16 - 18, 2019) Join industry leaders and peers at the region’s leading cybersecurity event. Learn the latest issues and solutions, stay on top of new regulations, demo cutting-edge products, expand your skills and grow your personal network. Register now.

Cyber Attacks, Threats, and Vulnerabilities

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas (Dragos) The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.

SECURITY: 'Most dangerous' hackers targeting U.S. utilities — report (E&E News) Some of the world's most infamous hackers have zeroed in on the U.S. power sector in recent months, according to a nonpublic alert issued by the North American Electric Reliability Corp. and new research.

The Highly Dangerous 'Triton' Hackers Have Probed the US Grid (WIRED) The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.

Telegram: Hackers in China Disrupted Service During Hong Kong Protests (Defense One) Bogus signals inundated an encrypted-messaging service that helped demonstrators coordinate, the company says.

Telegram founder links cyber attack to China (BBC News) The messaging service suffered a massive cyber attack during violent protests in Hong Kong on Wednesday.

Surveillance-Savvy Hong Kong Protesters Go Digitally Dark (SecurityWeek) Hong Kong's tech-savvy protesters are going digitally dark as they try to avoid surveillance by disabling location tracking on their phones, buying train tickets with cash and purging their social media conversations.

Hong Kong protests: activists call for further action (Guardian) People urged to continue protests after day of violent clashes with policeWhat are the Hong Kong protests about?

How Surveillance Cameras Could Be Weaponized With A.I. (New York Times) Advances in artificial intelligence could supercharge surveillance cameras, allowing footage to be constantly monitored and instantly analyzed, the A.C.L.U. warned in a new report.

‘Chinese’ cyber spies accused of targeting key belt and road players (South China Morning Post) Annual report by US security firm FireEye says the group has been collecting business intelligence focusing on sectors such as engineering, transport and defence.

Ransomware disrupts worldwide production for Belgian aircraft parts maker (Help Net Security) Belgian manufacturer of aerospace components ASCO Industries has been hit with ransomware, which ended up disrupting its production around the world.

Experts: Spy used AI-generated face to connect with targets (AP NEWS) Katie Jones sure seemed plugged into Washington's political scene. The 30-something redhead boasted a job at a top think tank and a who's-who network of pundits and experts, from the...

Fake online videos growing corporate threat: Cybersecurity expert (Fox Business) A cyber security expert says U.S. corporations may becoming more susceptible to the threat and harm caused by bogus online videos.

Millions of Exim Mail Servers Are Currently Being Attacked (BleepingComputer) Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.

Exim email servers are now under attack (ZDNet) Almost half of the internet's email servers are now being attacked with a new exploit.

Aircraft Parts Maker ASCO Severely Hit by Ransomware (SecurityWeek) ASCO, a Belgium-based company that provides aircraft parts to Airbus, Boeing and Lockheed Martin, has been severely hit by a ransomware attack.

Criminal campaign uses leaked NSA tools to set up cryptomining scheme, Trend Micro says (CyberScoop) Since March, criminals have been using hacking tools that were reportedly stolen from the National Security Agency in targeting companies around the world as part of a cryptomining campaign, researchers with cybersecurity company Trend Micro said Thursday.

Critical Flaw in Evernote Add-On Exposed Sensitive Data of Millions (BleepingComputer) A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users' sensitive information from third party online services.

Ad Stacking targets in-app video: Buyers poised to pay 9X the impression cost (The Media Trust) Pat Ciavolella writes about a large-scale ad stacking incident with digital buyers poised to pay 9 times the cost of an in-app video impression

Facebook keeps deepfake of Mark Zuckerberg (Naked Security) “Whoever controls the data, controls the future,” says the evil Zuck, who, according to the platform’s current policy, won’t be taken down.

XSS Vulnerability Exposed Google Employees to Attacks (SecurityWeek) A researcher discovered an XSS vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information.

A devastating exploit using 'ticking-bomb' BlueKeep is "only weeks away" (SC Magazine) BlueKeep vulnerability could prove more serious than EternalBlue, the vulnerability that was exploited by the WannaCry attacks, and an attack exploiting BlueKeep is now only weeks away say some experts.

Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day (Naked Security) Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not – Microsoft must patch what’s in front of it whatever the backstory.

Symantec breach revealed client list, passwords: report (CRN Australia) Vendor's Australian demo lab suffered data breach in February.

SEC security alert warns about misconfigured NAS, DBs, and cloud storage servers (ZDNet) SEC OCIE inspections finds that companies have failed to properly secure network-accessible storage systems.

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505 (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 9.8ATTENTION: Exploitable remotely/low skill level to exploitVendor: WAGOEquipment: Industrial Managed Switches 852-303, 852-1305, and 852-1505Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known Vulnerabilities2.

Critical Vulnerabilities Found in WAGO Industrial Switches (SecurityWeek) Several serious vulnerabilities have been found by a researcher in WAGO 852 industrial managed switches.

Johnson Controls exacqVision Enterprise System Manager (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.7Vendor: Johnson ControlsEquipment: exacqVision Enterprise System Manager (ESM)Vulnerability: Improper Authorization2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow malicious code execution.

BD Alaris Gateway Workstation (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 10.0ATTENTION: Remotely exploitable/low skill level to exploitVendor: (BD) Becton, Dickinson and CompanyEquipment: Alaris Gateway WorkstationVulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type2.

Medical infusion-pump system has two serious bugs, researchers say (CyberScoop) Researchers have found two vulnerabilities in a type of infusion-pump system, which hospitals used to administer medication, that they say could allow a hacker to disable the device, infect it with malware, or create false readings. The vulnerabilities are in a pump system known as the Alaris Gateway Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based medical equipment vendor.

Gaming's All Fun and Games Till Someone Gets Hacked (Infosecurity Magazine) The gaming industry is increasingly the target of cyber-criminals looking to turn a quick profit.

Baltimore won't be able to send water bills again this month as ransomware recovery continues (Baltimore Sun) As the city digs out from the ransomware attack, officials said they would be unable to send water bills in June.

Baltimore officials rebuffed offers of state help for a 'week' after crippling hack of city computers (Baltimore Sun) Baltimore refused help from Maryland information technology experts in the first week after the city’s computer networks were shut down by a ransomeware attack

City of Burlington defrauded out of $503,000 due to phishing scam (Global News) The city of Burlington says it has been defrauded out of more than half a million dollars due to a "complex phishing email".

Majority of FTSE 250 Companies Expose Multiple Weaknesses to Internet: Analysis (SecurityWeek) Rapid7 analyzed the visible cyber exposure of some of the UK's largest companies, and several internet-exposed security weaknesses.

Security Patches, Mitigations, and Software Updates

Cisco alert: Patch this dangerous bug open to remote attacks via malicious ads (ZDNet) Cisco discloses a new high-severity bug in the web interface of its IOS XE software for switches and routers.

Intel joins Patch Tuesday with 11 security updates (SC Magazine) The three most critical patches cover three product categories: Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise, Intel NUC PC and Intel Raid Web Console 3 for Windows

Yubico to replace vulnerable YubiKey FIPS security keys (ZDNet) Yubico staff discovers bug in YubiKey FIPS Series keys; offers replacements for affected customers.

Cyber Trends

Why hackers ignore most security flaws (Axios) Not every security hole turns out to be worth exploiting.

The 2019 A.T. Kearney Global Services Location Index (A.T. Kearney) Automation and cybersecurity are increasingly becoming key factors in outsourcing decisions.

AI Can Thrive in Open Societies (Foreign Policy) The belief that China’s surveillance gives it an advantage is misleading—and dangerous.

Americans Worried About Digital and Physical Security in Large Venues (Mobile ID World) The 2019 Unisys Security Index suggests that people are increasingly worried about their safety in large venues, with digital security being another concern

Phishing of SaaS and Webmail Brands Surpasses Phishing Attacks on Payment Brands for the First Time | HostReview.com (HostReview.com) According to the APWG’s new Q1 2019 Phishing Activity Trends Report, users of Software-as-a-Service (SaaS) and webmail services are being target

Marketplace

DoD to Streamline Cyber Acquisition With New Certification Model (Meritalk) The Defense Department (DoD) Office of Under Secretary Acquisition of Sustainment is creating a new certification model to streamline DoD’s cybersecurity acquisition processes, Special Assistant to DoD’s Assistant Secretary of Defense Acquisition for Cyber Katie Arrington said at the Professional Services Council Federal Acquisition Conference today.

The new way security factors into acquisitions (Fifth Domain) Department of Defense leaders said they are willing to pay more for security measures in defense systems bought from contractors.

General Dynamics CEO ‘alarmed’ by tech industry reaction to Pentagon (Defense News) Phebe Novakovic is warning that internal tensions in the United States could be more dangerous than external ones.

Cybersecurity Turns To Crowdsourcing Amid Hiring Woes (PYMNTS.com) Cybersecurity is one of the main tasks in the world of digital commerce and payments, and it’s a task that is getting more attention from consumers, companies, regulators and others. But there’s a big problem in this realm — a shortage of cybersecurity experts, the people with the training and expertise to defend retail and […]

Inner Loop Capital Launches $2.6M Syndicate Fund to Invest in D.C. Area Seed-Stage Founders Building Venture-Scale Companies (Yahoo) Justin Label, former Partner at Bessemer Venture Partners, leads investments on behalf of eight L.P.’s, anchored by Ron and Cyndi Gula, formerly of Tenable Network Security, Inc.

General Electric wants to sell its stake in more than 100 start-ups (CNBC) Sources tell CNBC that GE Ventures, the corporate venture arm for GE, is looking to sell off its entire portfolio of investments.

IBM launches accelerator program to help startups grow and prioritize security - MedCity News (MedCity News) The program is open to early-stage health tech and fintech startups that are pre-Series A, less than five years old and have less than $1 million in revenue. The application deadline is 5 PM PT on July 31, 2019.

Huawei trademarks its own mobile OS following US ban (Engadget) And it's continued to be vocal about the ban's security implications.

CrowdStrike Joins Cybersecurity Winning Streak (Wall Street Journal) All the fretting about online privacy and security is paying off for some investors. Shares of cybersecurity company CrowdStrike jumped on their second day of trading, rising to nearly double their IPO price.

China has targeted 'every top US company', says CrowdStrike chief (The Telegraph) Chinese hackers have targeted every Fortune 500 company, according to George Kurtz, the boss of CrowdStrike after the cybersecurity company debuted in New York with an $11bn (£8.

How CrowdStrike's $11bn valuation compares with its rivals (CRN) CrowdStrike's IPO yesterday saw its share price quickly rise over 70 per cent

CrowdStrike IPO success puts spotlight on endpoint security (SearchSecurity) The CrowdStrike IPO earned the company a valuation of more than $11 billion. The endpoint security vendor made its Wall Street debut Wednesday and opened trading at $63.50 a share.

The UTC-Raytheon deal highlights the changing nature of war (The Economist) Better to fight the next one than the last

Spring Labs raises $23M to stop loan fraud with blockchain technology (Built In Chicago) Spring LabsFinancial information is extremely sensitive. If bad actors get their hands on it, they can potentially ruin your life.

Palo Alto Networks Completes Acquisition of PureSec (PR Newswire) Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, announced today that it has completed its...

Capstone Headwaters Advises Rook Security on its Acquisition by Sophos (Capstone Headwaters) Indianapolis, Ind. - Capstone Headwaters, a leading international investment banking firm, advised Rook Security on its acquisition by Sophos (LSE: SOPH). Barnes & Thornburg LLP served as legal counsel to Rook on the transaction. Terms of the deal were not disclosed.

Top 100: Booz Allen pushes into second century with AI focus (Washington Technology) Booz Allen Hamilton is over 100 years old and sees a bright future marrying cutting edge technology to its management consulting legacy.

Security Industry Association Announces 2019 Legislator of the Year Award Winners (Security Industry Association) Sens. Amy Klobuchar and Deb Fischer and Rep. Donald Payne, Jr., will be honored at SIA GovSummit 2019 in Washington, D.C.

Deborah Golden to Lead the US Cyber Practice for Deloitte Risk and Financial Advisory (Yahoo) Deloitte today announced Deborah Golden, principal, Deloitte & Touche LLP, as the new leader of its U.S. cyber practice. A respected authority on cyber issues to boards, industries and organizations, Golden specializes in collaborating with clients on cybersecurity

Products, Services, and Solutions

RedSeal Launches New Suite of Professional Services to Accelerate Hybrid Network Modeling and Enhance Risk Management (West) Cybersecurity services increase productivity for resource-constrained security teams

Open Bug Bounty pursues a steady growth in 2019 with over 212,148 fixed vulnerabilities (Open Bug Bounty) Hi Folks, Some inspiring statistics [January – June 2019] of our community for your attention...

Advanced security analytics for all your CloudGen Firewall deployments. (Barracuda Networks) Retrieve, analyze, and report all the data you need to manage your large, complex WAN without the overhead and cost of error-prone manual processing.

Identity Automation Launches VIP Partner Program to Fuel 2.0 Growth Strategy (Identity Automation) Identity Automation today announced the launch of the Identity Automation Partner Program - VIP as the next piece of its 2.0 growth strategy.

New MiFi® 8000 Mobile Hotspot Delivers Gigabit LTE Speeds to Sprint Customers (BusinessWire) Inseego Corp. (Nasdaq: INSG), a pioneer in 5G and intelligent IoT device-to-cloud solutions, today announced the MiFi® 8000 Mobile Hotspot, Sprint’s f

5G, the end of location privacy? (Silent Pocket) As 5G is starting to become a reality with our smartphones and their carriers, but at what cost? 5G cellular network has a much smaller broadcast range than the 4G networks at current, which means more cell towers overall.

Threat Stack and JASK speeding incident response times, improving productivity (Help Net Security) Threat Stack and JASK to help security operations teams reduce the time and effort needed to detect and respond to cloud security incidents.

inSOC Launches ONE STOP SOC at dattoCON19 (PR Newswire) Formed in 2018 by CEO Eric Rockwell, CIO Jeff Gulick and CFO Dave Watts, inSOC's mission is to enable MSPs and MSSPs ...

GraceKennedy enters cyber-insurance market (Loop Jamaica) Local insurance provider GK Insurance (GKI) is introducing a cyber-insurance product designed to help businesses and individuals survive cyberattacks by offsetting the co

Atos and Virtru announce partnership to offer data security solution for digital workplace (Express Computer) Atos has announced a strategic partnership with Virtru, which will provide global organisations with a joint encryption solution for digital workplace, protecting customer data across cloud-based platforms

Facebook’s New Cryptocurrency Gets Big Backers (Wall Street Journal) Facebook has signed up more than a dozen companies including Visa, Mastercard, PayPal and Uber to back the new cryptocurrency that the social-media giant plans to unveil next week.

Technologies, Techniques, and Standards

Analysis | The Cybersecurity 202: Two leading Democratic 2020 candidates won't say if they've taken basic cybersecurity measures (Washington Post) Biden described some digital protections, but Sanders and Warren wouldn’t.

Common service centres to restart Aadhaar related work within a week (LiveMint) CSC stopped providing Aadhaar-related services after the UIDAI withdrew authorisation from them following debates around data security.There are 3.9 lakh village level entrepreneurs (VLE) that are running common service centres in rural areas across the country

Design and Innovation

Will Analog AI Make Mythic a Unicorn? (Next Platform) There are two trends converging in AI inference and so far, only a small number of companies are enmeshed. The first trend takes us back to the future

Another Big Question in Blockchain Market: Safety. It seems solved! (Forbes) The big question of blockchain market; safety. It seems solved.

Converging on a Better Approach to Security (SecurityWeek) Blending security technology and human intelligence for a “solutions focus” sets organizations up for success and closes the gap on cyber risk.

Research and Development

Top AI researchers race to detect ‘deepfake’ videos: ‘We are outgunned’ (Washington Post) Researchers fear it is only a matter of time before the AI-generated fake videos are deployed for maximum damage — to sow confusion, fuel doubt or undermine an opponent, potentially on the eve of a White House vote.

Academia

Trump administration reviewing foreign money to US colleges (WHSV 3) The U.S. Education Department has opened investigations into foreign funding at Georgetown University and Texas A&M University as part of a broader push to monitor international money flowing to American colleges.

NSA dares students to break the cyber code, and then recruits them (Federal News Network) NSA’s six-year-old program challenges students and others to solve a multi-step cybersecurity problem as a way to expose them to the type of work the agency and the government does.

Legislation, Policy, and Regulation

Broken Net Neutrality Laws Are On the Rise in Europe – So Are the Worries. (My TechDecisions) Concerns about net neutrality rules are on the rise while the European government works with telcos to develop new ones.

Congress Gives 'Hack Back' Legislation Another Try (Dark Reading) Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.

Who does what for DoD cyber? Congress wants to know (Fifth Domain) Cyber Command has pointed to recent successes for operating forces globally, but questions remain regarding how it uses forces.

Lawmakers grapple with deepfake threat at hearing (TheHill) The House Intelligence Committee heard alarming testimony Thursday that deepfake videos could be weaponized by foreign adversaries to sow divisions in the United States.

Litigation, Investigation, and Law Enforcement

Facebook Settles Class Action Claiming Company Inflated Video Viewership Metrics (The Hollywood Reporter) Facebook was alleged to have been knowingly overstating viewership by as much as 900 percent.

Senators Question FBI on Russian Hack of Voting Firm (SecurityWeek) Two U.S. senators asked the FBI on Wednesday to explain what it has done to investigate the suspected hack by Russian intelligence of a Florida-based voting software company before the 2016 election.

Suspected New Zealand mosque gunman pleads not guilty (Al Jazeera) Australian-born Brenton Tarrant denies guilt in killing of worshippers at two Christchurch mosques in March.

Julian Assange to appear in court after Javid signs US extradition request (Guardian) Home secretary opens way for court to consider whether Assange should be sent to US

Next step in Assange extradition case due in UK court on Friday (Reuters) WikiLeaks' founder Julian Assange is due before a London court on Friday, f...

Backpacker claims to find a network of hidden webcams in farm stay (Naked Security) In the bug repellent gizmo, in the shower, in the little birds glued to the footboard—all hiding webcams, alleges the Dutch backpacker.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cybertech Midwest 2019 (Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...

NetDiligence® Cyber Risk Summit (Philadelphia, Pennsylvania, USA, June 12 - 14, 2019) The NetDiligence® Cyber Risk Summit in Philadelphia is attended by more than 600 cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event,...

CyCon 2.0 Manassas Edition (Manassas, Virginia, USA, June 15, 2019) CyCon is touching down in Manassas with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies.

Hack in Paris 2019 (Paris, France, June 16 - 20, 2019) Intrusion attempts are more and more frequent and sophisticated, regardless of their target (state or corporation). In this context, international hacking events are multiplying. A few events took place...

Gartner Security & Risk Management Summit 2019 (National Harbor, Maryland, USA, June 17 - 20, 2019) Make sure you have the latest insights on fast-moving IT trends such as IoT and AI, evolving security technologies and the ever-changing threat landscape. At Gartner Security & Risk Management Summit 2019,...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.