skip navigation

More signal. Less noise.

Insider's Guide to Incident Response!

Gain helpful tips from industry experts. Get all 5 chapters of the insider's Guide to Incident Response in 1 eBook! Download your free copy today!

Daily briefing.

RSA Conference 2019

RSAC 2019 is wrapping up today, and we finish our coverage with a few observations on the conference.

This year the underlying assumption of most of the discussions we've heard has been that security is increasingly focused on the cloud, and on the application layer. And, of course, one of the themes is the enduring importance of sound digital hygiene.

Listening to senior US Government participants in RSAC, it's clear that the US has come to view China, and not Russia, as the nation's most serious rival in cyberspace. Decades of mutually beneficial engagement in trade seem to have run their course, and the two countries have moved into a period of enduring competition.

And the inherent unpredictability of innovation will challenge strategists who wish to prepare for 5G.

Research from Recorded Future presents details on China's social media influence operations targeted at the West. The operations differ from Russia's influence campaigns based on the countries' different national goals. Russia's operations are primarily "disruptive and destabilizing," while China's are "largely positive and coordinated." Chinese information operations are meant, researchers say, to present an "overwhelmingly positive, benign, and cooperative image of China" to Western users. These campaigns don't show a large-scale interest in swaying foreign elections; rather, they focus on changing opinions about policies that are disadvantageous to China's goals. The researchers found that just two Chinese influence profiles on Instagram "reached a level of audience engagement roughly one-sixth as large as the entire Russian IRA-associated campaign targeting the United States on Instagram."

The Washington Times claims that the United States has begun conducting counter-cyberattacks against China in retaliation for Chinese cyberespionage. The US hacks are likely targeting trade secrets related to Chinese missile technology.

Amnesty International says the Egyptian government is responsible for a wave of spear phishing attacks that targeted activists within the country, ZDNet notes. Government-backed attackers created third-party apps to launch OAuth phishing attacks against victims' Gmail accounts. They also targeted Yahoo, Outlook and Hotmail users. The list of targeted individuals had "significant overlaps" with those targeted in a 2017 campaign which was also linked to Egyptian state-sponsored actors.

Security researchers found more than 808 million email records in an internet-connected MongoDB instance without a password. Millions of the records included sensitive personal information as well.

Notes.

Today's edition of the CyberWire reports events affecting Australia, Canada, China, Egypt, Germany, Hungary, Italy, Romania, United Kingdom, United States.

What if you could augment your security team by adding zero staff?

Cylance’s industry-leading security experts analyze your cybersecurity requirements and design solutions that meet and often far exceed objectives. Cylance secures our clients quickly using years of hard-won expertise, and world class artificial intelligence. Let Cylance help you achieve a state of ThreatZero, bolster your organization’s security posture, and zero in on what really matters.

In today's podcast, up later this afternoon, we hear from our partners at  the University of Maryland's Center for Health and Homeland Security, as Ben Yelin discusses a PA supreme court ruling on protection of employee’s personal information. Our guest is Scott Shackelford from Indiana University on the Paris call for trust and security.

XM Cyber is coming to RSA (San Francisco, California, United States, March 4 - 8, 2019) Visit XM Cyber at the Innovation City, Booth IC2233, to experience the first fully automated APT simulation platform to Simulate, validate and remediate every hacker’s path to organizational critical assets.

OSSEC Con2019 (Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.

Dateline RSAC 2019

RSAC 2019: International cyber conflict (The CyberWire) Nation-state threats, cooperative security, and persistent engagement.

RSAC 2019: Security and the unforeseeable consequences of technological advance (The CyberWire) Technological advance enables further innovation, and the consequences of such advance and the nature of the innovations that it makes possible are imperfectly predictable at best. 5G will provide an opportunity for governments and enterprises to think through security under conditions of uncertainty.

RSAC 2019: A look at the presentation of innovation. (The CyberWire) The annual Innovation Sandbox, the inaugural Launch Pad, and a walk through the Early Stage Expo.

Machine Learning Can Use Tweets to Spot Critical Security Flaws (WIRED) Researchers built an AI engine that uses tweets to predict the severity of software vulnerabilities with 86 percent accuracy.

Growing mobile cybersecurity incidents spur plans for increased security investment (Help Net Security) 1 in 10 RSA attendees report that their organization has experienced a mobile cybersecurity incident or breach in the past 12 months.

Scammer Gang Takes Aim at Boy Scouts, Salvation Army Nonprofts (Threatpost) A scammer ring, dubbed Scarlet Widow, has targeted nonprofits, schools and universities with an array of business email compromise (BEC) attacks over the past few months.

Tripwire Survey: 80 Percent of Security Professionals Say Skilled Workers are More Difficult to Find (Tripwire) Security teams are understaffed as cybersecurity skills gap worsens

Venafi Business Momentum Accelerates in 2018 (BusinessWire) Security leader increased subscription revenues over 50% while customer renewal rates remained above 95%

Awake Security introduces Ava, a privacy-aware security expert system (Help Net Security) Awake Security unveiled several new capabilities to its platform, including Ava, the world’s first privacy-aware security expert system.

Photo gallery: RSA Conference 2019 Expo, part four (Help Net Security) RSA Conference 2019 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Here

Cyber Attacks, Threats, and Vulnerabilities

Facebook finds UK-based fake news network (BBC News) Facebook removes more than 130 "inauthentic" accounts, pages and groups operated from the UK.

Analysis | The Cybersecurity 202: DNC security chief preaches basic security for 2020 campaigns (Washington Post) Bob Lord wants more security protections to be automatic.

Google Play Pulls MetaMask Crypto Malware After A Tip From A Cyber security Firm (BlockPublisher) Scams and fraudulent practices are a part of every business and industry. Now, according to cyber security firm Eset, for the first time, Google Play became a victim due to a sneaky malware that po…

Proper news, or propaganda? China’s social media manipulations exposed (The Daily Swig) A new study takes a deep dive into the extent of China’s disinformation campaigns

U.S. counters China cyberattacks (The Washington Times) American intelligence and military cyberwarriors have begun conducting counter-cyberattacks against Chinese intelligence and military targets, according to a U.S. official.

Tricks and COMfoolery: How Ursnif Evades Detection (Security Boulevard) Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of delivery servers means detection tools are left in the dark In February we The post Tricks and COMfoolery: How Ursnif Evades Detection appeared first on Bromium.

Attack Campaign Using Fake Browser Updates to Deliver Ransomware and Banking Malware (Security Intelligence) Researchers observed an attack campaign distributing fake browser updates to infect website visitors with ransomware and banking malware.

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack (Imperva) A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel attack I named “Cross-Site Frame Leakage,” or CSFL …

Investment scam targets Instagram users (Hanahan Herald) Victims aged in their 20s have each lost an average of £8,900 after falling for investment scams that appear on image-sharing platform Instagram.

Hackers can get into Macs with sneaky tricks, Crowdstrike experts say (CNET) The cybersecurity company says it's seen hackers get deep access into the Macs of regular users.

In the cyber break-in stakes, the champion is Russia (The Economist) Russian computer hackers are seven times faster than North Koreans

Hackers Exploit Critical Flaws In Car Alarm Apps - What Drivers Need To Know (Forbes) Security researchers put smart car alarms and their accompanying apps to the test and found them wanting. Everything from stopping the engine, immobilizing the vehicle and even snooping on in-car conversations was possible. Here's what you need to do...

Fake Paychex Tax verification documents delivers Trickbot (My Online Security) There are still using this new version of the Trickbot delivery system where Bitsadmin is used to download the payload in small sections to a victims computer where it is all joined together to make 1…

Study Finds Rampant Sale of SSL/TLS Certificates on Dark Web (SecurityWeek) SSL/TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi.

Egypt government used Gmail third-party apps to phish activists (ZDNet) Cairo government targeted local human rights defenders, media, and civil society organizations' staff.

A “serious” Windows zeroday is being actively exploited in the wild (Ars Technica) Unpatched flaw used in combination with Chrome exploit doesn't work against Win 10.

Monero cryptominers hijack hundreds of unpatched Docker hosts (Naked Security) A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers.

Backdoored GitHub accounts spewed secret sneakerbot software (Naked Security) Researchers have uncovered a network of GitHub accounts containing backdoored versions of legitimate software.

The Supreme Backdoor Factory (DFIR.it) Recently I was playing with VirusTotal Intelligence and while testing some dynamic behavior queries I stumbled upon this strange PE binary (MD5: …

Ultrasounds Lack Ultra Security, Research Shows (Infosecurity Magazine) Check Point researchers gain full-range access to an ultrasound's database of images.

800+ Million Emails Leaked Online by Email Verification Service (Security Discovery) Our Biggest Data Breach Discovery of 2019 a massive 800 million emails leaked online. This data breach uncovered how an email verification service uses spam

MongoDB Privacy Error Leaks 808m Records (Infosecurity Magazine) MongoDB Privacy Error Leaks 808m Records. Email validation service stored records in plain text with no password protection

809 million records exposed by email marketing giant (ZDNet) All you needed to access the records’ database was an Internet connection.

How to hack a smartcard to gain privileged access (CSO Online) Using smartcards in a Microsoft Active Directory environment makes them vulnerable to this privilege escalation attack.

Zero-day Chrome/Windows combo actively exploited in the wild (Help Net Security) Google Chrome zero-day (CVE-2019-5786) is being actively exploited in conjunction with a privilege escalation zero-day in Windows.

Windows Servers in danger of being compromised via WDS bug (Help Net Security) Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2.

IoT devices using CoAP increasingly used in DDoS attacks (Help Net Security) IoT devices using the Constrained Application Protocol (CoAP) represent a growing part of global Distributed Denial of Service (DDoS) weapon arsenals.

Breaches and Leaks Soared 424% in 2018 (Infosecurity Magazine) Breaches and Leaks Soared 424% in 2018. 4iQ data finds hackers are targeting smaller companies in greater numbers

Security Patches, Mitigations, and Software Updates

Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug (BleepingComputer) Google recommends users of Windows 7 to give it up and move to Microsoft's latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild.

Disclosing vulnerabilities to protect users across platforms (Google Online Security Blog) Posted by Clement Lecigne, Threat Analysis Group On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-...

Users of Cisco switches, security appliances need to get patching (Help Net Security) Administrators of Cisco switches, firewalls, and security appliances are advised to take a look at the latest collection of security advisories.

Cyber Trends

'High-risk' GAO report highlights security clearance, census, cybersecurity concerns (ABC News) Security clearances, the 2020 census and national cybersecurity are just some of the issues the GAO flagged in its biennial high-risk report Wednesday.

Human error still a major security risk says new BAE report (TechRadar) Cybercriminals continue to prey on human nature

Organizations Not Positioned for Success in Tackling Cyber Demands: Deloitte (SecurityWeek) Organizations are tackling various aspects of security, such as data, application, identity, infrastructure and response, but are not doing well in aligning cyber initiatives to executive management's digital transformation priorities.

Growing mobile cybersecurity incidents spur plans for increased security investment (Help Net Security) 1 in 10 RSA attendees report that their organization has experienced a mobile cybersecurity incident or breach in the past 12 months.

2018 Cybercrime Report (Threatmetrix) News has recently emerged of the first machine learning generated fingerprints.

The Challenge of Change: IT in Transition (Insight | Datalink | IDG) In this survey we seek to understand where enterprises are with respect to their IT transformation journey.

How are execs tackling cyber risk that comes with digital transformation? (Help Net Security) As organizations embrace digital transformation, simplifying technology infrastructure and outsourcing workload, they are also expanding their cyber risk.

For enterprises, malware is the most expensive type of attack (Help Net Security) The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for 1/3 of all cyberattack costs.

Marketplace

As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits (Motherboard) Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000.

Facebook says it will dramatically improve privacy. But it hasn’t fully delivered on past promises. (Washington Post) What Facebook's new vision for private communication means for its global business.

Facebook's reputation takes a hit in new survey (Axios) Its drop in the Axios-Harris Poll 100 is in a class of its own.

AT&T joins cyber security group co-founded by Singtel (The Straits Times) American telecoms giant AT&T has joined a global cyber security alliance co-founded by Singtel.. Read more at straitstimes.com.

CenturyLink Threat Research Reemerges as Black Lotus Labs (SDxCentral) CenturyLink renamed its Threat Research Labs as Black Lotus Labs and shared new research about the Necurs botnet.

Cybersecurity firm Uniguest acquires Touchtown (CISO Magazine) Nashville-based Uniguest, a cybersecurity specialist in public space technology, recently acquired Touchtown, the living community engagement technology provider based outside of Pittsburgh.

U.S. Navy awards Leidos contract to provide cyber mission engineering services U.S. Navy Awards Leidos contract to provide cyber mission engineering services (CISO Magazine) Technology firm Leidos, has been awarded a $962 million contract by the U.S. Navy’s Space and Naval Warfare Systems Center (SPAWARSYSCEN) Atlantic to provide engineering and information warfare services for cyber missions.

Transcript leak: Inside Facebook's secret crisis meeting, where Zuck and Sheryl race to save social network's rep (Register) Privacy, encryption, vaccines, fake news, er, Messenger themes, uh, emojis?

Mark Zuckerberg on Facebook's Future and What Scares Him Most (WIRED) The Facebook CEO chatted with WIRED's editor in chief about building a "privacy-focused" social network and the trade-offs he’ll need to make.

Cisco reboots: Can a Silicon Valley tech giant make the switch from hardware to software? (Silicon Valley Business Journal) One of Silicon Valley’s largest legacy companies is shifting its business model, and restructuring its staff and products. How will its multibillion-dollar bet work out?

Products, Services, and Solutions

BioCatch patents touchscreen pressure measuring method to extend behavioral biometric innovation (Biometric Update) BioCatch has patented a series of methods for determining or estimating the amount of force applied by a user to the touchscreen of an electronic device, which the company says will enable it to ex…

Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test Report (AP NEWS) John Maddison, executive vice president of products and solutions, Fortinet “Endpoint devices and applications play an increasingly important role in business and networking strategies

Researchers create system that predicts vulnerability severity from tweets (Help Net Security) Can users’ opinions about threat severity expressed online provide an early indicator to help prioritize threats based on their severity?

General Dynamics Mission Systems Partners with Vera to Deliver Next-Generation Enterprise Digital Rights Management (PR Newswire) Responding to the increasing need to protect documents inside and outside of the enterprise, General Dynamics...

Fidelis Cybersecurity Launches Threat Research Service to Provide Customers with Finished Intelligence and Tailored Countermeasures (BusinessWire) Fidelis Cybersecurity, a leading provider of threat detection, threat hunting, and response solutions, today announced the launch of Threat Research a

Fidelis Cybersecurity Delivers Major Innovations to Provide Full Visibility of the Cyber Terrain to Detect, Hunt and Respond to Advanced Threats (BusinessWire) Fidelis Cybersecurity, a leading provider of threat detection, threat hunting, and response solutions, today announced the latest release of the Fidel

RSA extends SIEM capabilities with expanded analytics, threat aware authentication (Help Net Security) RSA unveiled the newest version of its SIEM, RSA NetWitness Platform, which features machine learning models based on deep endpoint observations.

DFLabs introduces SOAR platform optimized for MSSPs and MDR providers (Help Net Security) DFLabs announced a new version of its DFLabs IncMan SOAR platform tailored for the needs of MSSPs and MDR service providers.

Technologies, Techniques, and Standards

Denver to test blockchain voting in mayoral election (StateScoop) The city’s deployed military and overseas voters will be offered the ability to use Voatz, the mobile-voting app that was tested in 2018 by West Virginia.

How to Fight Disinformation While Preserving Free Speech (Atlantic Council) There are solutions “within the framework of our traditions of freedom of speech and free expression” to counter the spread of disinformation online, Daniel Fried, a distinguished fellow at the Atlantic Council, said at the Council’s Disinfo Week...

How Do You Defeat Disinformation? Tackle Demand, Not Just Supply (Atlantic Council) “Disinformation is a cause of democratic deterioration, but it is also a symptom of a much deeper disease affecting liberal democratic society,” according to Ana Palacio, a former Spanish minister of foreign affairs. Comparing the fight against...

Cryptography techniques must keep pace with threats, experts warn (SearchSecurity) Cryptography techniques are effective for protecting personal data, but maintaining the integrity of encrypted data and ensuring encryption is used wherever necessary remain challenges for experts in the field, who discussed these and other challenges at RSAC 2019.

Businesses Go Passwordless into Cloud Security (Infosecurity Magazine) Gartner looks at 2019's top security and risk trends.

Europe’s Open Source Bug Bounty: A Wrong Start (Infosecurity Magazine) Is Europe's bug bounty for open source projects a step forward or back?

Does the Internet Have an Off Switch? (Network Intelligence Blog | ThousandEyes) Russia is planning an experiment to disconnect from the global Internet to test its independence. What can we expect?

Design and Innovation

‘Alexa, Can You Be Empathetic, All-Knowing and Funny?’ (WSJ) Rohit Prasad, head scientist of Amazon’s Alexa, on the quest for omnipresent, human-sounding AI assistants.

Academia

University of Colorado Boulder cybersecurity program nets attention of secretary of state (Longmont Times-Call) As Colorado becomes one of the county's leading technology hubs, the number of cybersecurity jobs is skyrocketing.

Legislation, Policy, and Regulation

Italy rebuffs U.S.calls to bypass Chinese firms like ZTE, Huawei in ramp-up to 5G (MarketWatch) Italian officials on Thursday downplayed calls from U.S. counterparts to stop working with Chinese companies on next-generation “5G” wireless networks, saying they need to make sure they avoid missteps that would harm their economy or national security.

Cyber group calls for coordinated vulnerability disclosure policies (FCW) A group led by a former top federal cybersecurity official is seeking to make policies that enable outside researchers to work with organizations to find and mitigate IT flaws 'standard' in the public and private sectors.

Russia Passes Bill That Outlaws Disrespecting Russian Officials Online (BleepingComputer) The Russian State Duma passed a new and controversial bill which allows the authorities to jail people who disrespect the government and state officials online.

Huawei restrictions are warranted despite no clear 'smoking gun' (TheHill) Chinese companies carry an unavoidable risk because of their inherent connections to the Chinese government.

No 'smoking gun' evidence coming on Huawei, NSA official says (CyberScoop) Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.”

Treasury rejects privacy and ambiguity concerns over Consumer Data Right (ZDNet) The Australian government department responsible for the Consumer Data Right says there is sufficient consideration given to privacy and that the legislation isn't being rushed through.

GDPR: Still Plenty of Lessons to Learn (BankInfoSecurity) Nearly 10 months after the beginning of enforcement of the EU’s GDPR privacy regulation, organizations around the world are still learning plenty of compliance

Germany does not want to ban Huawei from 5G networks: minister (Reuters) Germany does not want to ban Chinese telecoms equipment maker Huawei Technologie...

Tech security at Equifax was so diabolical, senators want to pass US laws making its incompetence illegal (Register) Now Homeland Security committee sticks the boot in

Background Investigations Tech Team Reassigned from DISA to Defense Security Service (Nextgov.com) By mid-summer, the National Background Investigations Service technical team will be under a new office as part of major shifts in the security clearance process.

New FBI Director, Same Message on Encryption (PCMAG) FBI Director Christopher Wray reiterates that law enforcement should have access to encrypted data, but acknowledges that privacy advocates are not trying to weaken national security.

Pentagon’s Cyber Mission Force Needs Better Training Plan (Nextgov.com) A government watchdog found flaws in the Defense Department’s transition from building its Cyber Mission Force to maintaining it.

Litigation, Investigation, and Law Enforcement

Senate Report Highlights Equifax ‘Neglect’ Before Data Breach (1) (Bloomberg Law) Equifax Inc.’s years-long failure to prioritize cybersecurity left the company vulnerable to a data breach that exposed more than 145 million Americans’ personal information, a Senate subcommittee said in a bipartisan staff report.

Snap is going to be grilled by lawmakers following the horrific case of a murder victim's family being taunted over Snapchat (Business Insider) The family of Breck Bednar, a 14-year old murdered in 2014, received taunting messages on Snapchat purporting to be from his killer.

Victorian man arrested in connection to cryptocurrency-related drug syndicate (ZDNet) The 27 year-old has been charged with drug importation offenses, allegedly aided through the use of the 'dark net' and funded in part by cryptocurrency.

Man Admits to Hacking Minnesota Databases Over Cop Acquittal (SecurityWeek) A Minnesota man admitted that he hacked into state government databases in 2017 as an act of retaliation after the acquittal of an officer who fatally shot Philando Castile during a 2016 traffic stop

Hungarian Judge OKs Extradition of Portuguese Hacker (SecurityWeek) A Portuguese man linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case will be extradited to his home country, a Hungarian court has ruled.

Explainer: Huawei faces slim odds in new U.S. court fight (Reuters) Huawei Technologies Co Ltd has opened up a new front in its battle with the U.S....

Australia watchdog suspends two cryptocurrency exchanges for drug... (Reuters) Australia's anti-money laundering watchdog said on Friday it had suspended ...

No 'silent lambs': China supports Huawei's bid for U.S. legal redress (Reuters) The Chinese government's top diplomat, State Councilor Wang Yi, said on Fri...

IT guy at US govt fraud watchdog stole 16 computers from... US govt fraud watchdog (Register) How agents tracked down half-inched Surface Pro slabtops to eBay store

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

RSA 2019 (San Francisco, California, USA, March 4 - 8, 2019) This year’s theme is, to put it simply, Better. Which means working hard to find better solutions. Making better connections with peers from around the world. And keeping the digital world safe so everyone...

U.S. Commercial Service at RSAC2019 (San Francisco, California, USA, March 4 - 8, 2019) In partnership with RSA Conference 2019, we at the U.S. Department of Commerce are excited to offer U.S. exhibitors at RSAC 2019 services to assist in entering or increasing their presence in international...

CyCon 2.0 (Loudon, Virginia, USA, March 9, 2019) CyCon - cyber for the community is back with a full lineup of experts in the field of Cybersecurity to present on current topics or demo bleeding edge technologies to include the deep and dark web, securing...

PCI Security Standards Council 2019 India Forum (New Delhi, India, March 13, 2019) You’re invited to a day of networking opportunities and educational sessions as the PCI Security Standards Council holds its first ever India Forum in New Delhi, India. You won’t want to miss our engaging...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.