skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Norway's Norsk Hydro, one of the world’s largest aluminum producers, suffered an "extensive cyber-attack" against its facilities around the world last night. The company said in a message to investors that "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible." According to Reuters, the Norwegian National Security Authority (NNSA) said the attack used a fairly new strain of ransomware called "LockerGoga." A spokesman for Hydro told the BBC that the company was able to continue production by reverting to manual methods, and that it has data backups to restore from as soon as the attack is neutralized. Currently, however, Hydro is still working with the NNSA to contain the attack and identify the extent of the damage. The company will hold a press conference shortly to share more information.

Palo Alto Networks' Unit 42 published a report yesterday on a new variant of the Mirai botnet malware. This version is using a total of 27 exploits, 11 of which are new. It's also targeting a wider range of devices, including WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs. Since these devices are meant for use in business environments, the researchers believe this new strain indicates "a potential shift to using Mirai to target enterprises." Enterprises provide "a large attack surface" and "access to greater bandwidth," allowing for more powerful DDoS attacks.

Homeland Security Secretary Kirstjen Nielsen said yesterday that emerging cyber threats are her top concern for the coming year.

Notes.

Today's issue includes events affecting Australia, Brazil, China, Democratic People's Republic of Korea, European Union, Germany, Mauritius, New Zealand, Norway, Rwanda, Singapore, United States.

Getting your head in the cloud is down-to-earth.

"Cloud computing” is fast becoming simply “computing.” Enterprises need cloud-style quality of service across their hybrid information and technology environments. Visit Coalfire and download the latest Gartner Report, “Predicts 2019: Increasing Reliance on Cloud Computing Transforms IT and Business Practices,” for insight into how cloud computing has grown from a delivery option to an all-encompassing strategy. Learn how businesses leverage the cloud for efficiency and innovation. Visit www.coalfire.com and download your copy today.

In today's podcast, out later this afternoon, we speak with our partners at SANS and the ISC Stormcast Podcast, as Johannes Ullrich discusses hardware security issues at the perimeter. Our guest is Nathan Burke from Axonius, winners of the 2019 RSAC Innovation Sandbox competition.

OSSEC Con2019 (Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.

Cyber Security Summits: April 2nd in Denver and in Philadelphia on April 25th (Denver, Colorado, United States, April 2 - 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Dell, Oracle, Darktrace, Verizon and more. Passes are limited, secure yours today: www.CyberSummitUSA.com

Global Cyber Innovation Summit (Baltimore, Maryland, United States, May 1 - 2, 2019) This unique, invitation-only forum brings together a preeminent group of leading Global 2000 CISO executives, cyber technology innovators, policy thought leaders, and members of the cyber investment community to catalyze the industry into creating more effective cyber defenses. Request an invitation today.

Cyber Attacks, Threats, and Vulnerabilities

Hacked tornado sirens taken offline in two Texas cities ahead of major storm (ZDNet) City officials took hacked tornado sirens offline ahead of major storm. Luckily, they weren't needed.

Attacking the internal network from the public Internet using a browser as a proxy (Forcepoint) Malicious actors are aware of these attacks, but defenders need to be informed as well. In addition to describing the technical details of the attacks, we will discuss means of detecting and protecting against them.

BEC Goes Mobile as Cybercriminals Turn to SMS (Agari) As employees become more aware of phishing scams, cybercriminals are changing tactics, using SMS instead of email to encourage victims to send gift cards.

New BAE Systems research reveals human error still major vulnerability in network security (IBS Intelligence) New BAE Systems research reveals human error still major vulnerability in network security

Hackers hit aluminum maker Hydro, knock some plants offline (Reuters) Norsk Hydro, one of the world's largest producers of aluminum, battled on T...

Aluminum producer switches to manual operations after 'extensive cyber-attack' (ZDNet) Norway's Norsk Hydro said a cyber-attack on late Monday night crippled its IT systems.

How hackers stole $20m from Bank of Mexico (Computing) Attacks on Bank of Mexico occurred in April 2018 with cash withdrawn from several banks across Mexico.

DHS Secretary Kirstjen Nielsen Warns That U.S. Is 'Not Prepared' for Cyberattacks From Foreign Countries (Townhall ) Department of Homeland Security Secretary Kirstjen Nielsen warned Monday that the United States is “not prepared” to handle cyberattacks from foreign countries and laid out some measures DHS was taking to respond to these threats.

Most antivirus apps do absolutely nothing (The Independent) Some of the Android apps in the Google Play store were so ineffective that they detected themselves as malware

Sprint customers say a glitch exposed other people’s account information (TechCrunch) Several Sprint customers have said they are seeing other customers’ personal information in their online accounts. One reader emailed TechCrunch with several screenshots describing the issue, warning that they could see other Sprint customers’ names and phone numbers. The reader said th…

ISIS Spokesman Ends Silence by Calling for Retaliation Over New Zealand Massacres (NYTimes) As his caliphate crumbles, the Islamic State spokesman, Abu Hassan al-Muhajir, issued a 44-minute speech mocking America’s claim of victory.

UN Report: N. Korea Targets Cryptocurrency Exchanges, Banks (BankInfoSecurity) North Korea's cybercrime capabilities have given the country the ability to flaunt international sanctions by allowing the regime to steal millions in currency not

London’s Tourist Hot Spots Suffer 100m+ Cyber-Attacks (Infosecurity Magazine) London’s Tourist Hot Spots Suffer 100m+ Cyber-Attacks. Kew Gardens tops the list in new FOI research

Threat actors using stolen email credentials to breach cloud accounts: Survey (CISO MAG) According to the research by enterprise security firm Proofpoint, hackers are using IMAP-based password spraying attacks to breach Microsoft Office 365 and G Suite accounts which are protected with multi-factor authentication.

Mirai offshoot offers 'greater firepower' for DDoS attacks, researchers warn (CyberScoop) A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded.

New Mirai Variant Targets Enterprise IoT Devices (SecurityWeek) A new variant of the Mirai botnet is targeting IoT devices specifically intended for businesses, potentially signaling a focus toward enterprise.

New Mirai malware variant targets signage TVs and presentation systems (ZDNet) Security researchers spot new Mirai botnet with an enhanced arsenal of IoT exploits.

Cryptojacking of businesses' cloud resources still going strong (Help Net Security) In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for "earning" money.

Ariana Grande file is 1 of 100+ ways attackers are exploiting WinRAR bug (SC Media) McAfee has observed 100+ exploits for a recently disclosed RCE bug in WinRAR, including one that uses a file containing bootlegged Ariana Grande music.

VMware security advisories issued (SC Media) VMware issued security advisories for VMware Workstation Pro/Player and VMware Horizon.

From MySpace to MyFreeDiskSpace: 12 years of music – 50m songs – blackholed amid mystery server move (Register) Vast storage savings...er, tragic loss attributed to a data migration gone awry

Here's What It's Like to Accidentally Expose the Data of 230M People (WIRED) The owner of Exactis, a 10-person firm that exposed a database including nearly every American, tells the story of his company's downfall.

This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked (Register) If you have an LX901, you are at risk of mild embuggerance

Lone staffer killed our shields, claims etailer Gearbest after infosec bods peep at user deets (Register) Whether it's 1.5m or 280k exposed, it's not a great look

AMD Believes SPOILER Vulnerability Does Not Impact Its Processors (BleepingComputer) AMD thinks that its processors are not impacted by the new SPOILER vulnerability that uses speculative execution to improve the efficiency of memory and cache attacks such as Rowhammer.

JNEC.a Ransomware Spread by WinRAR Ace Exploit (BleepingComputer) A new ransomware called JNEC.a spreads through an exploit for the recently reported code execution ACE vulnerability in WinRAR. After encrypting a computer, it will generate a Gmail address that victims need to create in order to receive the file decryption key once they pay the ransom.

Email scammers stole more than $150K from defense contractors and a university, FBI says (CyberScoop) Cybercriminals defrauded two defense contractors and a university out of more than $150,000 through email scams last year, the FBI has warned companies.

Vendor Compromises Data of 808,000 Singapore Blood Donors (HealthITSecurity) SIngapore is dealing with yet another privacy breach of its citizens, after its HSA vendor left the personal data of 808,000 blood donors exposed online on an unsecured database for about two months.

Vendor Exposes Singapore Health Blood Donor Data (Infosecurity Magazine) Human error leaves data of more than 800,000 blood donors exposed.

Bad cup of Java leaves nasty taste in IBM Watson's 'AI' mouth: Five security bugs to splat in analytics gear (Register) Worst brew than that time El Reg went on a road trip and stopped at a Denny's

'Shameless' Scammers Seek to Cash in on Christchurch Massacre (SecurityWeek) Scammers are trying to cash in on the Christchurch mosque massacres, using phishing emails with links to fake bank accounts to ensnare people keen to donate, New Zealand's cyber security body said Monday.

Vulnerability Summary for the Week of March 11, 2019 (US-CERT) The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 

Is it still a good idea to publish proof-of-concept code for zero-days? (ZDNet) Time and time again, the publication of PoC code for zero-days and recently patched security bugs often helps hackers more than end-users.

EU gov’t and public health sites are lousy with adtech, study finds (TechCrunch) A study of tracking cookies running on government and public sector health websites in the European Union has found commercial adtech to be operating pervasively even in what should be core not-for-profit corners of the Internet. The researchers used searches including queries related to HIV, menta…

Public disgrace: 82% of EU govt websites stalked by Google adtech cookies – report (Register) Plus: UK health service sites contain commercial trackers

Security Patches, Mitigations, and Software Updates

IBM: Patch these critical Java, OpenJ9 Java bugs in Watson, analytics products (ZDNet) IBM warns Watson AI customers to check product versions after releasing new updates that address critical flaws.

Intel releases patches for code execution vulnerabilities (Naked Security) Intel released patches last week, fixing a range of vulnerabilities that could allow attackers to execute code on affected devices.

Microsoft bows to Chrome, Firefox, with security tweak (CRN Australia) Edge to take over when Chrome, Firefox see web nasties.

Google, Microsoft work together for a year to figure out new type of Windows flaw (Ars Technica) Researcher finds building blocks for privilege escalation: Can they be assembled to create a flaw?

Cyber Trends

Intel releases patches for code execution vulnerabilities (Naked Security) Intel released patches last week, fixing a range of vulnerabilities that could allow attackers to execute code on affected devices.

G Suite admins can now disallow SMS and voice authentication (Naked Security) Users of G Suite may find that the option to authenticate themselves via SMS or voice call has suddenly disappeared.

Marketplace

Votiro Announces Strategic Alliance and Distribution Agreement with Ingram Micro Inc. (Business Wire) Votiro announces a strategic alliance and distribution agreement with Ingram Micro, Inc., to help expand Votiro's market reach across North America.

Desperate to get through to execs, some cybersecurity vendors are resorting to lies and blackmail (CNBC) Aggressive sales tactics can make it harder for overworked cybersecurity execs to find and stop real threats.

Mauritius Cyber Security Firm Opens Rwanda Subsidiary (KT PRESS) A Mauritius cyber security company has launched operations in Rwanda with intent to help cut down on cyber security threats across Insurance Companies and Financial Institutions. The tech company - Secure Services Mauritius will initially invest  $500,000 (about Rwf450million) - following its ent

Akamai cuts 140 jobs as it seeks to boost security business (The Boston Globe) Akamai said less than 30 of the positions were in Massachusetts, where it has offices in Cambridge and Westford.

Google seeking to promote rivals to stave off EU antitrust action (Reuters) Google is trying to boost price comparison rivals such as Kelkoo in an effort to appease European Union antitrust regulators and ward off fresh fines following a 2.4-billion-euro ($2.7 billion) penalty nearly two years ago.

Explainer: Germany, at last, launches 5G spectrum auction (Reuters) Germany begins an auction of spectrum for next-generation 5G mobile networks on Tuesday, the outcome of which will play a decisive role in determining whether Europe’s largest economy remains competitive in the digital age.

Facebook plans more fact-checking ahead of European Parliament Election (Reuters) Facebook plans to ramp up efforts to fight misinformation ahead of the European Parliament election in May and will partner with German news agency DPA to boost its fact-checking, a senior executive said on Monday.

Dragos acquires NexDefense to bolster ICS defense capability (SC Media) Dragos has acquired the industrial control system (ICS) visibility technology firm NexDefense and has announced the availability of a suite of tools for companies to assess their ICS security.

MAVA Welcomes, Spotlights Public Companies (Mid-Atlantic Venture Association) Tenable and Yext to be featured at April 11th’s Spring C-Suite Summit.

Google’s terrible, horrible, no good, very bad fortnight (CRN Australia) It's not just Gmail that's wobbled lately, and the problems have been self-inflicted.

CBA assures itself of LandMark White's post-breach infosec (iTnews) First lender to reinstate valuation firm.

Talent Gap: Self-Inflicted Wound? (Forbes) Is the massive talent gap in security actually self-inflicted? Can we close it by changing what and how we design tools and organizations to enable us to recruit, hire and retain differently? It's time to participate in our own rescue and stop whining that there aren't enough people to fill the SOC.

Products, Services, and Solutions

WhiteHat Sentinel Source Standard and Essential Editions Receive Highest OWASP Benchmark Accuracy Ratings of All Submitted SAST Solutions (Business Wire) WhiteHat Security, the leading application security provider committed to securing digital business, today announced that both WhiteHat Sentinel Sourc

SK Telecom to apply quantum cryptographic technology to 5G network (Pulse News) South Korea’s leading mobile carrier SK Telecom Co. will apply quantum cryptography technology, considered as the most complex and safe data security technology, to its 5G network system to ensure dominance in Korea’s wireless market which makes generational shift to 5G for the first time in the world in the first half.

CyberSec First Responder (CFR) Free Training (Phoenix TS) See if the CyberSec First Responder training course and certification are the right fit for you by enrolling in our free 4-hour sample course. This course is available for one day only (Thursday March 21, 2019) in person in Columbia, MD or Live Online

Offensive Security Makes Advanced Web Attacks and Exploitation Training Course Available Online (AP NEWS) Offensive Security, the leading provider of online hands-on training and certification for information security professionals, today announced that the company’s popular Advanced Web Attacks and Exploitation (AWAE) training class is now available as an online course.

DFLabs and CyberGate Join Forces to Deliver SOAR in Middle East (DFLabs) DFLabs announced CyberGate, based in Abu Dhabi, United Arab Emirates, as its first managed security services provider (MSSP) partner in the Middle East.

Slack launches Enterprise Key Management, a tool that gives admins control over encryption keys (ZDNet) With EKM, businesses gain control over the encryption keys used to encrypt the files and messages within their Slack workspace.

Android Q will come with improved privacy protections (Help Net Security) Android Q, the newest iteration of Google's popular mobile OS, will feature a number of changes whose aim is to help protect users' privacy.

Google Gives Users More Choice with Location-Tracking Apps (Threatpost) Developers will have a new option to for Android apps to track location only when in use.

New HTTPS Interception Tools Available from Cloudflare (BleepingComputer) Cloudfare announced the release of two new tools designed to make it simpler to check if TLS connections to a website have been intercepted, to detect vulnerable clients and potentially notify them when their security is compromised or degraded.

Secure Decisions Demonstrates Newest Software Penetration Testing Technology at Department of Homeland Security Cybersecurity Showcase (Globe Newswire) Secure Decisions, a division of Applied Visions, Inc. and a leader in cybersecurity research, will be participating in the 2019 S&T Cybersecurity and Innovation Showcase hosted by the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate, March 18-20, 2019 in Washington, D.C.

Code Dx Selected as Success Story at the Department of Homeland Security’s Cybersecurity and Innovation Showcase (Globe Newswire) Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities, today announced it will be spotlighted as a top success story at the 2019 S&T Cybersecurity and Innovation Showcase hosted by the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate. Code Dx Enterprise, the company’s flagship product, grew out of the research funded by the DHS S&T to help secure the nation’s software supply chain from attack.

Technologies, Techniques, and Standards

Build defenses against cyber-attacks through public-private cooperation (The Japan News) It is necessary to protect social and economic systems from serious cyber-attack threats. The government must expedite arrangements to do so.

If you're still not using a password manager and VPN app, you're officially out of excuses (Futurism) 92 percent of U.S. adults have engaged in risky data security behavior in the past year.

UK code breakers drop Bombe, Enigma and Typex simulators onto the web for all to try (Register) You have to run GCHQ code? Nice try, spy guys

Why Phone Numbers Stink As Identity Proof (KrebsOnSecurity) Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Just One Third of UK’s Small Firms Have Security Strategy (Infosecurity Magazine) New study aims to raise SMB awareness this week

Being Unprepared is Not an Option (Security Today) What does the future hold for audit and compliance?

Design and Innovation

The People Trying to Make Internet Recommendations Less Toxic (WIRED) Recommendation algorithms on sites like Facebook and YouTube can send users down rabbit holes, spread falsehoods, and foster conspiracy theories.

Academia

Northrop Grumman Celebrates Successful Pilot of Australian CyberTaipan Competition (Northrop Grumman Newsroom) CANBERRA, Australia – March 19, 2019 – Northrop Grumman Corporation (NYSE: NOC) has concluded the first year of CyberTaipan with the 2018-19 National Finals held in Canberra on March 16. Launched in June 2018, the competition is a fun way to spark youth...

Legislation, Policy, and Regulation

China rejects 'abnormal' U.S. spying concerns as EU pushes trade (Reuters) China dismissed U.S. security warnings against its telecoms equipment maker Huaw...

U.S. warns Brazil about Huawei and 5G in talks: senior U.S. official (Reuters) U.S. officials have warned their Brazilian counterparts of their security concer...

DHS supply chain task force tees up plans (FCW) The co-chair of the task force laid out five work streams that will steer larger efforts around securing the technology supply chain.

The Honorable Kirstjen M. Nielsen – State of Homeland Security Address (YouTube) Auburn University’s Center for Cyber and Homeland Security (CCHS) hosts a discussion on the State of Homeland Security, featuring the Secretary of Homeland Security, The Honorable Kirstjen M. Nielsen.

DHS pushes new cyber hiring authorities (FCW) The department's budget requests $11.4 million to complete a new Cyber Talent Management System to hire and pay security workers based on their ability, not qualifications.

DoD requests almost $23B for key intel account (Defense News) The Pentagon wants to increase its secretive black budget for intelligence programs for a fifth straight year.

This is why Putin made a provocative visit to Crimea (Navy Times) On Monday, NATO and the European Union reaffirmed their strong condemnation of Russia's land grab.

Venezuelan opposition seizes control of U.S. offices (UPI) Representatives of Venezuelan opposition leader Juan Guaido have seized control of three diplomatic properties in New York and Washington Monday.

Tech giants will have to be regulated in future: EU's Timmermans (Reuters) The European Union and authorities around the world will have to regulate big technology and social media companies at some stage to protect citizens, the deputy head of the European Commission said on Monday.

Australia's Intelligence Agency Publishes its Vulnerability Disclosure Process (SecurityWeek) The Australian Signals Directorate (ASD), has joined NSA and GCHQ in publishing an account of its vulnerabilities disclosure process. All three agencies are part of the Five Eyes western intelligence alliance.

How a simple tweet opened frustration floodgates over security clearances (Federal News Network) Lawmakers introduced legislation to publish standards for granting, denying or revoking security clearances.

White House Requests More Than $17.4 Billion for Federal Cyber Efforts (Nextgov.com) Under the president’s 2020 budget proposal, the Pentagon’s cyber coffers would grow while funds for some civilian agencies dry up.

Cybersecurity Funding (The White House) The President’s Budget includes an estimated $17.4 Billion which supports the protection of Federal information systems and our nation’s most valuable information including the personal information of the American public.

Privacy Regulations Needed for Next-Gen Cars (Threatpost) With wide deployment expected in the next decade, the driverless automobile landscape looks fraught – from road safety to data protection.

Litigation, Investigation, and Law Enforcement

JPMorgan Hack Suspect Is Helping the U.S. Here's What He May Offer (Bloomberg) Shalon could be guide to Russian hacking, money laundering.

As Trump escalates rhetoric, Iran's wartime preparations include terrorist attacks and assassinations (Yahoo News) The Trump administration seems oblivious to the potential Iranian response to U.S. military action, warn multiple former officials. And yet Iran has been telegraphing its intentions — including its capacity and willingness to use terror — if a war takes place.

Mt Gox Crypto Boss Escapes Jail (Infosecurity Magazine) Mt Gox Crypto Boss Escapes Jail. Karpeles given 2.5 year sentence, suspended for four years

Law enforcement agencies across the EU prepare for major cross-border cyber-attacks (Europol) The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises1.

New EU Protocol Preps for X Border Cyber Attacks (Infosecurity Magazine) EU law enforcement establishes protocol to prepare for and respond to cross-border cyber threats.

The Dark Web Enabled the Christchurch Killer (Foreign Policy) The attack in New Zealand was inspired in part by the Norwegian mass murderer Anders Behring Breivik, but the real threat is lone wolves lurking…

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

2019 S&T Cybersecurity and Innovation Showcase (Washington, DC, USA, March 18 - 20, 2019) The 2019 S&T Cybersecurity and Innovation Showcase is a unique event for the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to introduce its funded research projects to...

The Future of Quantum Computing, Quantum Cryptography and Quantum Sensors (Boston, Massachussetts, USA, March 19 - 21, 2019) This must-attend summit offers comprehensive insights into the commercial future of all areas of quantum technology presenting the opportunities available today and future applications in business and...

OSSEC Open Source Security Conference (Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...

KNOW 2019 (Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.